L6 Application Programming. Thibault Sellam Fall 2018

Similar documents
Copyright 2016 Ramez Elmasri and Shamkant B. Navathe

Database Application Development

Overview. Database Application Development. SQL in Application Code. SQL in Application Code (cont.)

Database Application Development

Database Application Development

Wentworth Institute of Technology COMP570 Database Applications Fall 2014 Derbinsky. SQL Programming. Lecture 8. SQL Programming

Chapter 13 Introduction to SQL Programming Techniques

Database Application Development

CS108 Lecture 19: The Python DBAPI

Database Application Development

ITCS Implementation. Jing Yang 2010 Fall. Class 14: Introduction to SQL Programming Techniques (Ch13) Outline

COMP 430 Intro. to Database Systems. SQL from application code

Database Programming. Week 9. *Some of the slides in this lecture are created by Prof. Ian Horrocks from University of Oxford

Assertions, Views, and Programming. CS157A Chris Pollett Oct. 31, 2005.

Lecture 27 10/30/15. CMPSC431W: Database Management Systems. Instructor: Yu- San Lin

SQL: Programming. Introduction to Databases CompSci 316 Fall 2017

Database Applications

Lecture 26 10/28/15. CMPSC431W: Database Management Systems. Instructor: Yu- San Lin

Carnegie Mellon Univ. Dept. of Computer Science /615 - DB Applications. Today's Party. Example Database. Faloutsos/Pavlo CMU /615

CE419 Web Programming. Session 15: Django Web Framework

SQL in a Server Environment (ii)

Database Application Development

EMBEDDED SQL. SE 3DB3 Fall 2016 MICHAEL LIUT DEPARTMENT OF COMPUTING AND SOFTWARE MCMASTER UNIVERSITY

Introduction to pysqlite

SQL: Programming. Introduction to Databases CompSci 316 Fall 2018

A1 (Part 2): Injection SQL Injection

CMPT 354: Database System I. Lecture 2. Relational Model

Embedded SQL. csc343, Introduction to Databases Diane Horton with examples from Ullman and Widom Fall 2014

Database Management Systems,

CMPT 354 Database Systems I

JDBC SHORT NOTES. Abstract This document contains short notes on JDBC, their types with diagrams. Rohit Deshbhratar [ address]

Working with Databases and Java

Introduction to Data Management CSE 414

Announcements. Multi-column Keys. Multi-column Keys. Multi-column Keys (3) Multi-column Keys (2) Introduction to Data Management CSE 414

Embedded SQL. csc343, Introduction to Databases Renée J. Miller and Fatemeh Nargesian and Sina Meraji Winter 2018

Embedded SQL. Host Language (record-oriented) 3. Process a tuple at a time. 1. Query. 4. Close Cursor

COMP 430 Intro. to Database Systems. Encapsulating SQL code

Database Application Architectures

JDBC. Sun Microsystems has included JDBC API as a part of J2SDK to develop Java applications that can communicate with databases.

PYTHON MYSQL DATABASE ACCESS

SQL from Applications

Part I: Stored Procedures. Introduction to SQL Programming Techniques. CSC 375, Fall 2017

Reminders. Full Django products are due next Thursday! CS370, Günay (Emory) Spring / 6

Overview. SQL from Applications. Accesing data from an application. Embedded SQL JDBC Stored Procedures. UVic C SC 370, Fall 2002

Chapter 9 SQL in a server environment

Databases 2012 Embedded SQL

Introduction to Relational Database Management Systems

SQL in a Server Environment

CSCI-UA: Database Design & Web Implementation. Professor Evan Sandhaus Lecture #23: SQLite

COMP9321 Web Application Engineering

CSC System Development with Java. Database Connection. Department of Statistics and Computer Science. Budditha Hettige

SQL STORED ROUTINES. CS121: Relational Databases Fall 2017 Lecture 9

These notes add to the JDBC discussion your textbook.

CSE 308. Database Issues. Goals. Separate the application code from the database

Enterprise Java Unit 1- Chapter 6 Prof. Sujata Rizal

CPSC 421 Database Management Systems. Lecture 10: Embedded SQL

Lecture 9&10 JDBC. Mechanism. Some Warnings. Notes. Style. Introductory Databases SSC Introduction to DataBases 1.

Database Access with JDBC. Dr. Jens Bennedsen, Aarhus University, School of Engineering Aarhus, Denmark

Cyrus Shahabi Computer Science Department University of Southern California C. Shahabi

Application Programming for Relational Databases

PART I SQLAlchemy Core

Database Applications. SQL/PSM Embedded SQL JDBC

Database Programming Overview. COSC 304 Introduction to Database Systems. Database Programming. JDBC Interfaces. JDBC Overview

SQL Data Definition Language: Create and Change the Database Ray Lockwood

Python for Analytics. Python Fundamentals RSI Chapters 1 and 2

MANTHLY TEST SEPTEMBER 2017 QUESTION BANK CLASS: XII SUBJECT: INFORMATICS PRACTICES (065)

POSTGRESQL - PYTHON INTERFACE

Chapter 18: Persistence

Non-interactive SQL. EECS Introduction to Database Management Systems

Announcements. SQL: Part IV. Transactions. Summary of SQL features covered so far. Fine prints. SQL transactions. Reading assignments for this week

Announcements. Multi-column Keys. Multi-column Keys (3) Multi-column Keys. Multi-column Keys (2) Introduction to Data Management CSE 414

7401ICT eservice Technology. (Some of) the actual examination questions will be more precise than these.

CIS 192: Lecture 11 Databases (SQLite3)

Integer Data Types. Data Type. Data Types. int, short int, long int

LABORATORY OF DATA SCIENCE. Data Access: Relational Data Bases. Data Science and Business Informatics Degree

Kyle Brown Knowledge Systems Corporation by Kyle Brown and Knowledge Systems Corporation

SQL Server 2008 Tutorial 3: Database Creation

Mixer Documentation. Release Kirill Klenov

Basic SQL. Basic SQL. Basic SQL

EGCI 321: Database Systems. Dr. Tanasanee Phienthrakul

NCSS: Databases and SQL

PERSİSTENCE OBJECT RELATİON MAPPİNG

SQL: Data Definition Language. csc343, Introduction to Databases Diane Horton Fall 2017

CT 229 Fundamentals of Java Syntax

Introduction to SQL on GRAHAM ED ARMSTRONG SHARCNET AUGUST 2018

Calling SQL from a host language (Java and Python) Kathleen Durant CS 3200

Ghislain Fourny. Information Systems for Engineers 7. The ecosystem around SQL

GIS 4653/5653: Spatial Programming and GIS. More Python: Statements, Types, Functions, Modules, Classes

SQL: Queries, Programming, Triggers. Basic SQL Query. Conceptual Evaluation Strategy. Example of Conceptual Evaluation. A Note on Range Variables

SQL: Programming Midterm in class next Thursday (October 5)

SQL: Programming. Announcements (September 25) Motivation. CPS 116 Introduction to Database Systems. Pros and cons of SQL.

Database Application Development Part 2 - Chapter

Introduction to Java

SQL in Programming Languages Read chapter 5 of Atzeni et al. BD: Modelli e Linguaggi di Interrogazione and section 8.

JDBC, Transactions. Niklas Fors JDBC 1 / 38

Oracle 1Z MySQL 5.6 Developer.

INTERMEDIATE SQL GOING BEYOND THE SELECT. Created by Brian Duffey

DS Introduction to SQL Part 1 Single-Table Queries. By Michael Hahsler based on slides for CS145 Introduction to Databases (Stanford)

Key Differences Between Python and Java

Introduction JDBC 4.1. Bok, Jong Soon

Transcription:

L6 Application Programming Thibault Sellam Fall 2018

Topics Interfacing with applications Database APIs (DBAPIS) Cursors

SQL!= Programming Language Not a general purpose programming language Tailored for data access/manipulation Easy to optimize and parallelize Can t perform business logic Options 1. Extend SQL, make it Turing Complete goes from simple, easy to analyze to complex :( 2. Extend existing languages to understand SQL natively 3. Provide an API between programming languages and DBMSes

Many Database API options Fully embed into language (embedded SQL) Low-level library with core database calls (DBAPI) Object-relational mapping (ORM) Ruby on rails, django, Hibernate, sqlalchemy, etc define database-backed classes magically maps between database rows & objects magic is a double edged sword

Embedded SQL Extend host language (python) with SQL syntax e.g., EXEC SQL sql-query goes through a preprocessor Compiled into program that interacts with DBMS directly

Embedded SQL Java + embedded SQL Preprocessor Java + DB library calls Java Compiler Executable DBMS library if (user == admin ){ EXEC SQL select * } else { DBMS

What does a library need to do? Single interface to possibly multiple DBMS engines Connect to a database Manage transactions (later) Map objects between host language and DBMS Manage query results Ads Program DBMS Library Users API calls Connection Billing

Overview Library Components Impedance Mismatches 1. Types 2. Classes/objects 3. Result sets 4. Functions 5. Constraints

Engines Abstraction for a database engine tries to hide DBMS language differences driver://username:password@host:port/database from sqlalchemy import create_engine db1 = create_engine( postgresql://localhost:5432/testdb ) db2 = create_engine( sqlite:///testdb.db ) // note: sqllite has no host name (sqlite:///) http://docs.sqlalchemy.org/en/rel_1_0/core/engines.html

Connections Before running queries need to create a connection Tells DBMS to allocate resources for the connection Relatively expensive to set up, libraries often cache connections for future use Defines scope of a transaction (later) conn1 = db1.connect() conn2 = db2.connect() Should close connections when done! Otherwise resource leak.

Query Execution conn1.execute( update table test set a = 1 ) conn1.execute( update table test set s = wu )

Query Execution foo = conn1.execute( select * from big_table ) Challenges What is the return type of execute()? Type impedance How to pass data between DBMS and host language? Can we only pass data between DBMS and host language?

(Type) Impedance Mismatch SQL standard defines mappings between SQL and several languages Most libraries can deal with common types SQL types CHAR(20) INTEGER SMALLINT REAL C types char[20] int short float Python types str int int float What about complex objects { x: 1, y: hello }

(Class) Impedance Mismatch Programming languages usually have classes Setting an attribute in User should save it user.name = Dr Seuss user.job = writer class User { } class Employee extends User { } class Salaries { Employee worker; } Object Relational Mappings designed to address this

Query Execution How to pass values into a query? Users(id int serial, name text) name = eugene conn1.execute( INSERT INTO users(name) VALUES(<what to put here??>) )

Query Execution How to pass values into a query? Users(id int serial, name text) name = eugene conn1.execute ( INSERT INTO users(name) VALUES( {name} ).format(name=name)) Why is this a really bad idea?

Detour: SQL Injections http://w4111db1.cloudapp.net:8888 code on github: syllabus/src/injection/

Detour: SQL Injections If we submit: ); DELETE FROM bad_table; -- Query is INSERT INTO bad_table(name) VALUES(''); DELETE FROM bad_table; -- ');

Detour: SQL Injections Safe implementation Pass form values as arguments to the execute() function Library sanitizes inputs automatically (and correctly!)

Detour: SQL Injections Project: You ll need to protect against simple SQL injections More examples: https://corenumb.wordpress.com/2016/05/14/mr-robot-blind-sql-injection-vulnerability/

Query Execution Pass sanitized values to the database args = ( Dr Seuss, 40 ) conn1.execute( INSERT INTO users(name, age) VALUES(%s, %s), args) Pass in a tuple of query arguments DBAPI library will properly escape input values Most libraries support this Never construct raw SQL strings

(results) Impedance Mismatch SQL relations and results are sets of records What is the type of table? table = execute( SELECT * FROM big_table ) Cursor over the Result Set similar to an iterator interface Note: relations are unordered! Cursors have no ordering guarantees Use ORDER BY to ensure an ordering

sailor1 sailor2 sailor3 sailor4 sailor5 sailor4 cursor sailor6 sailor7 sailor8 sailor9 Program DBMS sailor10 sailor11

sailor1 sailor2 sailor3 sailor4 sailor5 sailor5 cursor sailor6 sailor7 sailor8 sailor9 Program DBMS sailor10 sailor11

(results) Impedance Mismatch Cursor similar to an iterator (next() calls) cursor = execute( SELECT * FROM bigtable ) Cursor attributes/methods (logical) rowcount keys() previous() next() get(idx)

(results) Impedance Mismatch Cursor similar to an iterator (next() calls) cursor = execute( SELECT * FROM bigtable ) cursor.rowcount() # 1000000 cursor.fetchone() # (0, foo, ) for row in cursor: # iterate over the rest print row Actual Cursor methods vary depending on implementation

(functions) Impedance Mismatch What about functions? def add_one(val): return val + 1 conn1.execute( SELECT add_one(1) ) Would need to embed a language runtime into DBMS Many DBMSes support runtimes e.g., python Can register User Defined Functions (UDFs)

(constraints) Impedance Mismatch DB-style constraints often as conditionals or exceptions Constraints often duplicated throughout program JS age = get_age_input(); if (age > 100 or age < 18) show_error( age should be 18 100 ); DBMS CREATE TABLE Users ( age int CHECK(age >= 18 and age <= 100) )

(constraints) Impedance Mismatch Some ORMs try to have one place to define constraints class Person(models.Model): first_name = models.charfield(max_length=30) last_name = models.charfield(max_length=30, null=true) CREATE TABLE myapp_person ( "id" serial NOT NULL PRIMARY KEY, "first_name" varchar(30) NOT NULL, "last_name" varchar(30) );

Some Useful Names DBMS vendors provide libraries for most libraries Two heavyweights in enterprise world ODBC Open DataBase Connectivity Microsoft defined for Windows libraries JDBC Java DataBase Connectivity Sun developed as set of Java interfaces java.sql.* javax.sql.* (recommended)

Modern Database APIs DryadLinq, SparkSQL DBMS executor in same language (dotnet, Spark) as app code what happens to language impedance? what happens to exception handling? what happens to host language functions? val lines = spark.textfile( logfile.log ) val errors = lines.filter(_ startswith Error ) val msgs = errors.map(_.split( \t )(2)) msgs.filter(_ contains foo ).count()

Summary DBAPIs Impedance mismatch Cursors SQL injection Some hard queries More in the HW Windows are optional material SQL Injection: only what s in slides

What to Understand Impedance mismatch examples, and possible solutions SQL injection and how to protect The different uses of a DBAPI Why Embedded SQL is no good What good are cursors?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback