Update references and code from MySQL to PostgreSQL (#59)

Author: stasel

databases/README.md

@@ -85,7 +85,7 @@ console.log(musicians[0]); // prints: 'John Coltrane'
 
 While this JavaScript database is a nice and simple example, it doesn't persist the data for the next day.
 
-In this module you will focus primarily on persisting databases, in particular the relational database MySQL.
+In this module you will focus primarily on persisting databases, in particular the relational database PostgreSQL.
 
 To learn more, check out the following resources:
 

databases/sql/README.md

@@ -2,49 +2,49 @@
 
 SQL (Structured Query Language) is a programming language used for managing the data that is stored in a DBMS (DataBase Management System). The `Query` part in SQL refers to the act of "asking a database" for a certain type of information; you are `querying the database`.
 
-There are several implementations (software) of DBMS. Each software provides its own query language. For this course, you will learn [MySQL](https://www.mysql.com/).
+There are several implementations (software) of DBMS. Each software provides its own query language. For this course, you will learn [PostgreSQL](https://www.postgresql.org/).
 
 To learn more, check out the following:
 
 {% hyf-youtube src="https://www.youtube.com/watch?v=kqUIoOM3WEs" %}
 
 ## What are data types (as applied to databases)?
 
-When you store data in MySQL, each datum (singular of the word data) needs to be associated with its type.
+When you store data in PostgreSQL, each datum (singular of the word data) needs to be associated with its type.
 
 For example numbers like 42, 1636 or -345 are all associated with the type `int`.
 
-The following is a list of the most frequently used data types.
+The following is a list of the most frequently used PostgreSQL data types.
 
-| Type       | Description                                   | Example Value             |
-| ---------- | --------------------------------------------- | ------------------------- |
-| int        | Numbers                                       | 42                        |
-| float      | Decimal numbers                               | 3.14                      |
-| varchar(N) | String with variable maximum of N characters  | "Dragon"                  |
-| text       | String with fixed maximum of 65535 characters | "Positive"                |
-| datetime   | Store date and time without timezone          | `2019-01-01 22:10:23`     |
-| timestamp  | Store date with timezone (e.g. last login)    | `2019-01-01 22:10:23 UTC` |
-| BLOB       | Store binary files                            | an image                  |
+| Type          | Description                                   | Example Value             |
+| ------------- | --------------------------------------------- | ------------------------- |
+| INTEGER       | Numbers                                       | 42                        |
+| REAL          | Decimal numbers                               | 3.14                      |
+| VARCHAR(N)    | String with variable maximum of N characters  | 'Dragon'                  |
+| TEXT          | String with unlimited length                  | 'Positive'                |
+| TIMESTAMP     | Store date and time without timezone          | `2019-01-01 22:10:23`     |
+| TIMESTAMPTZ   | Store date with timezone (e.g. last login)    | `2019-01-01 22:10:23+00`  |
+| BYTEA         | Store binary data                             | an image                  |
 
-There are many more data types. You can read about them [here](https://www.w3resource.com/mysql/mysql-data-types.php).
+There are many more data types. You can read about them [here](https://www.postgresql.org/docs/current/datatype.html).
 
 For a video explanation of the above table have a look at:
 
-{% hyf-youtube src="https://www.youtube.com/watch?v=PT2GXYs9FEY" %}
+{% hyf-youtube src="https://www.youtube.com/watch?v=HnnPgdL0snI" %}
 
 ## How to use SQL to Create, Read, Update and Delete (CRUD)
 
-With the knowledge of all the datatypes, you can now create tables that contain the data with these datatypes.
+With the knowledge of all the data types, you can now create tables that contain the data with these data types.
 
-Tables contain columns and columns have datatypes. For example, in a column with names of students, you cannot have numbers.
+Tables contain columns and columns have data types. For example, in a column with names of students, you cannot have numbers.
 
-- MySQL provides a `CREATE TABLE` statement that creates a table with columns. You can choose the table name, column names but you have to choose the pre-defined datatypes supported by MySQL. For example, a column `Registration number` cannot have the data type number. It must use `int` because it represents the numeric datatype.
+- SQL provides a `CREATE TABLE` statement that creates a table with columns. You can choose the table name, column names but you have to choose the pre-defined data types supported by PostgreSQL. For example, a column `Registration number` cannot have the data type number. It must use `INTEGER` because it represents the numeric datatype.
 
-- MySQL provides `SELECT` statement which reads (columns and rows) from a table with or without filtration.
+- SQL provides `SELECT` statement which reads (columns and rows) from a table with or without filtration.
 
-- MySQL provides `UPDATE` statement which changes the contents of (columns and rows of) a table.
+- SQL provides `UPDATE` statement which changes the contents of (columns and rows of) a table.
 
-- MySQL provides `DELETE` statement which can delete rows of tables. In order to delete columns, you need to use `ALTER` and `DROP` statements.
+- SQL provides `DELETE` statement which can delete rows of tables. In order to delete columns, you need to use `ALTER` and `DROP` statements.
 
 Check out the following to learn more about how to apply SQL:
 

databases/sql/dumps.md

@@ -1,11 +1,45 @@
 # What is a database dump?
 
-A database `dump` (aka SQL dump) contains a record of the table structure and the data from a database which is used as a backup to restore the database in case of losing it. A database dump is usually in the form of a list of SQL statements. ([An example file named world.sql](https://github.com/HackYourFuture/databases/blob/master/Week1/world.sql) is present in the `Week1` folder)
+A database `dump` (aka SQL dump) contains a record of the table structure and the data from a database which is used as a backup to restore the database in case of losing it. A database dump is usually in the form of a list of SQL statements. ([An example file named world.sql](https://github.com/HackYourFuture/databases/blob/main/Week1/databases/world.sql) is present in the `Week1` folder)
+## Why use database dumps?
 
-1. Collecting the dump of an existing database from terminal `mysqldump -uroot -p database_name > dump-file.sql`
-2. Applying the dump from mysql command prompt (`mysql>`) `source /path/to/the/dump/file`
-3. Applying the dump from the terminal(with generally a dollar prompt `$`) `mysql -uroot -p [database] < /path/to/the/dump/file`
+Database dumps serve two primary purposes: **creating backups** to protect against data loss, and **migrating data** between different database instances or environments. Whether you're moving from development to production, switching database servers, or simply ensuring you have a recovery plan, dumps provide a reliable way to preserve and transfer your database structure and content safely.
 
-For a video going through the idea of a database dump and how to do it have a look at:
+### Backing up your database
+Collecting the dump of an existing database from the terminal:
+```bash
+pg_dump -U username -d database_name > dump-file.sql
+```
 
-{% hyf-youtube src="https://www.youtube.com/watch?v=eSP3afYdIKM" %}
+If your database is inside a Docker container, add `docker exec container_name` before the `pg_dump` command:
+
+```bash
+docker exec container_name pg_dump -U username -d database_name  > dump-file.sql
+```
+
+
+### Restoring from a backup
+
+Restoring the dump from the terminal
+```bash
+psql -U username database_name < /path/to/the/dump/file
+```
+
+If your database is inside a Docker container:
+```bash
+cat /path/to/the/dump/file | docker exec -i container_name psql -U username -d database_name
+```
+
+The command above is actually executing all the SQL commands that are in the dump file one by one to restore the database.
+
+Alternatively, you can use the `pg_restore` command to restore from a dump.
+
+### Alternative: Using Database management tools
+Many Database management tools like `pgAdmin` or `Datagrip` have the ability to export or restore a dump directly from the user interface without executing any terminal commands yourself.
+[Here is an example](https://www.youtube.com/watch?v=vdd66leSDa4) how you can do it with `pgAdmin`.
+
+### Further reading
+
+For a video going through the idea of a database dump and how to do it. Have a look at:
+
+{% hyf-youtube src="https://www.youtube.com/watch?v=WB6WzuFHcP8" %}

databases/sql/identifiers.md

@@ -13,12 +13,11 @@ To define a Primary Key you can use the following syntax:
 
 ```sql
 CREATE TABLE teachers (
-      teacher_number INT NOT NULL AUTO_INCREMENT,
+      teacher_number SERIAL PRIMARY KEY,
       name VARCHAR(50),
       date_of_birth DATE,
       subject TEXT,
-      email VARCHAR(200),
-      PRIMARY KEY (teacher_number)
+      email VARCHAR(200)
 );
 ```
 
@@ -36,11 +35,10 @@ To define a Foreign Key while creating the table, you can use the following synt
 
 ```sql
 CREATE TABLE students (
-    student_number INT NOT NULL AUTO_INCREMENT,
+    student_number SERIAL PRIMARY KEY,
     name VARCHAR(50),
     teacher_id INT,
     email VARCHAR(200),
-    PRIMARY KEY (student_number),
     FOREIGN KEY (teacher_id) REFERENCES teachers(teacher_number)
 );
 ```
@@ -79,7 +77,7 @@ For example, in a database with students from several schools you'd expect the s
 
 ```sql
 CREATE TABLE students_across_schools (
-    student_number INT NOT NULL AUTO_INCREMENT,
+    student_number SERIAL,
     name VARCHAR(50),
     school_id INT,
     PRIMARY KEY (student_number, school_id)

databases/sql/sql-injection.md

@@ -1,47 +1,55 @@
 # SQL injection
 
 Some SQL clients accept input from the user to construct queries.
-A malicious user can tweak the input to acquire more information from the database or
-to destroy the database (literally!). See [this Demo program](https://github.com/HackYourFuture/databases/blob/master/Week3/sql-injection.js) `sql-injection.js` in the `Week3` folder.
+A malicious user can tweak the input to acquire more information from the database or even
+to destroy the database! See [this Demo program](https://github.com/HackYourFuture/databases/blob/master/Week3/scripts/sql-injection.js) `sql-injection.js` in the `Week3` folder.
 
 Consider the following query `SELECT name, salary FROM employees where id = X`.
 
-## Injection to get more information
+### Injection to get more information
 
 ```sql
 /* If X is `101 OR 1=1`, then the query returns all records because 1=1 is always true */
 SELECT name, salary FROM employees where id = 101 OR 1=1;
 ```
 
-## Injection to destroy the database
+This query demonstrates a classic SQL injection attack. Instead of returning data for just employee ID 101, the malicious input `101 OR 1=1` transforms the WHERE clause into a condition that's always true. Since `1=1` is always true, the OR operator makes the entire condition evaluate to true for every row and exposing all employee records including sensitive salary information.
+
+### Injection to destroy the database
 
 ```sql
 /* If X is `101; DROP database mydb`, then the query will delete the entire database */
 SELECT name, salary FROM employees where id = 101; DROP database mydb;
 ```
 
-To prevent SQL injection you have to use prepared statements. The diagram below summarizes nicely how prepared statements work:
-
-![SQL injection](https://pics.me.me/prepared-statements-sol-injections-let-me-in-adult-swim-sol-62056759.png)
+To prevent SQL injection you have to use **prepared statements**.
 
+## Prepared statements
 With prepared statements, we instruct the database to treat certain parts of a query only as a string and nothing else. Even if the string is a valid command it will not be evaluated or executed. The syntax for prepared statements is:
 
 Make sure that the database already contains the `employees` table
 ```sql
-PREPARE example FROM 'SELECT name, salary FROM employees where id = ?';
-SET @id = 5;
-EXECUTE example USING @id
+-- Prepare the statement
+PREPARE example AS SELECT name, salary FROM employees WHERE id = $1;
+
+-- Execute with a parameter
+EXECUTE example(5);
+
+-- Clean up (optional)
+DEALLOCATE example;
 ```
 
-If you try to provide an extra command in the input `set @id='2; show tables'`, it will not be executed.
+If you try to provide an extra command in the input `EXECUTE('5 OR 1=1')`, it will not be executed.
 
 To increase your understanding check the following materials:
 
 - [What is SQL injection?](https://www.youtube.com/watch?v=ciNHn38EyRc)
-- [Prepared statements](https://www.databasejournal.com/features/mysql/a-guide-to-mysql-prepared-statements-and-parameterized-queries.html)
+- [Prepared statements](https://www.postgresql.org/docs/current/sql-prepare.html)
 
 # Bonus video
 
 A bonus video going over this made by one of our mentors ([Unmesh](https://github.com/unmeshvrije)):
 
 {% hyf-youtube src="https://www.youtube.com/watch?v=wS24JiRK4vo" %}
+
+*Note: This video uses MySQL but the concept is still the same and can be easily translated to PostgreSQL*

databases/sql/transactions.md

@@ -6,16 +6,37 @@ Imagine writing a program for transferring money from one bank account to anothe
 
 ![he did not use transactions](https://i.imgflip.com/3hkxnl.jpg)
 
-To start a transaction in MySQL we use the keyword `START TRANSACTION;`. Then we execute a series of commands. More concretely, in our money transfer example: `UPDATE account SET balance = balance - 100 WHERE account_no = 987654 ;` and `UPDATE account SET balance = balance + 100 WHERE account_no = 123456 ;`. If there are no errors we use the command `COMMIT;` which finalizes the changes from both update commands. If there was an error we can use the command `ROLLBACK;` which will _undo_ the changes from all commands in the transaction.
+To start a transaction in PostgreSQL we use the command: 
+```sql
+BEGIN;
+```
+ Then we execute a series of commands. More concretely, in our money transfer example: 
+ 
+ ```sql
+ -- Update 1
+ UPDATE account SET balance = balance - 100 WHERE account_no = 987654 ;
+ 
+ -- Update 2
+ UPDATE account SET balance = balance + 100 WHERE account_no = 123456 ;
+```
+
+ If there are no errors we use the command:
+ ```sql
+ COMMIT;
+ ``` 
+ This command finalizes the changes from both update commands. If there was an error we can use the command 
+ ```sql
+ ROLLBACK;
+ ```
+ Which will _undo_ the changes from all commands in the transaction.
 
 Transactions are essentials when building applications since it is very rare that a certain complex functionality can be written as a single SQL command. To do anything useful, several SQL commands need to be executed and in that case transactions are there to ensure that if something fails halfway, then the data does not stay in an inconsistent state.
 
 To increase your understanding, study the following materials:
 
-- [Transaction examples](https://www.mysqltutorial.org/mysql-transaction.aspx/)
+- [Transaction examples](https://www.postgresql.org/docs/current/tutorial-transactions.html)
 
-# Bonus video
+# Extra videos
 
-A bonus video going over this made by one of our mentors ([Unmesh](https://github.com/unmeshvrije)):
-
-{% hyf-youtube src="https://www.youtube.com/watch?v=mzAs7YQYNog" %}
+* [What is a Database Transaction?](https://www.youtube.com/watch?v=wHUOeXbZCYA)
+* [How to implement Transactions (COMMIT, ROLLBACK, SavePoint) in PostgreSQL.](https://www.youtube.com/watch?v=DvJq4L41ru0)

node-js/user-registration.md

@@ -31,7 +31,7 @@ First, we need a user database. The simplest solution can be defining an array i
 ```javascript
 const usersDatabase = [];
 ```
-In real world applications, we use a real database server like MySQL or MongoDB to store all the users.
+In real world applications, we use a real database server like PostgreSQL or MongoDB to store all the users.
 
 Next, lets create the endpoint: