Scribd
Upload
14 views

Lecture 7

This document discusses various database concepts including flat file databases, CSV files, relational databases, SQL, CRUD operations, data types, keys, joins, indexes, race conditions, transactions, and SQL injection attacks. It provides SQL examples for creating tables, importing data, queries, updates, deletes, transactions, and preventing SQL injection.

Uploaded by

Sheikx Sami
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

Lecture 7

This document discusses various database concepts including flat file databases, CSV files, relational databases, SQL, CRUD operations, data types, keys, joins, indexes, race conditions, transactions, and SQL injection attacks. It provides SQL examples for creating tables, importing data, queries, updates, deletes, transactions, and preventing SQL injection.

Uploaded by

Sheikx Sami
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 60

cs50.

ly/favorites
flat-file database
CSV
relational database
SQL
C
R
U
D
CREATE
READ
UPDATE
DELETE
CREATE, INSERT
SELECT
UPDATE
DELETE, DROP
...
CREATE TABLE table (column type, ...);
sqlite3
.mode csv
.import FILE TABLE
.schema
SELECT columns FROM table;
...
AVG
COUNT
DISTINCT
LOWER
MAX
MIN
UPPER
...
WHERE
LIKE
ORDER BY
LIMIT
GROUP BY
...
INSERT INTO table (column, ...) VALUES(value, ...);
UPDATE table SET column = value WHERE condition;
DELETE FROM table WHERE condition;
IMDb
BLOB
INTEGER
NUMERIC
REAL
TEXT
NOT NULL
UNIQUE
PRIMARY KEY
FOREIGN KEY
JOIN
...
JOIN
...
JOIN
...
indexes
CREATE INDEX name ON table (column, ...);
B-trees
from cs50 import SQL
cs50.readthedocs.io/libraries/cs50/python/#cs50.SQL
race conditions
rows = db.execute("SELECT likes FROM posts WHERE id = ?", id);
likes = rows[0]["likes"]
db.execute("UPDATE posts SET likes = ? WHERE id = ?", likes + 1, id);
BEGIN TRANSACTION
COMMIT
ROLLBACK
db.execute("BEGIN TRANSACTION")
rows = db.execute("SELECT likes FROM posts WHERE id = ?", id);
likes = rows[0]["likes"]
db.execute("UPDATE posts SET likes = ? WHERE id = ?", likes + 1, id);
db.execute("COMMIT")
SQL injection attacks
rows = db.execute("SELECT * FROM users WHERE username = ? AND password = ?", username, password)

if rows:
...
rows = db.execute("SELECT * FROM users WHERE username = ? AND password = ?", username, password)

if rows:
...
rows = db.execute("SELECT * FROM users WHERE username = ? AND password = ?", username, password)

if rows:
...
rows = db.execute(f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'")

if rows:
...
rows = db.execute(f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'")

if rows:
...
rows = db.execute(f"SELECT * FROM users WHERE username = '[email protected]'--' AND password = '{password}'")

if rows:
...
rows = db.execute(f"SELECT * FROM users WHERE username = '[email protected]'--' AND password = '{password}'")

if rows:
...
rows = db.execute("SELECT * FROM users WHERE username = ? AND password = ?", username, password)

if rows:
...

You might also like