DB - LabManual - Withproject - Fall 2019 PDF

CL-213
Fundamentals of Database Systems

LAB MANUAL
DEPARTMENT OF ELECTRICAL ENGINEERING,

FAST-NU, LAHORE
Lab Manual of Fundamentals of Database Systems
Created by: Ms. ShaziaHaque
Date: 10thJuly, 2014
Last Updated by: Ms. ShaziaHaque
Date: August, 2019
Approved by the HoD: Dr. S.M.Sajid
Date: August, 2016
Page | 2
Table of Contents
Sr. No. Description Page No.
1 List of Equipment 04
2 Experiment No. 01, Introduction to HTML 05
3 Experiment No. 02, Cascading Style Sheets and JavaScript 11
4 Experiment No. 03, Introduction to SQL Server 2008 DBMS 17
5 Experiment No. 04, Introduction to SQL and DDL 26
6 Experiment No. 05, Introduction to SQL DML 31
7 Experiment No. 06, Advanced SQL 36
8 Experiment No. 07, Views and Stored procedures 39
9 Experiment No. 08, Triggers 45
10 Experiment No. 09, Introduction to Erwin Data Modeling tool 50
Experiment No. 10, Building ASP.net web applications with Database

11 64
Connectivity
Experiment No. 11, ASP.net GridView Control – Deletion and
12 86
updation/insertion
Experiment No. 12, ASP.net Passing values across webpages and SQL
13 100
Injection
14 Appendix A, Lab Evaluation Criteria 109
15 Appendix B, Safety around Electricity 110
16 Appendix C, Guidelines on preparing Lab Reports 112
Page | 3
List of Equipment
Sr. No. Description
1 Workstations (PCs)
2 Visual Studio 2012C# (software)
3 Erwin data modeling tool (software)
4 Microsoft SQL Server 2014 (software)
Page | 4
EXPERIMENT 1
INTRODUCTION TO HTML
Objective
• Introduction to HTML language.
HTML is a language for describing web pages.
• HTML stands for Hyper Text Markup Language

• HTML is not a programming language, it is a markup language
• A markup language is a set of markup tags
• The purpose of the tags are to describe page content
HTML Tags
HTML markup tags are usually called HTML tags
• HTML tags are keywords (tag names) surrounded by angle brackets like <html>
• HTML tags normally come in pairs like <b> and </b>
• The first tag in a pair is the start tag, the second tag is the end tag
• The end tag is written like the start tag, with a forward slash before the tag name
• Start and end tags are also called opening tags and closing tags
Web Browsers
The purpose of a web browser (Chrome, Internet Explorer, and Firefox) is to read HTML
documents and display them as web pages. The browser does not display the HTML tags, but
uses the tags to interpret the content of the page. A basic HTML page structure is shown in
Figure 1 below.
Page | 5
Figure1
HTML Element
• An HTML element starts with a start tag / opening tag

• An HTML element ends with an end tag / closing tag
• The element content is everything between the start and the end tag
• Some HTML elements have empty content
• Empty elements are closed in the start tag
• Most HTML elements can have attributes
HTML Headings
<h1>Check this out</h1>
<h2>What you think of it now</h2>
<h3>And what about now</h3>
HTML Paragraphs
<p>This is a paragraph.</p>
<p>This is another paragraph.</p>
Use the <br /> tag if you want a line break (a new line) without starting a new paragraph
Some other HTML formatting tags are given in Figure 2 below.
Page | 6
Figure 2
HTML Lists
An unordered list starts with the <ul> tag. Each list item starts with the <li> tag.
The list items are marked with bullets (typically small black circles).
<ul>
<li>EE</li>
<li>CS</li>
<li>BBA</li>
</ul>
HTML Images
<imgsrc="temp.jpg" width="250" height="142" />

<imgsrc="cloud.jpg" alt="Cloud" />
To display an image on a page, you need to use the src attribute. Src stands for "source". The
value of the src attribute is the URL of the image you want to display. The height and width
attributes are used to specify the height and width of an image.
The URL points to the location where the image is stored. An image named "boat.gif",
located in the "images" directory on "www.google.com" has the URL:
http://www.google.com/images/boat.gif.
HTML Links
A hyperlink (or link) is a word, group of words, or image that you can click on to jump to a
new document or a new section within the current document. When you move the cursor
over a link in a Web page, the arrow will turn into a little hand.
Links are specified in HTML using the <a> tag.
The <a> tag can be used in two ways:
1. To create a link to another document, by using the href attribute

Page | 7
2. To create a bookmark inside a document, by using the name attribute
<a href="http://www.google.com">This is a link</a>

<a href="http://www.google.com/" target="_blank">Google Karo</a>
The target attribute specifies where to open the linked document.

The name attribute specifies the name of an anchor.
The name attribute is used to create a bookmark inside an HTML document.
Using Images as HTML Links
To use an image as a link, you will have to use two things you have already learned.
1. How to create a link.
2. How to add an image to the page.
<a href="http://www.google.com">
<imgsrc="sunset.jpg">
</a>
Linking Within a Single Page
Maybe you would like to give someone a way back to the top of the page when they are at
the bottom. Or maybe you want to divide it into sections and use a table of contents at the
top. Well, the way to do this is to use a named anchor, which is a specific area of your page
you want to make a link to. You could link to any part of the page, but for now, let's say you
want to create a link to the top of your page. To do this, go to the top of the body section
(right after the body tag). Now type the following tag:
<a name="top"></a>
You can place any name you wish inside the quotes. This just makes it easy to see where we
are going to end up. Now, go anywhere between the body tags and type this link:
<a href="#top">Back to the Top</a>
If you click on this link, you will be sent back to the top of the page.
HTML Tables
Tables are defined with the <table> tag.
A table is divided into rows (with the <tr> tag), and each row is divided into data cells (with the
<td> tag). td stands for "table data," and holds the content of a data cell. A <td> tag can contain
text, links, images, lists, forms, other tables, etc.
If you do not specify a border attribute, the table will be displayed without borders. Sometimes
this can be useful, but most of the time, we want the borders to show.
Page | 8
Header information in a table are defined with the <th> tag.
<table border="1">
<tr>
<th>Department</th>
<th>Course</th>
</tr>
<tr>
<td>CS</td>
<td>Data Structure</td>
</tr>
<tr>
<td>EE</td>
<td>Circuit Analysis</td>
</tr>
</table>
INPUT Control
a. Input(Text)
<input id="Text1" type="text" value="Please Enter City" />
b. Input(Password)
<input id="Password1" type="password" value="dummy" />
c. Input(Checkbox)
<input id="Checkbox1" type="checkbox" checked="true" />
d. Input(Radio)
<input id="Radio1" type="radio" checked="true" />
e. Input(Button)
<input id="Button1" type="button" value="button" />
Page | 9
Exercise 1: Create a first page “firstpage.html” as shown in Figure3 below
Figure 3
Good Reference:
http://www.w3schools.com
Post Lab Questions

1. Design a webpage for a sports website using HTML only. Use your imagination and be
innovative. For help explore w3schools.
2. Find and list the differences between HTML version 3 and HTML version 5.
Page | 10
EXPERIMENT 2
Cascading Style Sheets and JavaScript
Objective
• Introduction to CSS (Cascading Style sheets)
• Apply CSS to your html page
• Client side validation and learn how to apply client validation using JavaScript
At the end of this lab you will be able to
• Create CSS style sheet and Apply CSS

• Create and use JavaScript functions
• Apply Client side validations
What is CSS?
CSS stands for Cascading Style Sheets
Styles define how to display HTML elements
Styles were added to HTML 4.0 to solve a problem
External Style Sheets can save a lot of work
External Style Sheets are stored in CSS files
Why we needed CSS?

HTML was never intended to contain tags for formatting a document.HTML was intended to define
the content of a document, like:
<h1>This is a heading</h1>
<p>This is a paragraph.</p>
When tags like <font>, and color attributes were added to the HTML 3.2 specification, it started a
nightmare for web developers. Development of large web sites, where fonts and color information
were added to every single page, became a long and expensive process.
To solve this problem, the World Wide Web Consortium (W3C) created CSS.
CSS defines HOW HTML elements are to be displayed.
Styles are normally saved in external .css files. External style sheets enable you to change the
appearance and layout of all the pages in a Web site, just by editing one single file!
CSS Syntax
A CSS rule has two main parts: a selector, and one or more declarations as shown in Figure 1:
Figure1
Page | 11
The selector is normally the HTML element you want to style.

Each declaration consists of a property and a value.
The property is the style attribute you want to change. Each property has a value.
In addition to setting a style for a HTML element, CSS allows you to specify your own selectors
called "id" and "class".
Id Selector Syntax
The id selector is used to specify a style for a single, unique element.
The id selector uses the id attribute of the HTML element, and is defined with a "#".
The style rule below will be applied to the element with id="para1":
#para1
{
text-align:center;
color:red;
}
Class Selector Syntax

The class selector is used to specify a style for a group of elements. Unlike the id selector, the class
selector is most often used on several elements.
This allows you to set a particular style for many HTML elements with the same class. The class
selector uses the HTML class attribute, and is defined with a "."
In the example below, all HTML elements with class="center" will be center-aligned:
.center {text-align:center;}
How to apply CSS

There are three ways of inserting a style sheet:
• External style sheet
• Internal style sheet
• Inline style
External Style sheet

An external style sheet is ideal when the style is applied to many pages. With an external style sheet,
you can change the look of an entire Web site by changing one file. Each page must link to the style
sheet using the <link> tag. The <link> tag goes inside the head section:
<head>
<link rel="stylesheet" type="text/css" href="mystyle.css"/>
</head>
An external style sheet can be written in any text editor. The file should not contain any html tags.
Your style sheet should be saved with a .css extension. An example of a style sheet file is shown
below:
hr {color:sienna;}
Page | 12
p {margin-left:20px;}
body {background-image:url("images/back40.gif");}
Internal Style sheet

An internal style sheet should be used when a single document has a unique style. You define
internal styles in the head section of an HTML page, by using the <style> tag, like this:
<head>
<style>
hr {color:sienna;}
p {margin-left:20px;}
body {background-image:url("images/back40.gif");}
</style>
</head>
Inline Style sheet
An inline style loses many of the advantages of style sheets by mixing content with presentation.
Use this method sparingly!
To use inline styles you use the style attribute in the relevant tag. The style attribute can contain any
CSS property. The example shows how to change the color and the left margin of a paragraph:
<p style="color:sienna;margin-left:20px">This is a paragraph.</p>
Exercise 1: Practice applying CSS to HTML pages

Example
body
{
background-color:#d0e4fe;
}
h1
{
color:orange;
text-align:center;
}
p
{
font-family:"TimesNewRoman";
font-size:20px;
}
.myclass
{
font-family:"TimesNewRoman";
font-size:20px;
}
Save the above in a style.css file and then apply in html as external style sheet by adding
<link href="style.css" rel="stylesheet" type="text/css" />
Please try all the selectors (given above) in your html e.g.<td class=”myclass”>
Page | 13
What is JavaScript?
• A scripting language is a lightweight programming language.
• JavaScript is programming code that can be inserted into HTML pages.
• JavaScript inserted into HTML pages, can be executed by all modern web browsers.
UsageofJavaScript
• Writing Into HTML Output
document.write("<h1>This is a heading</h1>");
• Reacting to Events
<button type="button" onclick="alert('Welcome!')">Click Me!</button>
• Changing HTML Content
x=document.getElementById("demo") //Find the element
x.innerHTML="Testing… “;
• Changing HTML Styles
x=document.getElementById("demo") //Find the element
x.style.color="#ff0000"; //Change the style
• Validate Input
varnum=document.getElementById("demo") .value //demo is a textbox
if (num==null|| num==””)
{alert("Enter a value please")};
How to apply JavaScript

To insert a JavaScript into an HTML page, use the <script> tag.
The <script> and </script> tells where the JavaScript starts and ends.
There are two ways of inserting JavaScript:
a. Internal JavaScript
b. External JavaScript
Internal JavaScript
You can place an unlimited number of scripts in an HTML document.
Scripts can be in the <body> or in the <head> section of HTML, and/or in both.
It is a common practice to put functions in the <head> section, or at the bottom of the page. This
way they are all in one place and do not interfere with page content.
<!DOCTYPE html>
<html>
<head>
<scriptlanguage="javascript">
function myFunction()
{
document.getElementById("demo").innerHTML="My First JavaScript Function";
Page | 14
}
</script>
</head>
<body>
<h1>My Web Page</h1>
<p id="demo">A Paragraph</p>
<button type="button" onclick="myFunction()">Try it</button>
</body>
</html>
External JavaScript
Scripts can also be placed in external files. External files often contain code to be used by several
different web pages.
External JavaScript files have the file extension .js.
To use an external script, point to the .js file in the "src" attribute of the <script> tag:
<!DOCTYPE html>
<html>
<body>
<script src="myScript.js"language="javascript"></script>
</body>
</html>
Exercise 2: Practice JavaScript

Write a JavaScript function to convert Celsius into Fahrenheit and vice versa in HTML using
JavaScript on input controls. A sample user interface is shown in Figure2 below
GUI should be like this
Figure 2
Exercise 3: Practice CSS and JavaScript
You are required to design a login web page that will have username and password text fields as
shown below in figure3:
Page | 15
Figure 3
Requirements:
Default Setting (When the page is loaded)
1. Everything in the username field row must be center aligned with font = arial, using CSS
2. Everything in the password field row must be right aligned with font = courier, using CSS
On Validate button you need to do the following:

Check if anything has been entered in the username and password fields.
• If a field is empty then the background color of the whole row must be set to "RED".
• If a field is NOT empty then the background color of the whole row must be set to
"YELLOW".
Post lab Questions
Add the following feature in your exercise 3.
On Reset button you need to do the following:
Bring the page in the default state i.e. the state when page was loaded.
NOTE: You are required to use JavaScript and CSS to perform the above mentioned
functionality.
Page | 16
EXPERIMENT 3
Introduction to SQL Server 2012 DBMS
Objective
• Familiarize studentswith SQL Server 2008 that is anRDMS by Microsoft

• Table creation, definition through script.
• Data import and export from files to DBMS (tables) using SQL import export utility.
SQL Server 2008 Installation:

SQL Server installation and configuration steps are given in the SQL server 2008 installation
guide.ppt lying in the lab folder. This is to help the students in installing the server on their personal
machines and get a know how of SQL architecture and its components.
Exercise 1: Creating relational database using SQL server management studio

designer
Step 1:Open SQL server management studio
Start->Program Files ->SQL server 2008 -> SQL server management studio
Enter your server name as “cactus” username as “lab” password as “123456789” as shown in figure1
below
Figure 1
To add new Database Right click on Database folder and select New Database. Name this database
as your rollnumber (beginning with letter L) as shown in figure2 below.
Page | 17
Figure 2
Step 2: Creating Tables through script in your database
The SQL DDL code given in the company.sql file (present in the lab folder) belongs to the relational
model shown in Figure3 below:
Figure 3
Please spend a few minutes going through the code in the company.sql file.
Now click on “New Query” after selecting your own database in the drop down as shown in Figure 4
Page | 18
Figure 4
• In the SQL window that opens, copy the code from company.sql file and, paste it as shown in
Figure 5.
• Change use [your database] to the name of the database you created (your rollnumber).
• Now click on execute.
• If all goes well, you would see “command executed successfully” message and on expanding
the tables folder in your database you would see the table that have just been created for you.
Figure 5
Page | 19
Exercise 2: Import data in to employee table using Import Export utility
Start->Program Files ->SQL server 2008 -> Import and Export data
Select your Data source as Microsoft Excel as shown in Figure 6 (as data that you are going to
import is present in the company.xls file. You have to repeat the following steps for all the tables
that you created in Exercise1.
Figure 6
Don’t forget to check “First row has column names”. Click on Next.
Select your destination database as shown in Figure 7.
Figure 7
Click Next button .
Page | 20
Select the first option on next screen as given below in figure 8
Figure 8
In the next screen that comes up, please make sure you have selected everything as given in the
screen shot below in figure9
Figure 9
Page | 21
Now click on “Edit Mappings” button and on the next screen make sure that the destination columns
are correctly selected as shown in figure10 below.
Figure 10
Click OK and then click Next to move to next screen till you get to the screen with “Finish” Button.
In the screen that comes up (figure11) you would see that 8 rows of data would have been
transferred to the employee table, if everything went fine.
Page | 22
Figure 11
Selecting Data
Task 1: Selecting data from the table using selection Query
Start->Program Files ->SQL server 2008 -> Management studio
Select your database
Open Query window and type
Select * from employee
Execute Query.
Figure 12
Page | 23
Exercise 3: Import data in to the other tables of company database using

Import Export utility
Please repeat the steps in Exercise2 to import data into the rest of the tables. Please make sure
that you follow the following order while importing the data
1. Dependent table
2. Department table
3. Project table
4. Dept_locations table
5. Works_on table
Run the following script in SQL Server after having successfully imported data in all the tables to
get your worked checked
use [your database]
select * from employee
select * from department
select * from dependent
select * from dept_locations
select * from project
select * from works_on
Post Lab Questions:
1. Write SQL script to create the database with the given relational data model given
below:
Book
bookID bookName author
Author
authorID authorName authoraddress
Page | 24
2. Import the given data in the table, you need to include screen shots of the data present
in the tables after executing the select statement.
Book
bookID bookName author
1 Chamber of Secrets 101
2 Alchemist 102
3 Philosopher’s stone 101
authorID authorName authoraddress

101 J K Rowling UK
102 Paulo Coelho Brazil
Page | 25
EXPERIMENT 4
Introduction to SQL and DDL
Objective
• Familiarize students with the SQL DDL commands
• Enable students to use the basic DML commands (in order to check the working of above
DDL commands)
SQL (Structured Query Language)

SQL commands can be broadly categorized under the following four types:
• DDL
Data Definition Language (DDL) statements are used to define the database structure or
schema. Some examples:
CREATE - to create objects in the database
ALTER - alters the structure of the database
DROP - delete objects from the database
TRUNCATE - remove all rows from a table
• DML
Data Manipulation Language (DML) statements are used for managing data within schema
objects. Some examples:
SELECT - retrieve data from the a database
INSERT - insert data into a table
UPDATE - updates existing data within a table
DELETE - deletes all records from a table, the space for the records remain
• DCL
Data Control Language (DCL) statements. Some examples:
GRANT - gives user's access privileges to database
REVOKE - withdraw access privileges given with the GRANT command
• TCL
Transaction Control (TCL) statements are used to manage the changes made by DML
statements. It allows statements to be grouped together into logical transactions.
COMMIT - save work done
SAVEPOINT - identify a point in a transaction to which you can later roll back
ROLLBACK - restore database to original since the last COMMIT
Page | 26
Exercise1: Practice DDL commands using SQL server management studio
Step1: Login to your database

• Open SQL server management studio via Start->Program Files ->SQL server 2008 -> SQL
server management studio
o enter your server name as “cactus” username as “lab” password as “123456789” or
use server name as “172.16.1.254” and password as “12345678” depending on what
you used in the last lab.
• Select your database
Step2: Create a schema

• Click on “New Query”
• In the window (Query Manager) that comes up run the following command
Use [your_own_DB_created_in_lab3]
create schema lab4
Step3: Create table command
• Run the following statement in your own database

CREATE TABLE lab4.School(
schID [int] NOT NULL,
schName [varchar](50) NULL,
schdeanID [int] NULL,
)
CREATE TABLE lab4.Staff(

staffID [int] NOT NULL,
staffName [varchar](50) NULL,
staffRole [varchar](50)
)
• Refresh your database and verify the results from designer on left
Step3: Drop table command

• Run the following statement in your own database
drop table lab4.school
• Refresh your database and verify the results from designer on left
Step4: Primary key on a new table

• Recreate the table dropped in step3, this time with the primary key constraint in place by
running the following command
CREATE TABLE lab4.Staff(
staffID [int] NOT NULL,
Page | 27
staffName [varchar](50) NULL,

staffRole [varchar](50),
constraintstaffPK primary key (staffId)
)
• Refresh your database and verify the results from designer on the left by expanding Keys
under Staff table
Step5: Primary key on an existing table via ALTER table command
• Using your own database run the following command
Alter TABLE lab4.School add constraint schPK primary

key(schID)
• Refresh your database and verify the results from designer on the left by expanding Keys
under School table
Step6: Set Foreign Key on new table

• Drop table school (you know how to do that now)
• Recreate the table school by running the following statement

CREATE TABLE lab4.School(
schID [int] NOT NULL primary key,
schName [varchar](50) NULL,
schdeanID [int] NULL,
constraintdeanFK foreign key (schdeanID) references
lab4.Staff(staffId)
)
Step7: Drop Foreign Key constraint via Alter table command

Alter table lab4.school drop constraint deanFK
Step8: Add Foreign Key constraint to an existing table via Alter table command
Alter table lab4.school add constraint deanFKforeign key
(schdeanID) references lab4.Staff(staffId)
Step9: Add Foreign key constraint to set behavior on delete/update

• Drop the deanFK foreign key constraint added in step8 above
• Recreate the foreign key constraint on school table to set behavior on update and delete by
running the following command
Altertable lab4.school addconstraint deanFK foreign
key(schdeanID)references staff(staffID)
ondelete set null on update cascade
Page | 28
Step10: Check the behavior of the foreign key constraint set above by inserting a few rows in
both the tables and then deleting and updating rows in Staff table
• Run the following insert commands to populate the two tables

Insert into lab4.staff values (101, ‘Ahmed’, ‘Principal’)
Insert into lab4.staff values (102, ‘Ali’, ‘Head Teacher’)
Insert into lab4.staff values (103, ‘Salman’, ‘Teacher’)
Insert into Lab4.staff(staffName, staffId) values (‘Fatima’,
104)
Insert into lab4.school values (1, ‘DPS’, 101)

Insert into lab4.school values (2, ‘LGS’, 102)
Insert into lab4.school values (3, ‘BeaconHouse’, 103)
• Select Data from the two tables by running the following commands
Select * from lab4.staff
Select * from lab4.school
• Update Data in Staff table by running the following command

Update lab4.staff set staffId=106 where staffId=103
Check the behavior on update by selecting data from the tables

• Delete Data in Staff table by running the following command

Delete from lab4.staff where staffId=102
Check the behavior on delete by selecting data from the tables

Step11: Add column to an existing table

Alter table lab4.school add schAddress varchar(100)
Step12:Remove column from an existing table

Alter table lab4.school drop column schAddress
Step13: TRUNCATE table

TRUNCATE removes all rows from a table while structures still persists.
i. Insert 5 new rows in school table
ii. Nowexecute truncate command as shown
truncate table lab4.school
iii. select data from school table
Page | 29
PostLab Questions
director
did name bestRev
movie
mid mname Directed_by
Given the relational model above:

1. Give the table creation statements with all constraints in place
2. Give the DDL statements to drop the primary key and foreign key constraints in real time
3. Explore how you can set primary key constraints on the director table using GUI provided by
SQL Server, include screen shots
4. Explore how you can set foreign key constraints between tables above by using the GUI
provided by SQL Server, include screen shots
5. Explore how Identity column works in SQL server, give the SQL DDL statement to add a
column called Srno in movie table which would be an identity column
6. Give the command needed to make the srno column added above a unique key for the table.
7. List the main differences between truncate and delete commands
Page | 30
EXPERIMENT 5
INTRODUCTION TO SQL DML
Objective
• LearnSQL DML commands specially the use of select query, joins and aggregate functions
Exercise1: Practice select command

Login to your own database (lab/<password> on cactus or scorpion) that you created in Lab3 and
practice the following Select commands. Please also analyze the query and the results it is
bringing and write a statement about what the query is returning on a piece of paper.
i. SELECT particular columns from a Table
General syntax:
SELECT <list of columns> FROM <table name>
Example:
Select fname, lname, salary, bdate
From employee
ii. Select specific rows from a table
General Syntax:
SELECT <* or list of columns>
FROM <table name>
WHERE <condition>
Example:
From employee
Where salary >25000
iii. Use of order by
General Syntax:
SELECT <* or list of columns>
FROM <table name>
WHERE <condition>
ORDER BY <list of columns>
Example:
Page | 31
From employee
Where salary >25000
Order by salary desc, fname
iv. Use of DISTINCT
Example:
Select distinct salary
From employee
v. Use of built in functions
Example:
Select datediff(yy, bdate,GETDATE())age,
fname from employee
vi. Use of like and between and null comparisons
Examples:
select fname, Lname, salary, bdate
from employee
where bdate between '01-Jan-1960' and '31-Dec-1969'
and lname like 'S%'

from employee
where super_ssn is null

from employee
where super_ssn is not null
Page | 32
Exercise2: Practice select command from multiple tables using inner and outer
joins
vii. INNER JOIN: This join only returns rows when there is at least one match in both the tables
on which the JOIN is being applied.
Example:
select e.fname, e.Lname, d.Dname
from employee e innerjoin department d on e.Dno=d.Dnumber
orderby d.Dname, e.fname
viii. OUTER JOIN:

There are three different Outer Join methods:
 LEFT OUTER JOIN

This join returns all the rows from the left table in conjunction with the matching rows
from the right table. If there are no columns matching in the right table, it returns NULL
values
Example:
select e.fname, e.Lname, d.dependent_name
from employee e leftouterjoindependent d on e.ssn=d.essn
orderby e.fname, e.lname
• RIGHT OUTER JOIN

This join returns all the rows from the right table in conjunction with the matching rows
from the left table. If there are no columns matching in the left table, it returns NULL
values.
Example:
select e.fname, e.Lname, d.dependent_name
fromdependent d rightouterjoin employee e on e.ssn=d.essn
• FULL OUTER JOIN

This join returns all the rows from the right as well as left table
Example:
First let us insert a department which doesn’t have a manager yet
insertinto department(Dname, dnumber)values ('Accounts', 10)
select e.fname, e.Lname, d.dName

from department d fullouterjoin employee e on e.ssn=d.Mgr_ssn
Page | 33
Exercise3: Practice select command using SQL Aggregate functions

ix. SQL Aggregate functions
Aggregate functions perform a calculation on a set of values and return a single value. These
functions are frequently used with the GROUP BY clause of the SELECT statement.
• AVG() - Returns the average of the values in a group. Null values are ignored.
• COUNT() - Returns the number of items in a group. This function always returns an int data
type value
• MAX() - Returns the maximum value in the expression.
• MIN() - Returns the minimum value in the expression.
• SUM() - Returns the sum of all the values in the expression. SUM can be used on numeric
columns only and it ignores all the NULL values.
General Syntax:
SELECT <list of columns>, <aggregate functions>
FROM <table(s)>
WHERE <condition>
GROUP BY <column(s)>
HAVING < condition based on aggregate function>
Example:
selectCOUNT(*) NumberOfEmployee,AVG(salary)
CompanyAverage,MAX(salary)CompanyMax,MIN(salary)CompanyMin,
SUM(salary) CompanySum
from employee
select d.dname,COUNT(*) DepartmentEmps,SUM(salary) DepartmentSum

from employee e, department d
where e.Dno=d.Dnumber
groupby d.dname
select d.dname,COUNT(*) DepartmentEmps,SUM(salary) DepartmentSum

from employee e, department d
where e.Dno=d.Dnumber
groupby d.dname
havingCOUNT(*)>1 andSUM(salary)>125000
Note the old syntax used for joining tables in last two queries, rewrite them using new
syntax.
EXERCISE 4:
Using your own database, please run the lab5.sql file and write an SQL statement along with
output to answer each of the following queries (it might be helpful if you draw the relational
model for the given SQL script first):
1. List the names and addresses of all guests who are from London, alphabetically ordered by
guest name.
Page | 34
2. Display the names of all the guests who have not provided any end date for their
reservations.
3. Display the name and city of the hotels where guest’s from London are staying. The list
should not contain any hotel more than once.
4. Display the average room price of the hotels situated in London.
5. Display the most expensive double, single and family room respectively (across hotels).
6. Display the names of all the hotels along with the number of rooms present in each of them.
7. Display hotel name and city name along with distinct number of room types available in each
of them.
8. Display a sorted list of hotel names alongwith the date for which a room was booked in the
hotel. Please note null should be displayed booking date if the hotel has never been reserved
by anyone.
Post lab Questions
For the same hotel reservation database write SQL statement along with output to answer
following queries:
1. Display the HotelName and RoomNo which was reserved in the year 2001 and 2002, also
display the Guest No who reserved the room at the time.
2. Display the price of the “Family” type room in all hotels along with the HotelNames,
HotelNo, RoomNo. NULL should be shown if a hotel doesn’t have a “Family” type room.
3. Give the number of hotels present in each city.
4. What is the total revenue generated from all double rooms
5. How many different guests have made bookings till May, 2015?
6. Display the price and city name of the cheapest hotel rooms available in each city.
7. Display the name(s) of the guest(s) who have reserved two or more than two rooms in a
hotel.
8. Display the name, city of all the hotels along with the number of reservations it has, in
descending order.
Page | 35
EXPERIMENT 6
ADVANCED SQL
Objective:
Practice use of advanced features of the SQL select command like set functions and subqueries.
SET FUNCTIONS
• UNION
• INTERSECT
• MINUS
Exercise1: Practice set functions

Login to your own database (lab/<password> on cactus or scorpion/172.16.1.254) that you created in
Lab3 and practice the following Select commands.
Please also analyze the query and the results it is bringing and write a statement about what
the query is returning on a piece of paper.
i. select fname, lname

from employee e innerjoindependent d on e.ssn=d.essn
union
select e.fname, e.lname
from DEPARTMENT d innerjoin employee e on e.ssn=d.Mgr_ssn
orderby fname, lname
ii. select fname, lname

union all
iii. select fname, lname

intersect
iv. select fname, lname

except
Page | 36
SUBQUERIES
There are some guidelines to consider when using subqueries:A sub query must be enclosed in
parentheses.
 A sub query must be placed on the right side of the comparison operator.
 Subqueries cannot manipulate their results internally; therefore ORDER BY clause cannot be
added in to a sub query.You can use an ORDER BY clause in the main SELECT statement
(outer query) which will be last clause.
 Use single-row operators with single-row subqueries.
 If a sub query (inner query) returns a null value to the outer query, the outer query will not
return any rows when using certain comparison operators in a WHERE clause.
3 Subquery Types
• Single-row subquery - where the subquery returns only one row.
• Multiple-row subquery - where the subquery returns multiple rows.
• Multiple column subquery - where the subquery returns multiple columns.
Another type of these subqueries is:

Correlated Subquery.
Are dependent on the their outer query
Will be executed many times while it’s outer queries is being processed, running once for each row
selected by the outer query.
Can be in the HAVING OR WHERE clauses
Exercise2: Practice subqueries
Run the following queries on your own database. Please also analyze the results it is bringing
and write a statement about what the query is returning on a piece of paper. Please also tell
which type (single/multiple row and column, correlated or non-correlated) of subquery it is
v. select fname, lnamefrom employee

where salary =(selectMAX(salary)from employee)
vi. select fname, lname

from employee where ssn in(select essn fromdependent)
vii. select fname, lname

from employee where ssn =any(select essn fromdependent)
viii. select e.fname, e.Lname

from employee e whereexists(select*fromdependent d where d.essn=e.ssn)
Page | 37
ix. select d.dname

from department d join dept_locations lo on d.Dnumber=lo.Dnumber
groupby d.Dname, d.Dnumber
havingCOUNT(*)>=all(selectCOUNT(*)from dept_locations li groupby
li.dnumber)
EXERCISE 3:
Write SQL queries to answer the following questions:
1. Give the name(s) of employees who work either on project “ProductX” or on project
“ProductY”
2. Give the name(s) of employees who work both on project “ProductX” or on project
“ProductY”
3. Give the name(s) of employees who work on project “ProductY” but not on project
“ProductX”
4. Give the name(s) of employees who earn the minimum salary.
5. Give the names(s) of employees who work on as many projects as “Jennifer Wallace”. Please
exclude “Jennifer Wallace” from the list.
6. Give the names(s) of employees who work on a project which is not controlled by their own
department.
Post lab Questions
Using the same hotels database as created in Lab 5, write SQL statement along with output to answer
following queries:
1. Give the name(s) of guest who have booking either for Watergate or Latham hotel.
2. Give the name(s) of guest who have booking both for Watergate and Latham hotel.
3. Give the name(s) of guest who have booking for Latham but not for Watergate hotel.
4. Display the name of the guest who has stayed in maximum number of hotels
5. Display the name of the hotel with as many rooms as Latham hotel
6. Display the name of the hotel with the most expensive room
Page | 38
EXPERIMENT 7
Views and Stored procedures
Objective
• Lear how to create and Execute different views

• Lear how to create and Execute Stored Procedures with parameters
• Lear how to create and Execute Stored Procedures without parameters
Views
A database view is a stored query that returns data from one or more database tables. The stored
query, or view, is a virtual table. Once you have defined a view, you can reference it just as you
would any other table in a database. Since the view is the result of a stored query, it does not contain
a copy of the data itself. Instead, it references the data in the underlying base tables.
Advantages of Views:
A view can provide additional security. By creating a view and creating the necessarily privileges,
you can ensure that the users are only able to retrieve and modify data that is exposed by that view.
Users will not be able to see or access data in the underlying tables that is not exposed by the view.
Views can reduce query complexities. By creating and storing complex queries and exposing them
in the form of a view, the data from the view can be extracted using much simpler queries.
Since a database view is a stored query, not a copy of the actual data, views consume very little
space.
Examples:
Some examples of the ways views are used are:
• To combine data from multiple tables into a single virtual table that can be queried using
basic statements.
• To partition a complex table into multiple virtual tables that are simpler to query. For
example, if a database table contains sales data from the past 10 years, views can be created
and represented using tables names such as SalesData2000 or SalesData2001.
• To aggregate data and perform calculations. The view (stored query) can request the
database engine to sum or average data in underlying tables. These sums or averages can
then be queried more easily.
Creating a View
Below is the general syntax for creating a View:
CREATEVIEW [View_Name]
AS
[SELECT Statement]
Page | 39
For example:
CREATE VIEW v_employeeNames
As
SELECT fname, lnameFROM employee
which will create a View with the name customerData that will only contain customerNmae.
Get result from a View:
This is similar to a Select statement:

select * from v_employeeNames
Modify an existing View

Alter VIEWv_employeeNames
As
SELECT ssn, fname, lnameFROM employee
Drop a View
DROP VIEW v_employeeNames
Stored Procedures
Overview:
A stored procedure is nothing more than prepared SQL code that you save so you can reuse the code
over and over again. So if you think about a query that you write over and over again, instead of
having to write that query each time you would save it as a stored procedure and then just call the
stored procedure to execute the SQL code that you saved as part of the stored procedure.
In addition to running the same SQL code over and over again you also have the ability to pass
parameters to the stored procedure, so depending on what the need is the stored procedure can act
accordingly based on the parameter values that were passed.
Stored procedures are useful in the following circumstances:
• If a database program is needed by several applications, it can be stored at the server and
invoked by any of the application programs. This reduces duplication of effort and improves
software modularity.
• Executing a program at the server can reduce data transfer and communication cost between
the client and server in certain situations.
• These procedures can enhance the modeling power provided by views by allowing more
complex types of derived data to be made available to the database users. Additionally, they
Page | 40
can be used to check for complex constraints that are beyond the specification power of
assertions and triggers.
The general form of declaring stored procedures is as follows:
CREATE PROCEDURE <procedure name> (<parameters>)

<Local declarations>
<Procedure body>;
The parameters and local declarations are optional, and are specified only if needed.
There are various options that can be used to create stored procedures. In these next few topics we
will discuss creating a simple stored procedure to more advanced options that can be used when
creating stored procedures.
Stored Procedure (Without Parameters)
In the example given below we will just select employee names from employee table. The given
procedure has no parameter and simply returns the result of query.
To create this procedure that returns employee’s names you would run the following statement:
createprocedure getEmployeeNames
as
select fname, lname from employee
To execute this procedure you would simply run:

EXEC getEmployeeNames
Or simply
getEmployeeNames
Stored Procedure (With Parameters)
The real power of stored procedures is the ability to pass parameters and have the stored procedure
handles the differing requests that are made.
In the example given below we will query the employee table but instead of getting back all records
we will limit it employee living in just a particular city.
Here we have one parameter city of type varchar defined in procedure. The syntax for defining
parameter can be seen from below example.
createprocedure getEmployeeAddress @City varchar(20)
as
select fname, lname,addressfrom employee
whereaddresslike'%'+@City+'%'
Page | 41
To call this procedure we would run the following statement:

exec getEmployeeAddress@City='Houston'
If you try to execute the procedure without passing a parameter value you will get an error message
such as the following which states the procedure was expecting a parameter which was not provided.
Msg 201, Level 16, State 4, Procedure getEmployeeAddress, Line 0

Procedure or function 'getEmployeeAddress' expects parameter '@City', which was
not supplied.
Default Parameter Values:
In most cases it is always a good practice to pass in all parameter values, but sometimes it is not
possible. So in the example given below we use the NULL option to allow you to not pass in a
parameter value. If we create and run this stored procedure as is, it will not return any data, because
it is looking for any City values that equal NULL.
alterprocedure getEmployeeAddress @City varchar(20)=NULL

as
whereaddresslike'%'+@City+'%'
We could change this stored procedure and use the ISNULL function to get around this. So if a
value is passed it will use the value to narrow the result set and if a value is not passed it will return
all records.

as
whereaddresslike'%'+ISNULL(@City,address)+'%'
Multiple Parameters:
We can define multiple parameters by listing each parameter and the data type separated by a
comma. Following example shows how to make procedure with multiple parameters.
createprocedure getEmployeeDetails @City varchar(20)=NULL, @pSal int=NULL

as
select*from employee
and salary=isnull(@pSal, salary)
To execute the above procedure, you could do any of the following:
Exec getEmployeeDetails
getEmployeeDetails @City='Houston'
Exec getEmployeeDetails @City='Houston', @pSal=55000
Page | 42
Output Parameter:
So far we have seen how to pass parameters into a stored procedure, but another option is to pass
parameter values back out from a stored procedure. One option for this may be that you call another
stored procedure that does not return any data, but returns parameter values to be used by the calling
stored procedure.
Setting up output parameters for a stored procedure is basically the same as setting up input
parameters; the only difference is that you use the OUTPUT clause after the parameter name to
specify that it should return a value. The output clause can be specified by either using the keyword
"OUTPUT" or just "OUT".
createprocedure getEmployeeCount @City varchar(20)=NULL, @empCount intOUT

as
select @empCount=COUNT(*)from employee
We can also use output instead of out in the procedure.
To call this stored procedure we would execute it as follows. First we are going to declare a
variable, execute the stored procedure and then select the returned valued.
Declare @empCnt int
Exec getEmployeeCount'Houston', @empCnt output
select @empCnt
Deleting a Stored Procedure:
To drop a single stored procedure you use the DROP PROCEDURE or DROP PROC command as
follows.
dropproc getEmployeeCount
dropprocedure getEmployeeDetails
OR dropprocedure lab7.getEmployeeDetails
if the procedure exists within a schema named as Lab7
Modifying an Existing Stored Procedure:
To change the stored procedure and save the updated code you would use the ALTER
PROCEDURE command as follows.

as
Page | 43
InLab Questions:
Using your own database (created in Lab3), write an SQL statement along with output to answer
each of the following queries:
1. Create a view called v_EmployeeInfo that displays the employees’ name, salary and number
of dependents s/he has. Please note 0 should be displayed if the employee has no dependent.
The output should be sorted on employee names
2. Remove from the database the view called v_EmployeeInfo
3. Create a store procedure called p_getManagers_with_Deps that outputs the names of

managerswho have a dependent.
4. Modify the above procedure (question 3) to display the salaries of such employees as well as
their names.
Post lab Questions
1. Create a stored procedure called “SP_NewEmployeeDetail” which should insert the

following details from Employee table in to a new table “T_EmployeeDetail” .The table can
be manually created with the selection of following attributes.
EmployeeSSN, Name, salary, Address
2. Create a stored procedure that returns the maximum salary earner of the department whose
name is given as parameter.
3. Create a view that displays the name and salary of the employee who is working on the
maximum number of projects.
Page | 44
EXPERIMENT 8
Triggers
Objective
• Practical implementation of SQL triggers

• Learn how to Create/Alter/drop DML and DDL triggers
Overview:
A trigger is a special kind of stored procedure that automatically executes when an event occurs in
the database server. An SQL trigger may call stored procedures or user-defined functions to perform
additional processing when the trigger is executed.
Unlike stored procedures, an SQL trigger cannot be directly called from an application. Instead, an
SQL trigger is invoked by the database management system on the execution of a triggering insert,
update, or delete operation. The definition of the SQL trigger is stored in the database management
system and is invoked by the database management system, when the SQL table, that the trigger is
defined on, is modified.
Triggers can be divided into two main categories
• DML Triggers
• DDL Triggers
DML Triggers
DML triggers is a special type of stored procedure that automatically takes effect when a data
manipulation language (DML) event takes place that affects the table or view defined in the trigger.
DML events include INSERT, UPDATE, or DELETE statements. DML triggers can be used to
enforce business rules and data integrity, query other tables, and include complex Transact-SQL
statements. The trigger and the statement that fires it are treated as a single transaction, which can be
rolled back from within the trigger.
Basically, DML triggers are classified into two main types: -
(i) After Triggers (For Triggers)

(ii) Instead Of Triggers
Please run the script.sql file given in the Lab folder using your own database to create the table used
for today’s lab.
Page | 45
After Triggers (For Triggers)
These triggers run after an insert, update or delete on a table. They are not supported for views.
Given below we have a trigger that is fired after an update on the table.
CREATE TRIGGER Trigger_ForUpdate

ON DBO.TriggerEmployee
FOR UPDATE
AS
UPDATE TriggerEmployee
SET Description = 'changed with For update trigger'
--WHERE EmployeeID= 1
To fire the trigger we can perform update on table TriggerEmployee using
SET Name = 'New Name'
WHERE EmployeeID= 4
Select data from above table to see that the trigger fired and description got updated.
Similarly we can make after triggers or For Triggers for insert and delete as well.
How to use inserted or deleted rows:
First refresh the TriggerEmployee table by running the script given below:
--refreshing the data
truncate table TriggerEmployee
insert into TriggerEmployee (Name,
EmployeeID,ContactID,ManagerID,Gender,Description) values
('Ahmed',1,2,2,'M','xyz')
('Osama',2,1,2,'M','sadsd')
('Qasim',3,1,2,'M','sadsff')
select * from triggerEmployee

go
Now modify the Trigger_ForUpdate trigger by running the script given below:
alter TRIGGER Trigger_ForUpdate
FOR UPDATE
AS
declare @Employeeidint -- variable declaration
-- get the value from the table of employee id that was updated
select @Employeeid=EmployeeID from inserted
Page | 46
SET Description = 'changed with For update trigger'

WHERE EmployeeID= @EmployeeID
go
SET Name = 'New Name'
WHERE EmployeeID= 2
go
select *from TriggerEmployee

go
Instead Of Triggers:
These can be used as an interceptor for anything that anyone tried to do on our table or view. If you
define an Instead Of trigger on a table for the Delete operation, then try to delete rows, and they will
not actually get deleted (unless you issue another delete instruction from within the trigger).
We have 3 types of instead of triggers.
(a) INSTEAD OF INSERT Trigger.

(b) INSTEAD OF UPDATE Trigger.
(c) INSTEAD OF DELETE Trigger.
Example of instead of insert trigger
create TRIGGER SampleTrigger_select

INSTEAD OF INSERT
AS
SELECT * FROM TriggerEmployee
--print 'sorry this table cannot be modified'
go
INSERT INTO TriggerEmployee(EmployeeID,NAME,ContactID,ManagerID,Gender)

VALUES(5, 'Instead of insert "Select Trigger" ' , 1108, 1, 'M' )
go
SELECT * FROM TriggerEmployee -- NO CHANGE IN THE TABLE
Go
Instead of update and delete triggers can be made using similar way as well. Below is an example of
an intead of delete trigger:
create TRIGGER [dbo].[T_DeleteEmployee]

ON [dbo].TriggerEmployee
INSTEAD OF delete
AS
IF
(
Page | 47
SELECT COUNT(*)
FROM TriggerEmployee A
) >0
BEGIN
PRINT 'CAN NOT BE deleted'
END
go
DELETE from TriggerEmployee WHERE EmployeeID= 1

go
select *From TriggerEmployee
go
DDL Triggers
DDL triggers, like regular triggers, fire stored procedures in response to an event. However, unlike
DML triggers, they do not fire in response to UPDATE, INSERT, or DELETE statements on a table
or view. Instead, they fire in response to a variety of Data Definition Language (DDL) events. These
events primarily correspond to SQL statements that start with the keywords CREATE, ALTER, and
DROP.
Use DDL triggers when you want to do the following:

• You want to prevent certain changes to your database schema.
• You want something to occur in the database in response to a change in your database
schema.
• You want to record changes or events in the database schema.
Example of DDL trigger fired on drop_table event

CREATE TRIGGER [T_DeleteTable]
ON DatabASE
FOR DROP_TABLE
AS
PRINT 'CAN NOT BE dropped'
RollBack -- we dont have instead of in DDL so we use rollback
go
To fire the trigger we can try to drop any table of the database on which trigger was defined.
DROP TABLE TriggerEmployee
go
Example of DDL trigger fired on alter_table event
create TRIGGER [T_AlterTable_DT]

ON DatabASE
FOR ALTER_TABLE
AS
Page | 48
PRINT 'Table alterdsuccesfully'
go
To fire the trigger we can try to alter any table of the database on which trigger was defined.
ALTER TABLE TriggerEmployee ALTER COLUMN [NAME] VARCHAR(60)

-- select * from [TriggerEmployee]
go
InLabQuestions:
Please run the university.sql file using your own database before proceeding with the exercises.
1. We have FAST university database in which we are keeping track of students and their
departments and which course they are enrolled .The university hires you to make following
changes to their database. The University Database script is placed in the manual folder.
a) The academic officer is concerned with database auditing so he decides to maintain a record
of changes made to database. Create a table Auditing in database with a column AuditId and
LastChangeOn . Create triggers on student, department tables so that when ever any change
is made on these tables the date of change gets stored in the Auditing table.
b) Though academic officer was pretty much satisfied with your last change but after few
months he feels something is missing in auditing table so he ask to change the structure of
the audit table . So now he want to store proper information like
23/09/13 table updated with id=5

23/10/13 table deleted with id=1
So make appropriate change in triggers to perform the operation.
Post lab Questions
1. The academic officer also wants to make sure no one insert, update or deletes department
information from the database. As university has only 3 departments CS, Business and Electrical
and that are already present in database. So create a trigger that will not let anyone to change the
department table.
2. The academic officer was very happy with your last changes in university database So he hires
you again on contract basis to make few more changes to database. So perform following
changes to the university database.
a) The audit log we made will be useless if someone delete the record from it. So he wants to
have a security measure on the table so that no one is able to delete any record or update any
record from the Auditing table.
Page | 49
EXPERIMENT 9
DATA MODELING USING ERWIN
Objective
• Familiarize you with Erwin Data modeling tool.
Introduction
ERwin is a popular data modeling tool. The product supports a variety of aspects of database design,
including data modeling, forward engineering (the creation of a database schema and physical
database on the basis of a data model), and reverse engineering (the creation of a data model on the
basis of an existing database) for a wide variety of relational DBMS. This brief tutorial steps you
through the process of creating a data model using Erwin. Creation of a basic data model
(Conceptual data model)
Creation of a basic data model

The Entities involved in this model include: Employee, Department.
From the File Menu choose to create a new model: File->New
As shown in Figure 1 below
Figure 1: Create a new model
Page | 50
The next dialog box, shown in Figure 2, will ask you to choose the template to be used to create the
new model. Choose Logical/Physical as the new model type. This choice will allow us to switch
back and forth easily between a logical model (ER Diagram) and a physical model (database
schema).
Figure 2: Selecting a model type
ERwin will now display the main window from which most of your ER diagram development will
be done, as shown in Figure 3.
Figure 3: The ERwin Workplace
Page | 51
The ERwin workplace consists of two main parts. On the left is the Model Navigator, which
displays a hierarchy of items of importance, such as entities, domains, and subject areas. On the
right is the Display Window, which will show the ER diagram itself. As you create objects, they
will appear in the display window (if they are visual in nature, like entities), and appear in the
hierarchy within the Model Navigator.
Creating an Entity
To create a new entity, click on the entity icon ( ) on the toolbar, or right-click on the
word Entity in the Model Navigator. If you click on the entity icon, you then should click on the
Display Window where you would like the entity to appear, as shown in Figure 4.
Figure 4: A new entity
Notice that the default name for the entity is E/x, where x is some number (1 in this case). Click on
the Tab key several times and notice what happens. Pressing the tab key cause the focus to cycle
between the three main parts of the Entity: the name of the entity, the primary key attribute(s), and
the non-primary key attribute(s). In general, to modify one of these three parts of the entity, you
will press the Tab key to cycle to the appropriate part of the entity, then type to add or modify that
part of the entity.
Page | 52
Right now, press the Tab key until the entity name is highlighted. Then type EMPLOYEE, as shown
in Figure 5.
Figure 5: Changing the name of the entity
At this point, you may wish to save and name your diagram to avoid loss should the system or
application crash.
Adding primary key columns
Once you have changed the name to EMPLOYEE, press the Tab key again to move the focus to the
next part of the Entity, adding a primary key attribute. Then type the name of the primary key
attribute, id, as shown in Figure 6.
Page | 53
Figure 6: Adding a primary key attribute
Press the Tab key one more time to bring the focus below the horizontal line in the Entity, where you
will add in a number of non-primary key attributes. Type fname, as shown in Figure 7. When you
have typed fname, press the Enter key (not Tab). Notice what happens. The cursor is now
positioned for you to add another attribute in this same portion of the Entity, the non-primary key
attribute portion. Type another attribute lname.
Page | 54
Figure 7: Adding non-primary key attributes
Make another entity, DEPARTMET with primary key dept_id and attributes name and city shown in
the Figure 8 below.
Figure 8: Employee and Department Entities
Page | 55
Creating Relationships
ERwin supports the creation of relationships with three basic kinds of connectivity: one-to-one,
one-to-many, and many-to-many. Within the one-to-many category, ERwin allows us to distinguish
between identifyingand non-identifying one-to-many relationships.
Q: What's the difference between identifying and non-identifying relationships?
• An identifying relationship is when the existence of a row in a child table depends on a row
in a parent table. This may be confusing because it's common practice these days to create a
pseudokey for a child table, but not make the foreign key to the parent part of the child's
primary key. Formally, the "right" way to do this is to make the foreign key part of the child's
primary key. But the logical relationship is that the child cannot exist without the parent.
Example: A Person has one or more phone numbers. If they had just one phone number, we could
simply store it in a column of Person. Since we want to support multiple phone numbers, we make a
second table PhoneNumbers, whose primary key includes the person_id referencing the Person table.
We may think of the phone number(s) as belonging to a person, even though they are modeled as
attributes of a separate table. This is a strong clue that this is an identifying relationship (even if we
don't literally include person_id in the primary key of PhoneNumbers).
• A non-identifying relationship is when the primary key attributes of the parent must
not become primary key attributes of the child. A good example of this is a lookup table,
such as a foreign key onPerson.state referencing the primary key of States.state. Person is a
child table with respect to States. But a row in Person is not identified by its state attribute.
I.e. state is not part of the primary key of Person.
A non-identifying relationship can be optional or mandatory, which means the foreign key column
allows NULL or disallows NULL, respectively.
One-to-many Relationships
An non-identifying relationship is created by clicking first on the non-identifying relationship icon (

). To create a non-identifying relationship, click first on this icon, then click on the parent entity
(on the one side of the relationship) and then click on the child entity (on the many side of the
relationship). In this case, you will click first on the non-identifying relationship icon, then on
DEPARTMENT, then on EMPLOYEE. The results are shown in Figure 9 below.
Page | 56
Figure 9: Anon-identifying relationship
Double-click on the relationship itself to bring up a dialog box in which we can further refine the
relationship definition. As shown in Figure 10 below.
Page | 57
Figure 10: Relationships definition
In the Relationship Cardinality portion of this window, we can determine how many child entity
occurrences may be associated with each parent entity occurrence.
You can further inquire about the functionality of Erwin By going though the guide provided in the
Lab folder.
Forward Engineering
When you have a physical data model, ERwin automatically generates the schema for the target
server as you build the model. Forward Engineering is the process that Erwin uses to transfer the
schema from the data model to the target server.Graphically shown in the Figure 11 below.
When you forward engineer a data model, you can choose to generate a script file, which you can
use to update the database using a database administration tool or you can forward engineer by
directly connecting to the database catalog. Either way, ERwin does the majority of work for you by
generating the script for your target server.
Page | 58
Figure 11: Model
Before you forward engineer, you can view the schema, which is a text-based representation of the
database objects that will be created in the database from the script. ERwin uses the data definition
language (DDL) for the target database to write the script. Each time you add an object or property
to your data model, Erwin automatically updates the script file to reflect the change to the data
model.
To Preview the Script File

1. From the File menu, choose Open and locate the .er1 file, which you saved in a previous
exercise.
2. When your .er1 opens, using the Model Type Indicator, switch to the Physical model. Then from
the Tools menu, choose Forward Engineer/Schema Generation.
3. When the Schema Generation dialog appears, click the Preview button at the bottom of the
dialog. The Schema Generation Preview dialog appears as shown in the figure 12 below.
Figure 12: Script File
4. When you are finished previewing the schema, click the Close button to return to the Schema
Generation dialog.
Page | 59
To Generate The Script File

1. In the Oracle Schema Generation dialog, click the Report button at the bottom of the dialog
shown in the figure 13 below.
Figure 13
2. In the Save As dialog, in the File Name box, type Mymodel.sqland click Save.
As shown in figure 14.
Figure 14
Reverse Engineering
When you have an existing database from which you want to create a data model, ERwin lets you
reverse engineer the database schema, which is converted by Erwin into a graphical representation of
the database structures. A graphical model of the process is shown below in the Figure 15. The
process of reverse engineering saves considerable time because ERwin does the work of creating the
data model directly from the database.
Page | 60
Figure 15: Reverse Engineering
Using The Reverse Engineer Wizard

1. From the Tools menu, choose Reverse Engineer shown in the Figure 16.
Figure 16
2. In the dialog, select Physical as the New Model Type, select Blank Physical Model as the
template, and SQL Server 2000 as the target database.
3. Then click Next. The Reverse Engineer Set Options dialog box appears as shown in Figure 17:
Page | 61
Figure 17
4. In Reverse Engineer From, select Script File and then click Browse to locate the My.sqlfile that
you saved in the previous exercise. For the purpose of this exercise, accept the default options in
the remaining areas of the dialog and then click Next.
5. You will see a small dialog with text that describes the database structures that ERwin is reverse
engineering. When the process ends, a new data model appears in the Diagram Windowas shown
in Figure 18.
Figure 18
Page | 62
6. From the File menu, choose Save and save this model as My ERwin Model.ER1. When asked if
you want to replace the existing file, click Yes.
InLab Task:
Using Erwin make the following ER diagram as shown in Figure 19:
Figure 19
Post Lab Questions:

1. Forward Engineer the data model you created for the inLab and save the SQL file that gets
generated.
2. Reverse Engineer the testscript.sql file lying in the Lab folder and save the data model that gets
generated.
References
• http://www.isqa.unomaha.edu/wolcott/tutorials/erwin/erwin.html
• http://stackoverflow.com/questions/762937/whats-the-difference-between-identifying-and-
non-identifying-relationships
Page | 63
EXPERIMENT 10
Building ASP.net web applications with Database Connectivity

Objective
• Learn creating DataBase Connectivity with ASP.Net Web Application
Create an ASP.net web application

Master pages allow you to create a consistent look and behavior for all the pages (or group of pages)
in your web application.
A master page provides a template for other pages, with shared layout and functionality. The master
page defines placeholders for the content, which can be overridden by content pages. The output
result is a combination of the master page and the content page.
The content pages contain the content you want to display.
When users request the content page, ASP.NET merges the pages to produce output that combines
the layout of the master page with the content of the content page.
For more info Visit
http://www.w3schools.com/aspnet/aspnet_masterpages.asp
http://msdn.microsoft.com/en-us/library/wtxbf3hh.ASPX
The following Exercise will demonstrate how to create and use Master Pages
1) Create a New Project in Visual Studio , Selecting ASP.Net Web Application and .Net
Framework 4 in middle Pane and Visual C# Web in left Pane
Name your project MyWebSite (follow figure 1)
Page | 64
Figure 1
2) Add Master Page in you Project, using Add New Item Option from Solution Explorer
(Follow Figure 2 and 3)
Name this Master Page asMyMasterPage.Master
Page | 65
Figure 2
Figure 3
Page | 66
3) Now we will add CSS file and images in our project that will be used in Styling MasterPage
The Web Template is downloaded from

http://all-free-download.com/free-website-templates/
You can also download template from this website for your Projects
The Template used for This Lab Exercise is
http://all-free-download.com/free-website-templates/snow_glass_215.html
Add The CSS files (MyCSSFile.CSS given in Resource Folder along with Manual) in your Project
using Add Existing Item as shown in Figure 4
Figure 4
Page | 67
After Adding CSS file create new Folder in your Project named Images using New Folder option
(As shown in Figure 5)
Figure 5
Now add all the images given in Resources\Images folder in this Images folder
(as shown in figure 6 and 7)
Page | 68
Figure 6
Figure 7
Page | 69
4) Now open MyMasterPage and Drag Drop Css file in Header (as shown in Figure 8)
Figure 8
After that Open the MasterPage_Body.txt file given in Resources and Copy All the contents ,
Replace everything inside the Body tags of MyMasterPage with this content as shown in the figure 9
Page | 70
Figure 9
Page | 71
5) Now we create Two Web Forms that will use the Master Pages.
Add New Web Form Using Master Page, Using Add New Item, Name this page as Home.aspx
As shown in figure 10 below
Figure 10
Choose MyMasterPage.Master from Selection Popup as shown in the figure 11
Figure 11
Page | 72
Similarly add another Web Form using Master Page in your Project, Name it Search.aspx
Confirm the Web Forms are added form solution Explorer as shown in figure 12
Figure 12
Execute your Project and see the result in Browser, Click on home and search and see the change in
Address bar as shown in figure 13
6)
Figure 13
Page | 73
You have successfully created a Master Page and used it in Home Page and Search Pages. Save you
work for the next exercise
Connect with database
The Next Exercise will show how to connect the web site with the SQL databases, and how to
Access the Data
1) First Open TheDataBaseQueries.Script file in resources, and execute it in SQL server, this
will create a New data base with name Lab10Exercise2
, an Items Table , and SearchItems Procedure , we will use the data from this table and result from
this procedure in our Web site
2) Use the Same Web Project in previous Exercise , Create a DataBase Conection String in
Web Config File
FORMAT OF CONNECTION STRING
<connectionStrings>
<addname="SQLDbConnection"
connectionString="Data Source=SQlServerName; Initial Catalog=YouDatabaseName; User
Id=userid; password= password"
providerName="System.Data.SqlClient" />
</connectionStrings>
More info about connection string

http://msdn.microsoft.com/en-us/library/jj653752%28v=vs.110%29.aspx
• Data Source means server name i.e. cactus, (local)
• Initial Catalog means database name which has your table, sp and views
• User Id means login name for database
• password means password for database
An Easy Way to get these values are from SQL server Connect to Server Window as Shown in
Figure 14
Page | 74
Figure 14
SAMPLE CONNECTION STRINGS

• Connection string with window authentication for local host
<connectionStrings>
<addname="sqlCon1"connectionString="Data Source=(local);Initial
Catalog=Lab10Excercise2;Integrated Security=True"
• Connection string with SQL server authentication for server name MYSQLSERVER
<connectionStrings>
<addname="sqlCon1"connectionString="Data Source=(local);Initial Catalog=Lab10Exercise2;User
ID=sa;password=123"
Add your Connection String in Web Config file as shown in figure 15
Page | 75
Figure 15
3) Creating DAL --- Data Access Layer, to get Data from SQL
Create New Folder in your Project Named DAL, in this folder Add New Item of type Class and
Name it myDAL as shown in figure 16
Figure 16
Page | 76
4) open the myDal.cs file and Add the Reference to Connection String plus , Name Spaces for
SQL and DataSets as shown in figure 17
privatestaticreadonlystringconnString =
System.Configuration.ConfigurationManager.ConnectionStrings["sqlCon1"].ConnectionString;
Figure 17
5) Now Create the a function in myDal Class that will perform a simple select * from Itemquery
on Database and get the result set
Copy paste the function SelectItem() from Function_SelectItems.Txt file as shown in figure 18
Page | 77
Figure 18
Page | 78
6) Using SelectItems() function to Displaying the result set
Now we display the DataSet returned from SelectItem() on Home page as shown in figure 19
Figure 19
You can see that the Grid Already look like a table , all you need to do is fill the values in it from
your Query
The contents of Grid are changes from Server Side Aspx.csfile,open your Home.aspx.cs file , modify
it (changes are given In Home_aspx_CS.txt file) as shown in the figure 20
Page | 79
Figure 20
Execute your Project, and if everything goes right, the Home page should be as shown in the figure
21:
Page | 80
You have successfully

used The Result of a
simple Query on your
Website!
Figure 21
Using SQL procedures in Asp.Net
So far we have used a Table form result set of a simple query and displayed on our web site, the
following Exercise will show how to call SQL procedures from ASP.net, how to pass them input
parameters and how to get output parameters and result sets from SQL procedures
We have already create a Web Form Names Search.aspx in our Web Project and SearchItem SQL
procedure, Now we will add search Functionality on our page, by getting the Item Name from user
and querying the database for that item using SearchItemsqL Procedure, the procedure will return
the dataset and output found =1 if any item with that name exists, and if no item is found for that
Item it will output Found = 0.
Open Search.aspx page and modify the Code, (Adding Text box and Button and a Grid to
show the result of search)
Code given in file Search_Aspx.txt
It will look like the figure 22 shown below
Page | 81
Figure 22
Open myDal.cs file and Add SearchItems() function in it (code given in Function_Searchitems.Txt
file) as shown in figure 23
Page | 82
Figure 23
Use this new Function SearchItem() in Server Side Search.aspx.cs

Open Search.aspx.cs file and modify it as shown in figure 24 (code given in Search_Aspx_CS.txt
file)
Page | 83
Figure 24
Execute your project. Type Soap in Text box and Click Search, following results should appear
As in the figure 25
Figure 25
Now Type some random string in Test box and Click Search, Following Results Should Appear
As in the figure 26
Page | 84
Figure 26
Post Lab Questions
Make another webpage with search bar in it. It displays only the item with quantity greater than 5
otherwise it should display ‘Out of stock’.
Page | 85
EXPERIMENT 11
ASP.net Updation/Deletion via GridView Control and Insertion

Objective
• Familiarize you with Delete through Grid View and Insert via ASP.net web form.
Delete via GridView

As in the last lab we used the Grid Views to display the data from an SQL table , The Grid View can
also be used to delete data from that table , following exercise will demonstrate how to:
1) (If not done in last lab) Create a Data base named <your rollnumber>
2) (If not done in last lab)Create a table named Items and insert values in it using following
queries
Figure 1 s shown for correspondence
--Create table
Create table items
(ItemNo int,
ItemName varchar(15),
TotalUnits int
)
go
--insert values
Insert into items
values
(1,'Soap', 10 )
,(2,'Handwash', 20)
,(3,'Shampoo',5)
go
Figure 1
3) Now Create the following procedure to Delete the Item from Items table , we will call this
procedure from asp.net to delete tuples from Items table as shown in figure 2
CreatePROCEDURE [dbo].[deleteItem]
@ID int
AS
BEGIN
SETNOCOUNTON;
DELETEFROM Items WHERE ItemNo = @ID
Figure 2
Page | 86
4) Now in Visual Studio Create a New web project using settings as show in Figure 3
Figure 3
5) Follow the Steps of last manual to create a Master Page (briefed as follows)
• Add The CSS files (MyCSSFile.CSS given in Resource Folder along with Manual) in your
Project using Add Existing Item
• Create new Folder named Images and add all the images given in Resource/Images
• Add Master Page in you Project , using Add New Item Option from Solution Explorer Name
this Master Page as MyMasterPage.Master
• Drag and Drop CSS file in header tag of Master Page, After that Open the
MasterPage_Body.txt file given in Resources and Copy All the contents , Replace everything
inside the Body tags of MyMasterPage with this content
6) Open your Web Config file and add connectivity String in it (as done in last lab, consult
lab11 Manual for details). Change the Initial Catalog to <your rollnumber> (your current
DB) for this exercise
7) Create DAL folder and add new myDAL.cs file in it (as shown in figure 4)
Page | 87
Figure 4
8) Open the myDal.cs file and Add the Reference to Connection String plus, Name Spaces for
SQL and DataSets as shown in figure 5
Using System.Data;
Using System.Data.SqlClient;
Private static readonly string connString =

System.Configuration.ConfigurationManager.ConnectionStrings["sqlCon1"].ConnectionString;
Figure 5
Page | 88
9) Copy Paste following 2 functions SelectItem() and DeleteItem() in myDal.cs file (ass hown
in figure 6)
publicDataSetSelectItem() //to get the values of all the items from table Items and return
the Dataset
{
DataSet ds = new DataSet(); //declare and instantiate new dataset

SqlConnection con = new SqlConnection(connString); //declare and instantiate new SQL
connection
con.Open(); // open sql Connection
SqlCommandcmd;
try
{
cmd = new SqlCommand("Select * from Items", con); //instantiate SQL command
cmd.CommandType = CommandType.Text; //set type of sqL Command
using (SqlDataAdapter da = newSqlDataAdapter(cmd))
{
da.Fill(ds); //Add the result set returned from SQLCommand to ds
}
}
catch (SqlException ex)
{Console.WriteLine("SQL Error" + ex.Message.ToString()); }
finally
{con.Close(); }
return ds; //return the dataset
}
//////////////////////////////////////////////////////
publicintDeleteItem(int id)
{
SqlConnection con = newSqlConnection(connString);
con.Open();
SqlCommandcmd;
int result = 0;
try
{
cmd = newSqlCommand("deleteItem", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@ID", SqlDbType.Int).Value = id;
result = cmd.ExecuteNonQuery();
}
{ Console.WriteLine("SQL Error" + ex.Message.ToString());
}
finally
{ con.Close();
Figure 6
Page | 89
Deletion in GridView
10) Add New Grid in your home.aspx page with ID ItemGrid , Click the Forward Arrow button
and Select Edit Columns as shown in figure 7
Figure 7
The following popup will appear, Expand CommandFieldandAddEdit Update, Cancel and Delete
and click OK as shown in figure 8 below
Figure 8
Page | 90
11) Your Grid will have 2 new columns now
Keep the Grid selected and go to its properties, click on Small Lightening Icon, and Change the
Value of Column Row Deleting to ItemGrid_RowDeletingas shown in figure 9
Figure 9
12) Open the Home.aspx.cs file and replace pageload() function with the code given below
protectedvoidPage_Load(object sender, EventArgs e)

{
LoadGrid(); // fill the grid every time page loads
And add two functions LoadGrid() and ItemGrid_RowDeleting and add the code given below.
Page | 91
publicvoidLoadGrid()
{
myDALobjMyDal = new myDAL();
ItemGrid.DataSource = objMyDal.SelectItem();//seting data source for this Grid
ItemGrid.DataBind(); //bind the data source to this grid
}// end of loadgrid
Protected voidItemGrid_RowDeleting(object sender, GridViewDeleteEventArgs e)

{
GridViewRow row = ItemGrid.Rows[e.RowIndex];
intItemID = Convert.ToInt32(row.Cells[2].Text.ToString());
int result = objMyDal.DeleteItem(ItemID);
if (result == -1)
{
ItemGrid.DataSource = objMyDal.SelectItem();
ItemGrid.DataBind();
}
else
{
string message = "No row deleted";
ClientScript.RegisterOnSubmitStatement(this.GetType(), "alert",
message.ToString());
}
Now execute your project, following results should appear in browser as shown below in figure 10
Figure 10
On Clicking Delete, the corresponding row will delete (check from SQL server as well)
Refer to figure 11
Page | 92
Figure 11
Perform Updation via GridView Control

Step1:
First we will add the following code in Home.aspx page under the “<Columns>” tag of GridView
we created earlier as shown below
<Columns>
<asp:CommandFieldShowEditButton="True"/>
<asp:CommandFieldShowDeleteButton="True"/>
<asp:TemplateFieldHeaderText="ItemNo" HeaderStyle-HorizontalAlign="Left">
<EditItemTemplate>
<asp:LabelID="txtItemNo"runat="server"Text='<%# Bind("ItemNo") %>'></asp:Label>
</EditItemTemplate>
<ItemTemplate>
<asp:LabelID="lblItemNo"runat="server"Text='<%# Bind("ItemNo") %>'></asp:Label>
</ItemTemplate>
<HeaderStyleHorizontalAlign="Left"></HeaderStyle>
</asp:TemplateField>
<asp:TemplateFieldHeaderText="ItemName"HeaderStyle-HorizontalAlign="Left">
<EditItemTemplate>
<asp:TextBoxID="txtItemName"runat="server"Text='<%# Bind("ItemName")
%>'></asp:TextBox>
</EditItemTemplate>
<ItemTemplate>
<asp:LabelID="lblItemName"runat="server"Text='<%# Bind("ItemName") %>'></asp:Label>
</ItemTemplate>
<asp:TemplateFieldHeaderText="TotalUnits"HeaderStyle-HorizontalAlign="Left">
<EditItemTemplate>
<asp:TextBoxID="txtTotalUnits"runat="server"Text='<%# Bind("TotalUnits")
%>'></asp:TextBox>
Page | 93
</EditItemTemplate>
<ItemTemplate>
<asp:LabelID="lblTotalUnits"runat="server"Text='<%# Bind("TotalUnits")
%>'></asp:Label>
</ItemTemplate>
</Columns>
Figure 14
Now set the “EnableViewState” and “AutoGenerateColumns” properties of the Grid View as
follows in the figure 12
Figure 12
Step2:
Now we will set up all the events in our .aspx page which we will require for implementing Edit
functionality as shown in the following figure 13:
Page | 94
Figure 13
Step3:
Now we are set to move to the BLL (Business Logic layer)of this page which is the Home.aspx.cs.
There we will implement all the above create event handling functions.
Replace the Page_Load() function with the following function shown below :
Protected void Page_Load(object sender, EventArgs e)

{ LoadGrid();
}
Following are the functions which you have to copy/paste as well against all the event handling
definitions created above a shown below
Public void LoadGrid()
{myDAL md = new myDAL();
ItemGrid.DataSource = md.SelectItem();
ItemGrid.DataBind();
}
ProtectedvoidItemGrid_RowUpdating(object sender, GridViewUpdateEventArgs e)
{
GridViewRow row = (GridViewRow)ItemGrid.Rows[e.RowIndex];
//==== getting the value from the respective controls=====
LabelitemNo = (Label)ItemGrid.Rows[e.RowIndex].FindControl("txtItemNo");
Page | 95
TextBoxItemName = (TextBox)ItemGrid.Rows[e.RowIndex].FindControl("txtItemName");
TextBoxTotalUnits = (TextBox)ItemGrid.Rows[e.RowIndex].FindControl("txtTotalUnits");
//========================================================
intitemNoValue = Convert.ToInt32(itemNo.Text.ToString());
stringitemNameValue = ItemName.Text.ToString();
inttotalUnits = Convert.ToInt32(TotalUnits.Text.ToString());
//=====updating the newly entered values in database====

myDALobjMyDal = newmyDAL();
objMyDal.UpdateItem(itemNoValue, totalUnits, itemNameValue);
//======================================================
ItemGrid.EditIndex = -1;
LoadGrid();
}
ProtectedvoidItemGrid_RowCancellingEdit(object sender, GridViewCancelEditEventArgs e)

{
ItemGrid.EditIndex = -1;
LoadGrid();
}
ProtectedvoidItemGrid_RowEditing(object sender, GridViewEditEventArgs e)

{
ItemGrid.EditIndex = e.NewEditIndex;
LoadGrid();
}
Step 4:
Now moving on to the DAL layer of our application, we will have to create function for Update/Edit
functionality. For that copy paste the following function in to you myDAL.cs file.
publicintUpdateItem(int id, inttotalUnits, stringitemName)

{
SqlConnection con = newSqlConnection(connString);
con.Open();
SqlCommandcmd;
int result = 0;
try
{
cmd = newSqlCommand("UpdateItem", con);
cmd.Parameters.Add("@itemNo", SqlDbType.Int).Value = id;
cmd.Parameters.Add("@itemname", SqlDbType.VarChar).Value = itemName;
cmd.Parameters.Add("@totalUnits", SqlDbType.Int).Value = totalUnits;
}
{
Console.WriteLine("SQL Error" + ex.Message.ToString());
}
finally {
con.Close();
Page | 96
}
return result;
}
Step 5:
Now before executing the application, execute the below script on your database so that the required
procedure for editing functionality is created as shown below.
CREATEPROCEDURE [dbo].[UpdateItem]
@itemNo int, @itemname varchar(100), @totalUnits int
AS
BEGIN SETNOCOUNTON;
Update items set ItemName=@itemname, TotalUnits=@totalUnits
where ItemNo=@itemno;
END
Perform insertion
1) Change the Home.aspx page to look as follows: (Don’t execute now. Use split view )
as shown in figure 14.
Figure 14
Please ensure that the ID property of the three text fields are set asTxtItmNo , TxtItmName and
TxtUnitsrespectively.
On click of the “Add New Item” button copy the following code in Home.aspx.cs as given below
(shows error on insert)
Page | 97
protectedvoidinsrtItem_Click(object sender, EventArgs e)

{
intitemNoValue = Convert.ToInt32(TxtItmNo.Text.ToString());
stringitemNameValue = TxtItmName.Text.ToString();
inttotalUnits = Convert.ToInt32(TxtUnits.Text.ToString());
//=====updating the newly entered values in database====

objMyDal.insertItem(itemNoValue, totalUnits, itemNameValue);
LoadGrid();
}
In myDAL.cs file Add the following function:
publicintinsertItem(int id, inttotalUnits, stringitemName)

{
SqlConnection con = new SqlConnection(connString);
con.Open();
SqlCommandcmd;
int result = 0;
try
{
cmd = new SqlCommand("InsertItem", con);
cmd.Parameters.Add("@itemNo", SqlDbType.Int).Value = id;
cmd.Parameters.Add("@itemname", SqlDbType.VarChar).Value = itemName;
cmd.Parameters.Add("@totalUnits", SqlDbType.Int).Value = totalUnits;
}
{
Console.WriteLine("SQL Error" + ex.Message.ToString());
}
finally
{
con.Close();
}
return result;
}//end of insert function
Page | 98
Create the following procedure in SQL Server 2014as shown .

CREATE PROCEDURE [dbo].[InsertItem]
@itemNoint,
@itemnamevarchar(100),
@totalUnitsint
AS
BEGIN
SET NOCOUNT ON;
insert into items values(@itemno, @itemname, @totalUnits );
END
Build and run your project. On giving the values and clicking the “Add New Item” button a
new item should get inserted as shown in figure 15.
Figure 15
Post Lab Questions
Make another page which has a search bar in it. The searched item can be updated/deleted.
Page | 99
EXPERIMENT 12
ASP.net Passing values across webpages and SQL Injection
Objective
• Familiarize you with how values can be passed across webpages

• Introduce you to SQL injection.
Ways of passing values between ASP.net pages

There are number of ways to transfer values between asp pages
1) Query String
2) Session Variable
3) Application Variable
4) Cookies
and number of others
Below are references which will explain how to transfer values with examples:
http://msdn.microsoft.com/en-us/library/6c3yckfw%28v=vs.100%29.aspx
http://www.codeproject.com/Articles/8055/Transferring-page-values-to-another-page
http://www.codeproject.com/Articles/8350/Passing-information-between-pages-The-NET-way
http://www.codeproject.com/Articles/5876/Passing-variables-between-pages-using-QueryString
Transfer values across ASP.net pages using querystring

In your asp.net project (you can use the one, created in Lab10). Add 2 new webforms named
Login.aspx and Profile.aspx
In Login.aspx, Add the following code within asp:content tag with id=content2 as shown below.
<asp:ContentID="Content2"ContentPlaceHolderID="ContentPlaceHolder1"runat="server">
User:
<asp:TextBoxID="txtusrname"runat="server"></asp:TextBox>
<br/>
Password:
<asp:TextBoxID="txtpassword"runat="server"TextMode="Password"></asp:TextBox>
<br/>
<asp:ButtonID="submit"runat="server"Text="submit"onclick="submit_Click"/>
</asp:Content>
Page | 100
In Login.aspx.cs file Add the following code in the submit_Click method

as shown below.
protectedvoidsubmit_Click(object sender, EventArgs e)
{
Response.Redirect("Profile.aspx?Name="+txtusrname.Text+"&pwd="+txtpassw
ord.Text);
}
In Profile.aspx page add a label within the appropriate asp:content tag, as shown
<asp:ContentID="Content2"ContentPlaceHolderID="ContentPlaceHolder1"runat="server">
<asp:LabelID="lblUserName"runat="server"Text="Label"></asp:Label>
</asp:Content>
In Profile.aspx.cs file add the following code as shown
ProtectedvoidPage_Load(object sender, EventArgs e)

{
lblUserName.Text=Request.QueryString["Name"];
}
Build and run your Login.aspx page and see what happens on clicking the submit button.
Page | 101
Grid Transfer value

This is a simple example of how to transfer value from grid to other aspx page
Homepage.aspx looks like this in browseras shown in figure 1.
Figure 1
When clicked on Buy it of first row, the ShoppingPage.aspx look like thisas shown in figure 2.
Figure 2
The code ofHomepage.aspx look like thisas shown in figure 3.

Page | 102
Figure 3
While on server side of shoppingPage.aspx we can decode query string in such way as described below in figure 4
Figure 4
The second method: if you want to transfer value of grid row and other controls too like customer name and credit
card number, you have to use template field property of gridas shown in figure 5.
Page | 103
Figure 5
Add the following templatefield before ItemNo template field in Home.aspx page made in last lab as
shown in figure 6.
<asp:TemplateField>
<ItemTemplate>
<asp:HyperLinkID="h1details"Text="Details"runat="server"
NavigateUrl='<%# "Default.aspx?ItemName="+Eval("ItemName")+"&Qty="+Eval("TotalUnits")%>'/>
</ItemTemplate>
Page | 104
Figure 6
In Default.aspx Add the following two labels as shown in figure 7.

<asp:LabelID="lbItemName"runat="server"></asp:Label>
<br/>
<asp:LabelID="lbQty"runat="server"></asp:Label>
Figure 7
In page load method of Default.aspx.cs add the following code

lbItemName.Text = Request.QueryString["ItemName"];
lbQty.Text = Request.QueryString["Qty"];
Buid and run your Home.aspx and see what happens on clicking the Details link present in the
gridview
SQL Injection
A SQL Injection attack is a form of attack that comes from user input that has not been checked to
see that it is valid. The objective is to fool the database system into running malicious code that will
reveal sensitive information or otherwise compromise the server.
Page | 105
There are two main types of attacks. First-order attacks are when the attacker receives the desired
result immediately, either by direct response from the application they are interacting with or some
other response mechanism, such as email. Second-order attacks are when the attacker injects some
data that will reside in the database, but the payload will not be immediately activated. We will
discuss each in more detail later in this article.
An example of what an attacker might do
In the following example, assume that a web site is being used to mount an attack on the database. If
you think about a typical SQL statement, you might think of something like:
SELECT ProductName, QuantityPerUnit, UnitPrice

FROM Products
WHERE ProductName LIKE 'G%'
The objective of the attacker is to inject their own SQL into the statement that the application will
use to query the database. If, for instance, the above query was generated from a search feature on a
web site, then they user may have inserted the "G" as their query. If the server side code then inserts
the user input directly into the SQL statement, it might look like this:
stringsql = "SELECT ProductName, QuantityPerUnit, UnitPrice "+

"FROM Products " +
"WHERE ProductName LIKE '"+this.search.Text+"%';
SqlDataAdapter da = new SqlDataAdapter(sql, DbCommand);
da.Fill(productDataSet);
This is all fine if the data is valid, but what if the user types something
unexpected? What happens if the user types:
' UNION SELECT name, type, id FROM sysobjects;--
Note the initial apostrophe; it closes the opening quote in the original SQL statement. Also, note the
two dashes at the end; that starts a comment, which means that anything left in the original SQL
statement is ignored.
Now, when the attacker views the page that was meant to list the products the user has searched for,
they get a list of all the names of all the objects in the database and the type of object that they are.
From this list, the attacker can see that there is a table called Users. If they take note of the id for the
Users table, they could then inject the following:
' UNION SELECT name, '', length FROM syscolumns WHERE id = 1845581613;--
This would give them a list of the column names in the Users table. Now they have enough
information to get access to a list of users, passwords, and if they have admin privileges on the web
site.
' UNION SELECT UserName, Password, IsAdmin FROM Users;--
Page | 106
Assume that there is a table called Users which has columns called UserName and Password, it is
possible to union that with the original query and the results will be interpreted as if the UserName
was the name of the product and the Password was the quantity per unit. Finally, because the
attacker discovered that there is aIsAdmin column, they are likely to retrieve the information in that
too.
Solution of SQL Injection Attack .net?

From server side you can use this method
string surname = this.surnameTb.Text.Replace("'", "''");

string sql = "Update Users SET Surname='"+surname+"' "+
"WHERE id="+userID;
from client side you can use this method by using JavaScript validation
include JavaScript file in solution or embed same JavaScript code in your aspx
page
Example of sql injection protection is shared with you in SQL-INJECTION SAMPLE-Login.aspx
<asp:Button ID="BtnLogin" runat="server" Text="Login"

onclick="BtnLogin_Click" OnClientClick= "javascript: return
validation(); " />
<script type="text/javascript">
function validation() {
var username = document.getElementById('<%=TextBoxUserName.ClientID
%>').value;
var password = document.getElementById('<%=TextBoxPassword.ClientID
%>').value;
if (username.search("'") >= 0 || username.search("--") >= 0) // sql

injection characters
{
alert('Please Enter Username');
return false;
}
else
{
if (password.search("'") >= 0 || password.search("--") >= 0)
{
alert('Please Enter Password');
return false;
}
return true;
}
Page | 107
}
</script>
Use this link as ref:
http://msdn.microsoft.com/en-us/library/ms161953%28SQL.105%29.aspx
http://msdn.microsoft.com/en-us/library/ff648339.aspx
Post Lab Questions: Create a login page which allows only the administrator to login into website.
Ensure safety against SQL injection.
Page | 108
APPENDIX A: LAB EVALUATION CRITERIA
Labs with projects

1. Experiments and their report 50%
a. Experiment 60%
b. Lab report 40%
2. Quizzes (3-4) 15%
3. Final evaluation 35%
a. ProjectImplementation 60%
b. Project report and quiz 40%
Labs without projects

1. Experiments and their report 50%
a. Experiment 60%
b. Lab report 40%
2. Quizzes (3-4) 20%
3. Final Evaluation 30%
i. Experiment 60%
ii. Lab report, pre and post
experiment quiz 40%
Notice:
Copying and plagiarism of lab reports is a serious academic misconduct. First instance of copying
may entail ZERO in that experiment. Second instance of copying may be reported to DC. This may
result in awarding FAIL in the lab course.
Page | 109
Appendix B: Safety around Electricity

In all the Electrical Engineering (EE) labs, with an aim to prevent any unforeseen accidents during
conduct of lab experiments, following preventive measures and safe practices shall be adopted:
• Remember that the voltage of the electricity and the available electrical current in EE labs
has enough power to cause death/injury by electrocution. It is around 50V/10 mA that the
“cannot let go” level is reached. “The key to survival is to decrease our exposure to energized
circuits.”
• If a person touches an energized bare wire or faulty equipment while grounded, electricity
will instantly pass through the body to the ground, causing a harmful, potentially fatal, shock.
• Each circuit must be protected by a fuse or circuit breaker that will blow or “trip” when its
safe carrying capacity is surpassed. If a fuse blows or circuit breaker trips repeatedly while in
normal use (not overloaded), check for shorts and other faults in the line or devices. Do not
resume use until the trouble is fixed.
• It is hazardous to overload electrical circuits by using extension cords and multi-plug outlets.
Use extension cords only when necessary and make sure they are heavy enough for the job.
Avoid creating an “octopus” by inserting several plugs into a multi-plug outlet connected to a
single wall outlet. Extension cords should ONLY be used on a temporary basis in situations
where fixed wiring is not feasible.
• Dimmed lights, reduced output from heaters and poor monitor pictures are all symptoms of
an overloaded circuit. Keep the total load at any one time safely below maximum capacity.
• If wires are exposed, they may cause a shock to a person who comes into contact with them.
Cords should not be hung on nails, run over or wrapped around objects, knotted or twisted.
This may break the wire or insulation. Short circuits are usually caused by bare wires
touching due to breakdown of insulation. Electrical tape or any other kind of tape is not
adequate for insulation!
• Electrical cords should be examined visually before use for external defects such as: Fraying
(worn out) and exposed wiring, loose parts, deformed or missing parts, damage to outer
jacket or insulation, evidence of internal damage such as pinched or crushed outer jacket. If
any defects are found the electric cords should be removed from service immediately.
• Pull the plug not the cord. Pulling the cord could break a wire, causing a short circuit.
• Plug your heavy current consuming or any other large appliances into an outlet that is not
shared with other appliances. Do not tamper with fuses as this is a potential fire hazard. Do
not overload circuits as this may cause the wires to heat and ignite insulation or other
combustibles.
• Keep lab equipment properly cleaned and maintained.
• Ensure lamps are free from contact with flammable material. Always use lights bulbs with
the recommended wattage for your lamp and equipment.
• Be aware of the odor of burning plastic or wire.
• ALWAYS follow the manufacturer recommendations when using or installing new lab
equipment. Wiring installations should always be made by a licensed electrician or other
qualified person. All electrical lab equipment should have the label of a testing laboratory.
• Be aware of missing ground prong and outlet cover, pinched wires, damaged casings on
electrical outlets.
Page | 110
• Inform Lab engineer / Lab assistant of any failure of safety preventive measures and safe
practices as soon you notice it. Be alert and proceed with caution at all times in the
laboratory.
• Conduct yourself in a responsible manner at all times in the EE Labs.
• Follow all written and verbal instructions carefully. If you do not understand a direction or
part of a procedure, ASK YOUR LAB ENGINEER / LAB ASSISTANT BEFORE
PROCEEDING WITH THE ACTIVITY.
• Never work alone in the laboratory. No student may work in EE Labs without the presence
of the Lab engineer / Lab assistant.
• Perform only those experiments authorized by your teacher. Carefully follow all
instructions, both written and oral. Unauthorized experiments are not allowed.
• Be prepared for your work in the EE Labs. Read all procedures thoroughly before entering
the laboratory. Never fool around in the laboratory. Horseplay, practical jokes, and pranks
are dangerous and prohibited.
• Always work in a well-ventilated area.
• Observe good housekeeping practices. Work areas should be kept clean and tidy at all times.
• Experiments must be personally monitored at all times. Do not wander around the room,
distract other students, startle other students or interfere with the laboratory experiments of
others.
• Dress properly during a laboratory activity. Long hair, dangling jewelry, and loose or baggy
clothing are a hazard in the laboratory. Long hair must be tied back, and dangling jewelry
and baggy clothing must be secured. Shoes must completely cover the foot.
• Know the locations and operating procedures of all safety equipment including fire
extinguisher. Know what to do if there is a fire during a lab period; “Turn off equipment, if
possible and exit EE lab immediately.”
Page | 111
Appendix C:Guidelines on Preparing Lab Reports

Each student will maintain a lab notebook for each lab course. He will write a report for each
experiment he performs in his notebook. A format has been developed for writing these lab reports.
Separate formats are devised for hardware and programming stream labs.
Programming Stream Lab Report Format
For programming streams, the format of the report will be as given below:
1. Introduction: Introduce the new constructs/ commands being used, and their significance.
2. Objective: What are the learning goals of the experiment?
3. Design: If applicable, draw the flow chart for the program. How do the new constructs
facilitate achievement of the objectives; if possible, a comparison in terms of efficacy and
computational tractability with the alternate constructs?
4. Issues: The bugs encountered and the way they were removed.
5. Conclusions: What conclusions can be drawn from experiment?
6. Application: Suggest a real world application where this exercise may apply.
7. Answers to post lab questions (if any).
Sample Lab Report for Programming Labs
Introduction
The ability to control the flow of the program, letting it make decisions on what code to execute, is
important to the programmer. The if-else statement allows the programmer to control if a program
enters a section of code or not based on whether a given condition is true or false. If-else statements
control conditional branching.
if ( expression )
statement1
else
statement2
If the value of expression is nonzero, statement1 is executed. If the optional else is present,
statement2 is executed if the value of expression is zero. In this lab, we use this construct to select an
action based upon the user's input, or a predefined parameter.
Page | 112
Objective:
To use if-else statements for facilitation of programming objectives: A palindrome is a number or a

text phrase that reads the same backward as forward. For example, each of the following five-digit
integers is a palindrome: 12321, 55555, 45554 and 11611. We have written a C++ program that
reads in a five-digit integer and determines whether it is a palindrome.
Design:
The objective was achieved with the following code:
#include<iostream>
usingnamespacestd;
intmain()
{
inti,temp,d,revrs=0;
cout<<"enter the number to check :";

cin>>i;
temp=i;
while(temp>0)
{
d=temp%10;
temp/=10;
revrs=revrs*10+d;
}
if(revrs==i)
cout<<i<<" is palindorme";
else
cout<<i<<" is not palindrome";
}
}
Screen shots of the output for various inputs are shown in Figure 1:
Page | 113
Fig.1. Screen shot of the output
The conditional statement made this implementation possible; without conditional branching, it is
not possible to achieve this objective.
Issues:
Encountered bugs and issues; how were they identified and resolved.
Conclusions:
The output indicates correct execution of the code.
Applications:
If-else statements are a basic construct for programming to handle decisions.
Page | 114

DB - LabManual - Withproject - Fall 2019 PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

DB - LabManual - Withproject - Fall 2019 PDF

Hochgeladen von

Copyright:

Verfügbare Formate

CL-213

Fundamentals of Database Systems

DEPARTMENT OF ELECTRICAL ENGINEERING,

Created by: Ms. ShaziaHaque

Date: 10thJuly, 2014

Last Updated by: Ms. ShaziaHaque

Date: August, 2019

Approved by the HoD: Dr. S.M.Sajid

Date: August, 2016

2 Experiment No. 01, Introduction to HTML 05

3 Experiment No. 02, Cascading Style Sheets and JavaScript 11

4 Experiment No. 03, Introduction to SQL Server 2008 DBMS 17

5 Experiment No. 04, Introduction to SQL and DDL 26

6 Experiment No. 05, Introduction to SQL DML 31

7 Experiment No. 06, Advanced SQL 36

8 Experiment No. 07, Views and Stored procedures 39

9 Experiment No. 08, Triggers 45

10 Experiment No. 09, Introduction to Erwin Data Modeling tool 50

Experiment No. 10, Building ASP.net web applications with Database

14 Appendix A, Lab Evaluation Criteria 109

15 Appendix B, Safety around Electricity 110

16 Appendix C, Guidelines on preparing Lab Reports 112

2 Visual Studio 2012C# (software)

3 Erwin data modeling tool (software)

4 Microsoft SQL Server 2014 (software)

• Introduction to HTML language.

HTML is a language for describing web pages.

• HTML stands for Hyper Text Markup Language

HTML markup tags are usually called HTML tags

• An HTML element starts with a start tag / opening tag

Some other HTML formatting tags are given in Figure 2 below.

<imgsrc="temp.jpg" width="250" height="142" />

1. To create a link to another document, by using the href attribute

2. To create a bookmark inside a document, by using the name attribute

<a href="http://www.google.com">This is a link</a>

The target attribute specifies where to open the linked document.

Using Images as HTML Links

Linking Within a Single Page

<a href="#top">Back to the Top</a>

Tables are defined with the <table> tag.

Header information in a table are defined with the <th> tag.

Exercise 1: Create a first page “firstpage.html” as shown in Figure3 below

Post Lab Questions

At the end of this lab you will be able to

• Create CSS style sheet and Apply CSS

Why we needed CSS?

The selector is normally the HTML element you want to style.

Class Selector Syntax

How to apply CSS

External Style sheet

Internal Style sheet

Exercise 1: Practice applying CSS to HTML pages

How to apply JavaScript

There are two ways of inserting JavaScript:

Exercise 2: Practice JavaScript

GUI should be like this

Exercise 3: Practice CSS and JavaScript

Default Setting (When the page is loaded)

On Validate button you need to do the following:

Post lab Questions

Add the following feature in your exercise 3.

On Reset button you need to do the following:

• Familiarize studentswith SQL Server 2008 that is anRDMS by Microsoft