PRINCE DR.K.

VASUDEVAN COLLEGE OF
ENGINEERING AND TECHNOLOGY
PONMAR,CHENNAI-600 048
DEPARTMENT OF CYBER SECURITY

CB3412
DATABASE MANAGEMENT SYSTEMS AND SECURITY
LABORATORY

RECORD

NAME :

REGISTER NO. :

SEMESTER :

BRANCH :
S.NO DATE TITLE PAGE NO. SIGNATURE
1 Create a database table, add
constraints (primary key, unique,
check, Not null), insert rows,
update and delete rows using SQL
DDL and DML commands
2 Create set of tables, add
foreign key constraints and
incorporate referential integrity
3 Query the database tables using
different ‘where’ clause
conditions and also implement
aggregate functions
4 Query the database tables and
explore sub queries and simple
join operations
5 Query the database tables and
explore natural, equi and outer
joins
6 Write user defined functions and
stored procedures in SQL
7 Execute complex transactions and
realize DCL and TCL commands
8 Write SQL Triggers for insert,
delete, and update operations in
database table
9 Use SQLi to authenticate as
administrator, to get unauthorized
access over sensitive data, to inject
malicious statements into form
field
10 Write programs that will defend
against the SQLi attacks given in
the previous exercise
11 Write queries to insert encrypted
data into the database and to
retrieve the data using decryption
 Register No:411622149014

Ex.No: 1: CREATE A DATABASE TABLE, ADD CONSTRAINTS,

INSERT ROWS UPDATE AND DELETE ROWS USING SQL
DDL AND DML COMMANDS
Date:

AIM:
To write a code to create a database table, add various constraints , insert ,
update and delete rows using SQL DDL and DML commands.
ALGORITHM:
STEP 1: Connect to the SQL server
STEP 2: Define Table Structure
STEP 3 types: Identify the columns you want in your table and their data.
STEP 4: Write the SQL CREATE TABLE Statement:
STEP 5: Replace TableName, column1, column2, value1, value2,
ConstraintName, etc.,
with actual names and values relevant to database schema.
STEP 6: Ensure that the data types and constraints specified are
appropriate for specific
requirements and database management system (e.g., MySQL,
PostgreSQL, SQL Server).
STEP 7: Perform testing in a development or staging environment before
applying changes
to a production database.
STEP 8: Stop the connection to the server.
 Register No:411622149014

PROGRAM:
-- Create table
CREATE TABLE Employees
( EmployeeID INT PRIMARY KEY,
FirstName VARCHAR(50) NOT
NULL, LastName VARCHAR(50)
NOT NULL, Email VARCHAR(100)
UNIQUE,
Age INT CHECK (Age >= 18),
Department VARCHAR(50)
);
-- Insert rows
INSERT INTO Employees (EmployeeID, FirstName, LastName, Email,
Age, Department)
VALUES (1, 'John', 'Doe', 'john@example.com', 30, 'HR'),
(2, 'Jane', 'Smith', 'jane@example.com', 25, 'IT'),
(3, 'Bob', 'Johnson', 'bob@example.com', 40, 'Finance');
-- Update rows
UPDATE
Employees SET Age
= 35
WHERE EmployeeID = 1;
-- Delete rows
DELETE FROM Employees
WHERE EmployeeID = 3;
 Register No:411622149014

OUTPUT:

RESULT:
Thus the code to create a database table, add various constraints , insert ,
update and delete rows using SQL DDL and DML commands was
successfully executed and verified.
 Register No:411622149014

Ex.No:2: CREATE A SET OF TABLES, ADD FOREIGN KEY

CONSTRAINTS AND INCORPORATE REFERENTIAL
INTEGRITY USING SQL DDL AND DML COMMANDS
Date:

AIM:
To write a code to create a set of tables, add foreign key constraints and
incorporate referential integrity using SQL DDL and DML commands.
ALGORITHM:
STEP 1: Connect to the SQL server
STEP 2: Identify the entities involved in the database schema.
STEP 3: Define the attributes or properties. These attributes describe the
characteristics of each entity.
STEP 4: Choose a primary key for each entity.
STEP 5: Write SQL statements to create tables for each entity. Include the
primary key column(s) along with other attributes. Determine the
relationships between entities. Decide which entities are related to each
other and how they are related.
STEP 6: Add foreign key constraints to enforce referential integrity
and ensure that all foreign key constraints are properly defined and that
they maintain referential integrity. Test it thoroughly to ensure that all
tables, constraints, and relationships are correctly implemented.
STEP 7: Monitor the database for any issues related to referential integrity
or foreign key constraints. Maintain the schema as needed, making
updates or modifications as the requirements of your application evolve.
STEP 8: Stop the connection to the server.
 Register No:411622149014

PROGRAM:
-- Create Customers table
CREATE TABLE Customers
( CustomerID INT PRIMARY
KEY,
FirstName
VARCHAR(50), LastName
VARCHAR(50), Email
VARCHAR(100)
);
-- Create Orders table with foreign key constraint
CREATE TABLE Orders (
OrderID INT PRIMARY KEY,
OrderNumber VARCHAR(20),
OrderDate DATE,
CustomerID INT,
FOREIGN KEY (CustomerID) REFERENCES Customers(CustomerID)
);
 Register No:411622149014

OUTPUT:

RESULT:
Thus the code to create a set of tables, add foreign key constraints and
incorporate referential integrity using SQL DDL and DML commands was
successfully executed and verified.
 Register No:411622149014

Ex.No:3: QUERY THE DATABASE TABLES USING DIFFERENT

WHERE CLAUSE CONDITIONS AND ALSO IMPLEMENT
AGGREGATE FUNCTIONS
Date:

AIM:
To write a code to query a database table using different WHERE clause
conditions and implement aggregate functions to retrieve specific
information from the database.

ALGORITHM:
STEP 1: Connect to the SQL server
STEP 2: Construct SQL SELECT queries to retrieve data from the table.
STEP 3: Implement various WHERE clause conditions to filter the data
based on specific criteria.
STEP 4: Implement aggregate functions such as COUNT, AVG, MIN,
MAX to perform calculations on data.
STEP 5: Aggregate functions are often used in combination with GROUP
BY to group data before applying the aggregate function
STEP 6: Execute the constructed SQL queries against the database.
STEP 7: Fetch and process the results returned by the executed queries.
STEP 8: Stop the connection to the server.
 Register No:411622149014

PROGRAM:
-- Create table
CREATE TABLE student (
name VARCHAR(255),
id INT PRIMARY KEY,
department VARCHAR(100),
contact_no VARCHAR(15)
);
-- Insert rows
INSERT INTO student (name, id, department, contact_no)
VALUES ('John Doe', 12345, 'Computer Science', '123-456-7890');
INSERT INTO student (name, id, department, contact_no)
VALUES ('Jane Smith', 54321, 'Electrical Engineering', '987-654-
3210');
-- Selecting all students from a specific department:
SELECT * FROM student WHERE department
= 'Computer Science';
-- Selecting students with a specific ID:
SELECT * FROM student WHERE id = 12345;
-- Selecting students whose names contains with a certain letter:
SELECT * FROM student WHERE name LIKE '%A%';
-- Selecting students whose contact number ends with a specific
digit:
SELECT * FROM student WHERE contact_no LIKE '%5';
-- Counting the total number of students in the table:
SELECT COUNT(*) AS total_students FROM student;
 Register No:411622149014

-- Finding the average length of contact numbers:

SELECT AVG(LENGTH(contact_no)) AS avg_contact_length
FROM student;
-- Finding the maximum and minimum ID among students:
SELECT MAX(id) AS max_id, MIN(id) AS min_id FROM
student;
-- Grouping students by department and counting the number of
students in each department:
SELECT department, COUNT(*) AS num_students FROM student
GROUP BY department;
 Register No:411622149014

OUTPUT:

RESULT:
Thus the code to query a database table using different WHERE clause
conditions and implement aggregate functions to retrieve specific
information from the database was successfully executed and verified.
 Register No:411622149014

Ex.No:4: QUERY THE DATABASE TABLES AND EXPLORE SUB

QUERIES AND SIMPLE JOIN OPERATIONS
Date:

AIM:
To write a code to query a database tables and exploring subqueries and
simple join operations is to retrieve specific information from one or more
database tables efficiently and accurately.

ALGORITHM:
STEP 1: Connect to the SQL server
STEP 2: Construct SQL SELECT queries to retrieve data from the table.
STEP 3: Determine if the query requires nested queries or subqueries to
retrieve specific information.
STEP 4: Write subqueries within the main query to perform calculations,
filter data, or retrieve aggregated information.
STEP 5: Identify the tables that need to be joined based on common
columns or relationships and use JOIN clauses to combine rows from
different tables based on specified conditions
STEP 6: Execute the constructed SQL queries against the database.
STEP 7: Fetch and process the results returned by the executed queries.
STEP 8: Stop the connection to the server.
 Register No:411622149014

PROGRAM:
-- Create student table
CREATE TABLE student (
name VARCHAR(255),
id INT PRIMARY KEY,
department VARCHAR(100),
contact_no VARCHAR(15)
);
-- Insert rows
INSERT INTO student (name, id, department, contact_no)
VALUES ('John Doe', 12345, 'Computer Science', '123-456-7890');
INSERT INTO student (name, id, department, contact_no)
VALUES ('Jane Smith', 54321, 'Electrical Engineering', '987-654-
3210');
-- Create Grades table
CREATE TABLE Grades (student_id INT,subject
VARCHAR(50),grade VARCHAR(2));
-- Insert rows
INSERT INTO Grades (student_id, subject, grade) VALUES
(12345, 'Mathematics', 'A'),(54321, 'Science', 'B');
-- Create Courses table
CREATE TABLE Courses (course_id INT PRIMARY KEY
AUTO_INCREMENT,course_name VARCHAR(100));
-- Insert rows
INSERT INTO Courses (course_name) VALUES ('Mathematics'),
('Science'),('History');
 Register No:411622149014

-- SubQueries
SELECT s.name, (SELECT MAX(grade) FROM Grades WHERE
student_id = s.id) AS
highest_grade FROM student s;
SELECT s.name, s.id FROM student s WHERE s.id NOT IN (SELECT
student_id FROM
Grades WHERE grade = (SELECT MIN(grade) FROM Grades));
-- Join Operation
SELECT s.name, g.grade, g.subject FROM student s INNER JOIN
Grades g ON s.id =g.student_id;
 Register No:411622149014

OUTPUT:

RESULT:
Thus the code to query a database tables and exploring subqueries and
simple join operations is to retrieved specific information from one or
more database tables from the database was successfully executed and
verified.
 Register No:411622149014

EX.NO: 5: Query the database tables and explore natural, equi and
outer joins.
Date:
Aim:
To query database tables and explore the concepts and applications
of natural, equi, and outer joins for combining data from multiple
tables effectively.
Algorithm:
Step1: Introduce the concept of joins and their significance in combining
data from multiple tables,
Step2: Provide an overview of inner, outer, natural, and equi joins,
Step3: Present sample database tables with structured data,
Step4: Execute inner join queries to demonstrate data retrieval based on
specified conditions,
Step5: Perform outer join queries including left, right, and full outer joins
to showcase different join types and their outputs,
Step6: Execute equi join queries to illustrate joining based on equality
conditions,
Step7: Conclude with a discussion on performance considerations and best
practices for utilizing joins effectively.
 Register No:411622149014

Program:
-- Create sample tables
CREATE TABLE Employees (
EmployeeID INT PRIMARY KEY,
Name VARCHAR(50),
DepartmentID INT
);
CREATE TABLE Departments (
DepartmentID INT PRIMARY KEY,
DepartmentName VARCHAR(50)
);
-- Insert sample data
INSERT INTO Employees (EmployeeID, Name, DepartmentID) VALUES
(1, 'John', 1),
(2, 'Alice', 2),
(3, 'Bob', 1),
(4, 'Emma', NULL);
INSERT INTO Departments (DepartmentID, DepartmentName) VALUES
(1, 'IT'),
(2, 'HR'),
(3, 'Finance');
-- Inner Join: Retrieve employee names along with their department names
SELECT Employees.Name, Departments.DepartmentName
FROM Employees
INNER JOIN Departments ON Employees.DepartmentID =
Departments.DepartmentID;
 Register No:411622149014

-- Left Outer Join: Retrieve all employees and their department names,
including
those without a department
SELECT Employees.Name, Departments.DepartmentName
FROM Employees
LEFT OUTER JOIN Departments ON Employees.DepartmentID =
Departments.DepartmentID;
-- Right Outer Join: Retrieve all departments and the employees working
in each
department, including departments with no employees
SELECT Employees.Name, Departments.DepartmentName
FROM Employees
RIGHT OUTER JOIN Departments ON Employees.DepartmentID =
Departments.DepartmentID;
-- Equi Join: Retrieve employee names and their department names based
on
equality of DepartmentID
SELECT Employees.Name, Departments.DepartmentName
FROM Employees
JOIN Departments ON Employees.DepartmentID =
Departments.DepartmentID;
-- Natural Join: Retrieve employee names and department names based on
matching column names (DepartmentID)
SELECT Name, DepartmentName
FROM Employees
NATURAL JOIN Departments;
 Register No:411622149014

Output:

Result:
Thus the To query database tables and explore the concepts and
applications of natural, equi, and outer joins for combining data from
multiple tables effectively is verified and executed successfully.
 Register No:411622149014

EX.NO: 6:Write user defined functions and stored procedures in SQL

Date:
Aim:
To demonstrate the creation of user-defined functions and stored
procedures in SQL to encapsulate business logic and streamline database
operations for improved efficiency and maintainability.
Algorithm:
Step1: Define the purpose and inputs of the user-defined function or
stored procedure.
Step2: Create the function or procedure using appropriate syntax,
specifying parameters and return types if applicable.
Step3: Implement the logic within the function or procedure, including
SQL statements and control flow constructs as needed.
Step4: Test the function or procedure to ensure correctness and
functionality.
Step5: Handle any potential errors or exceptions within the function or
procedure.
Step6: If necessary, optimize the function or procedure for performance
considerations.
Step7: Document the function or procedure with comments to aid in
understanding and maintenance.
 Register No:411622149014

Program:
-- Create sample tables
CREATE TABLE Employees (
EmployeeID INT PRIMARY KEY,
Name VARCHAR(50),
DepartmentID INT
);
CREATE TABLE Salaries (
EmployeeID INT,
Salary DECIMAL(10, 2)
);
CREATE TABLE Departments (
DepartmentID INT PRIMARY KEY,
DepartmentName VARCHAR(50)
);
-- Insert sample data
INSERT INTO Employees (EmployeeID, Name, DepartmentID) VALUES
(1, 'John', 1),
(2, 'Alice', 2),
(3, 'Bob', 1);
INSERT INTO Salaries (EmployeeID, Salary)
VALUES (1, 50000.00),
(2, 60000.00),
(3, 55000.00);
INSERT INTO Departments (DepartmentID, DepartmentName) VALUES
(1, 'IT'),
 Register No:411622149014

(2, 'HR');
-- Create a user-defined function to calculate the total salary of an
employee
CREATE FUNCTION CalculateTotalSalary (@EmployeeID INT)
RETURNS DECIMAL(10, 2)
AS
BEGIN
DECLARE @TotalSalary DECIMAL(10, 2);
SELECT @TotalSalary = SUM(Salary)
FROM Salaries
WHERE EmployeeID = @EmployeeID;
RETURN @TotalSalary;
END;
-- Create a stored procedure to retrieve employee information and their
total
salary
CREATE PROCEDURE GetEmployeeInfoWithTotalSalary
AS BEGIN
SELECT E.EmployeeID, E.Name, E.DepartmentID, D.DepartmentName,
dbo.CalculateTotalSalary(E.EmployeeID) AS TotalSalary
FROM Employees E
INNER JOIN Departments D ON E.DepartmentID = D.DepartmentID;
END;
-- Execute the stored procedure
EXEC GetEmployeeInfoWithTotalSalary;
 Register No:411622149014

Output:

Result:
Thus the program To demonstrate the creation of user-defined functions
and stored procedures in SQL to encapsulate business logic and streamline
database operations for improved efficiency and maintainability is verified
and executed successfully.
 Register No:411622149014

EX.NO:7: Execute complex transactions and realize DCL and TCL

commands.
Date:

Aim:
To executing complex transactions and using Data Control Language
(DCL) and Transaction Control Language (TCL) commands.
Algorithm:
Step1: We create a table transaction_records to store transaction data.
Step2: We insert some sample data into the table.
Step3: We begin a transaction using BEGIN TRANSACTION.
Step4: Within the transaction, we insert a new record, update an existing
record, and delete another record.
Step5: We commit the transaction using COMMIT.
Step6: We then select and display all records to show the changes made.
Step7: Finally, we rollback the transaction using ROLLBACK to revert
the changes made by the transaction.
 Register No:411622149014

Program:
-- Create a table to store transaction records
CREATE TABLE transaction_records
( transaction_id INT PRIMARY KEY,
transaction_amount DECIMAL(10, 2),
transaction_date DATE
);
-- Insert some sample data
INSERT INTO transaction_records (transaction_id, transaction_amount,
transaction_date)
VALUES (1, 100.00, '2024-05-01'),
(2, 200.00, '2024-05-02'),
(3, 300.00, '2024-05-03');
-- Begin a transaction
BEGIN
TRANSACTION;
-- Insert a new transaction record
INSERT INTO transaction_records (transaction_id, transaction_amount,
transaction_date)
VALUES (4, 400.00, '2024-05-04');
-- Update an existing transaction record
UPDATE transaction_records
SET transaction_amount = 250.00
WHERE transaction_id = 2;
-- Delete a transaction record
DELETE FROM transaction_records
WHERE transaction_id = 3;
 Register No:411622149014

-- Commit the transaction

COMMIT;
-- Check the records after the transaction
SELECT * FROM transaction_records;
-- Revert the changes made by the transaction
ROLLBACK;

Output:

Result:
Thus the program to executing complex transactions and using
Data Control Language (DCL) and Transaction Control Language
(TCL) commands is verified and executed successfully.
 Register No:411622149014

EX.NO:8: Write SQL Triggers for insert, delete, and update

operations in database table.
Date:

Aim:
To Write SQL Triggers for insert, delete, and update operations in database
table.
Algorithm:

Step1: We first create a table named employee to store

employee data.
Step2: after_employee_insert: This trigger is fired after an insert operation
on the employee table.
Step3: audit_table to log the insert action.
Step4: after_employee_update: This trigger is fired after an update
operation on the employee table. It inserts a record into the audit_table to
log the update action.
Step5: after_employee_delete: This trigger is fired after a delete operation
on the employee table. It inserts a record into the audit_table to log the
delete action.
 Register No:411622149014

Program:
-- Create the employees table
CREATE TABLE employees
( employee_id INT PRIMARY KEY,
first_name VARCHAR(50),
last_name VARCHAR(50),
salary DECIMAL(10, 2)
);
-- Create a trigger for insert operation
CREATE TRIGGER insert_employee_trigger
AFTER INSERT ON employees
FOR EACH ROW
BEGIN
-- Log the insert operation
INSERT INTO employee_audit (employee_id, action,
action_date)
VALUES (NEW.employee_id, 'INSERT', NOW());
END;
-- Create a trigger for delete operation
CREATE TRIGGER delete_employee_trigger
AFTER DELETE ON employees
FOR EACH ROW
BEGIN
-- Log the delete operation
INSERT INTO employee_audit (employee_id, action,
 Register No:411622149014

action_date)
VALUES (OLD.employee_id, 'DELETE', NOW());
END;
-- Create a trigger for update operation
CREATE TRIGGER update_employee_trigger
AFTER UPDATE ON employees
FOR EACH ROW
BEGIN
-- Log the update operation
INSERT INTO employee_audit (employee_id, action,
action_date)
VALUES (NEW.employee_id, 'UPDATE', NOW());
END;

Output:

Result:
Thus the program to Write SQL Triggers for insert, delete, and update
operations in database table is verified and executed successfully.
 Register No:411622149014

EX.NO:9: Use SQLi to authenticate as administrator, to get

unauthorized access over sensitive data, to inject malicious statements
into form field.

Date:

Aim: To use SQLi to authenticate as administrator, to get unauthorized

access over sensitive data, to inject malicious statements into form field.

Algorithm:
Step 1: Find an input field susceptible to SQL injection.
Step 2: Formulate a payload like ' OR '1'='1' --.
Step 3: Enter the payload in the username or password field.
Step 4: Log in as an administrator using the injection.
Step 5: Query for sensitive information using SQL injection.
Step 6: Insert harmful SQL statements into form fields.
Step 7: Execute injected commands to manipulate data and extract
valuable information.
 Register No:411622149014

Program:
Register No:411622149014
Register No:411622149014
Register No:411622149014
 Register No:411622149014

Output:
 Register No:411622149014

RESULT:
Thus the authentication and authorization using SQL injection executed
successfully.
 Register No:411622149014

EX.NO:10: Write programs that will defend against the SQLi attacks
given in the previous exercise.

Date:

Aim: To implement defend against SQLi attacks

Procedure:
Database Connection: The script establishes a connection to the MySQL
database using the
mysql.connector module. This connection is essential for executing queries
against the database.
conn = mysql.connector.connect(
host="localhost",
user="your_mysql_username",
password="your_mysql_password",
database="sqli_authorization_example"
)
Replace "your_mysql_username" and "your_mysql_password" with your
actual MySQL username and
password. This establishes a connection to the database named
sqli_authorization_example running on
localhost.
Prepared Statement: Instead of constructing SQL queries by concatenating
strings, the script uses
parameterized queries. This is crucial for defending against SQL injection
attacks. Parameterized queries
separate SQL code from user input, preventing malicious inputs from
altering the SQL logic.
 Register No:411622149014

query = "SELECT * FROM users WHERE username = %s"

cursor.execute(query, (username,))
query = "SELECT * FROM users WHERE username = %s"
cursor.execute(query, (username,))
(),
The result is retrieved using cursor.fetchone which fetches the next row of
the result set returned by the
query. If a matching record is found in the database for the provided
username, it is stored in the result
variable.
Authorization Check: The script checks the role associated with the
username retrieved from the
database. If the role is 'admin', it indicates that the user is authorized as an
admin.
The result is retrieved using cursor.fetchone(), which fetches the next row
of the result set returned by the
query. If a matching record is found in the database for the provided
username, it is stored in the result
variable.
Authorization Check: The script checks the role associated with the
username retrieved from the d
atabase. If the role is 'admin', it indicates that the user is authorized as an
admin.

Result:
Thus the Program for defend against SQLi attacks program was executed
successfully.
 Register No:411622149014

EX.NO:11: Write queries to insert encrypted data into the database

and to retrieve the data using decryption.
Date:
Aim: To write queries to insert encrypted data into the database and to
retrieve the data using decryption.
Procedure:
Create the Stored Procedure for Inserting Encrypted Data:
CREATE PROCEDURE InsertEncryptedData
@dataToEncrypt NVARCHAR(MAX),
@encryptionKey NVARCHAR(50)
AS
BEGIN
DECLARE @encryptedData VARBINARY(MAX);
SET @encryptedData =
ENCRYPTBYKEY(KEY_GUID('SymmetricKey'), @dataToEncrypt);
INSERT INTO YourTableName (EncryptedContent)
VALUES (@encryptedData);
END;
Create the Stored Procedure for Retrieving Decrypted Data:
CREATE PROCEDURE RetrieveDecryptedData
@id INT,
@decryptionKey NVARCHAR(50)
AS
BEGIN
DECLARE @decryptedData NVARCHAR(MAX);
SELECT @decryptedData = CONVERT(NVARCHAR(MAX),
DECRYPTBYKEY(EncryptedContent))
 Register No:411622149014

FROM YourTableName
WHERE ID = @id;
SELECT @decryptedData AS DecryptedContent;
END;
Executing the Stored Procedures:
To insert encrypted data:
EXEC InsertEncryptedData 'SensitiveData', 'EncryptionKey';
To retrieve decrypted data:
EXEC RetrieveDecryptedData @id = 1, @decryptionKey =
'DecryptionKey';
Replace 'SensitiveData' with the data you want to encrypt, 'EncryptionKey'
with the encryption
key, 'YourTableName' with the name of your table, 'DecryptionKey' with
the decryption key, and 1 with
the ID of the data you want to retrieve.
Running the Source Code:
You can execute these stored procedures using SQL Server Management
Studio or any other SQL client.
open a new query window, paste the code, and execute it.

Result:
Thus the encryption and decryption are executed successfully.