Advanced Programming Techniques. Database Systems. Christopher Moretti

Similar documents
Database systems in 21 minutes

MySQL, Postgres, SQLite, Oracle, Sybase, DB2, each column is an "attribute" common to all rows

DATABASE DESIGN I - 1DL300

Databases and Database Programming. Copyright 2017 by Robert M. Dondero, Ph.D. Princeton University

Accessing databases in Java using JDBC

CSC System Development with Java. Database Connection. Department of Statistics and Computer Science. Budditha Hettige

Topics. History. Architecture. MongoDB, Mongoose - RDBMS - SQL. - NoSQL

Wentworth Institute of Technology COMP570 Database Applications Fall 2014 Derbinsky. SQL Programming. Lecture 8. SQL Programming

Database Programming Overview. COSC 304 Introduction to Database Systems. Database Programming. JDBC Interfaces. JDBC Overview

ERwin and JDBC. Mar. 6, 2007 Myoung Ho Kim

Types of Databases. Types of Databases. Types of Databases. Databases and Web. Databases and Web. Relational databases may also have indexes

Advances in Programming Languages

Java Database Connectivity

JDBC Architecture. JDBC API: This provides the application-to- JDBC Manager connection.

Advances in Programming Languages

Databases 2012 Embedded SQL

Programming in Java

This lecture. Databases - JDBC I. Application Programs. Database Access End Users

DATABASES SQL INFOTEK SOLUTIONS TEAM

COMP102: Introduction to Databases, 23

Database Applications

Calling SQL from a host language (Java and Python) Kathleen Durant CS 3200

DATABASE SYSTEMS. Database programming in a web environment. Database System Course, 2016

Instructor: Jinze Liu. Fall 2008

Outline. Definitions History Basic concepts of DBMS Data Models Relational database Normalization

1.264 Lecture 8. SQL continued Connecting to database servers

Data Base Concepts. Course Guide 2

Bonus Content. Glossary

Databases/JQuery AUGUST 1, 2018

Introduction to Database Systems

CS108 Lecture 19: The Python DBAPI

The DBMS accepts requests for data from the application program and instructs the operating system to transfer the appropriate data.

SQL in a Server Environment

I n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:

Outline. Database Management Systems (DBMS) Database Management and Organization. IT420: Database Management and Organization

COP4540 TUTORIAL PROFESSOR: DR SHU-CHING CHEN TA: H S IN-YU HA

UNIT 3 XML DATABASES

JDBC, Transactions. Niklas Fors JDBC 1 / 38

SQL: Programming. Announcements (September 25) Motivation. CPS 116 Introduction to Database Systems. Pros and cons of SQL.

Introduction. Example Databases

B.H.GARDI COLLEGE OF MASTER OF COMPUTER APPLICATION. Ch. 1 :- Introduction Database Management System - 1

Database Application Development

SQL: Programming Midterm in class next Thursday (October 5)

JAVA AND DATABASES. Summer 2018

Database-Connection Libraries

Teiid Designer User Guide 7.5.0

Normalization in DBMS

BUSINESS INTELLIGENCE LABORATORY. Data Access: Relational Data Bases. Business Informatics Degree

Introduction to JDBC. Lecture 12

SQL DML and DB Applications, JDBC

File Processing Approaches

Visit for more.

Introduction JDBC 4.1. Bok, Jong Soon

DATABASE SYSTEMS. Database programming in a web environment. Database System Course,

The functions performed by a typical DBMS are the following:

Database Fundamentals

Databases and JDBC. by Vlad Costel Ungureanu for Learn Stuff

Java Database Connectivity

Data, Information, and Databases

COURSE OVERVIEW THE RELATIONAL MODEL. CS121: Relational Databases Fall 2017 Lecture 1

Lecture 2. Introduction to JDBC

Webinar Series TMIP VISION

Event Stores (I) [Source: DB-Engines.com, accessed on August 28, 2016]

Part I What are Databases?

Cyrus Shahabi Computer Science Department University of Southern California C. Shahabi

Application Programming for Relational Databases

Non-interactive SQL. EECS Introduction to Database Management Systems

COURSE OVERVIEW THE RELATIONAL MODEL. CS121: Introduction to Relational Database Systems Fall 2016 Lecture 1

Outline. Lecture 10: Database Connectivity -JDBC. Java Persistence. Persistence via Database

WEB SECURITY: SQL INJECTION

Database Application Programs PL/SQL, Java and the Web

CS50 Quiz Review. November 13, 2017

Real Life Web Development. Joseph Paul Cohen

Overview of Data Management

INTRODUCTION TO JDBC - Revised Spring

INTRODUCTION TO JDBC - Revised spring

What is Transaction? Why Transaction Management Required? JDBC Transaction Management in Java with Example. JDBC Transaction Management Example

CS 146 Database Systems

CSE 308. Database Issues. Goals. Separate the application code from the database

Systems Analysis and Design in a Changing World, Fourth Edition. Chapter 12: Designing Databases

What is database? Types and Examples

relational Key-value Graph Object Document

Database Processing. Fundamentals, Design, and Implementation. Global Edition

Database Fundamentals Chapter 1

CISC 3140 (CIS 20.2) Design & Implementation of Software Application II

Introduction to NoSQL Databases

DBMS Support for Big Live Data

Working with Databases and Java

Introduction. Who wants to study databases?

Why use a database? You can query the data (run searches) You can integrate with other business systems that use the same database You can store huge

Kyle Brown Knowledge Systems Corporation by Kyle Brown and Knowledge Systems Corporation

CSCC43H: Introduction to Databases. Lecture 9

Manual Trigger Sql Server 2008 Examples Insert Update

What is Data? ANSI definition: Volatile vs. persistent data. Data. Our concern is primarily with persistent data

What is Data? Volatile vs. persistent data Our concern is primarily with persistent data

Course Introduction & Foundational Concepts

Database Systems: Design, Implementation, and Management Tenth Edition. Chapter 14 Database Connectivity and Web Technologies

End o' semester clean up. A little bit of everything

Introduction to Databases

IT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao

Transcription:

Advanced Programming Techniques Database Systems Christopher Moretti

History Pre-digital libraries Organized by medium, size, shape, content, metadata Record managers (1800s-1950s) manually- indexed punched cards Navigational DBs (1950s-) records linked with references Relational DBs (1970s-) split data into normalized tables NoSQL DBs (2000s-)

Database Definitions Database (DB) Structured collection of data Abstract view of data collection Data semantics may not be parallel to data storage Database Management System (DBMS) Software infrastructure that constitutes a database Typically client-server architecture

Schema vs State Schema is a description of database structure, types, constraints changes only upon restructuring State is a snapshot of the data stored at a given time individual records changes potentially with every query

Why Databases? Centralized control of data Can reduce redundancy, increase efficiency Guarantees important properties:

Database ABCs, er CABs CRUD - core database record operations Create, Read, Update, Delete ACID - core properties of relational db transactions Atomic, Consistent, Isolated, Durable BASE - a more relaxed db transaction paradigm Basic Availability, Soft-state, Eventual-consistency

Navigational Databases Hierarchical structure (IBM, early 1960 s) Data organized as a tree User follows links from root to find data Queries are biased by the root, link set Network structure (CODASYL, late 1960 s) Multi-parent as well as multi-child User follows pointers among records to find data

Relational Databases Edgar Cobb (early 1970 s) aim was to eliminate all links informally: set of tables formally: set of predicates and constraints to define relationships queries are unbiased, but can still be tuned based on anticipated/observed usage

Practical Options Files Don t guarantee ACID Don t guarantee BASE MySQL, Oracle, PostgreS, etc. NoSQL/NOSQL: non-relational DBs, document collections, Key-Value and Column store

Typical DBMS Architecture browser HTTP HTML network connection DB client query response DB server

Relational Schema Example Simplest DB has one table holding all data (e.g. spreadsheet) Relational: separate tables "related" by common attributes e.g. custid in custs matches custid in sales Schema: content and structure of the tables books: isbn title author price custs: custid name adr sales: isbn custid date price qty stock: isbn count Extract info via queries

Example Books Table isbn title author price 1234 MySQL DuBois 49.95 4321 TPOP K & P 24.95 2468 Ruby Flanagan 79.99 2467 Java Flanagan 89.99

A bit about database design Example thanks to Robert M. Dondero, Jr.

DB0 BOOKS: isbn, title, authors, quantity ORDERS: isbn, custid, custname, street, city, state, zipcode, quantity Note lack of atomicity (authors), redundancy (customer info)

First Normal Form Table is 1NF iff each column contains only atomic values DB0 is not in First Normal Form

DB1 BOOKS: isbn, title, quantity AUTHORS: isbn, author ORDERS: isbn, custid, custname, street, city, state, zipcode,quantity Now s as good as any to think about keys. What are DB1 s candidates?

DB1 Primary Keys Choose among candidate keys in this case, there s only one choice Great. That eliminated lack of atomicity. Is there still redundancy?

Second Normal Form Table is 2NF iff 1NF && every non-key is functionally dependent on primary key DB1 is not in Second Normal Form

DB2 BOOKS: isbn, title, quantity AUTHORS: isbn, author CUSTOMERS: custid, custname, street, city, state,zipcode ORDERS: isbn, custid, quantity

DB2 is in Second Normal Form Great. That eliminated lots of redundancy. But is there still any?

Third Normal Form Table is 3NF iff 2NF && every non-key is non-transitively dependent on primary key (not functionally dependent on something else first) DB2 is not in Third Normal Form

DB3 BOOKS: isbn, title, quantity AUTHORS: isbn, author CUSTOMERS: custid, custname, street, zipcode ZIPCODES: zipcode, city, state ORDERS: isbn, custid, quantity

DB3 is in Third Normal Form And so on (next would be reduce same authors on different books)

Structured Query Language (SQL) General (select) query format: select column-names from tables where condition ; So: select * from books; select name, adr from custs; select title, price from books where price > 50; select * from books where author = "Flanagan"; select author, title from books where author like "F%"; select author, title from books order by author; select author, count(*) from books group by author; select author, count(*) as n from books group by author order by n desc; Query result is, itself, a table

Multiple-table Queries / Joins If desired data comes from multiple tables, this implies joining the tables together into a new big table from which to produce the output select title, count from books, stock where books.isbn = stock.isbn; select * from books, sales where books.isbn = sales.isbn and books.author like "F%"; select custs.name, books.title from books, custs, sales where custs.id = sales.custid and sales.isbn = books.isbn; select price, count(*) as count from books where author like 'F%' group by author order by count desc;

Beyond select SQL can, of course, do much more than simply select data from an existing table Warning: different DBs have annoying little inconsistencies about syntax, semantics, performance, but in general garden-variety SQL will work fine. insert into sales values( 1234','44','2008-03-06','27.95'); update books set price = 99.99 where author = "Flanagan"; delete from books where author = "Singer";

http://xkcd.com/327/ Suppose a system does this query: select * from books where author = {{form_content}} ; Let s specially construct form_content to do our bidding (a la COS217 s buffer overflow): x ; update books set price = $1.00 where author like K% ; -- Our construction yields this effective query: select * from books where author = 'x'; update books set price = $1.00 where author like 'K%'; --'

SQL Injection Attacks http://bit.ly/1srv8xp select * from books where author = or 1 == 1 select * from books where author = x ; drop table books; -- select * from books where author = 'x'; update books set price = $1.00 where author like 'K%'; --

SQL Injection Protection Prepared statements and parameterized queries: Details vary by language, DB library:? for SQlite, %s for MySQL, etc. query= select * from books where author =? mycursor.execute(query, param) Use functions for escaping, e.g.: mysql_real_escape_string Django and other frameworks generally do this for you. www.bobby-tables.com

Database Access in Programs There are standard interfaces MS: ODBC ( Open Database Connectivity ) Java JDBC Drivers exist for all major databases, making applications relatively independent of underlying DB Excel PHP ODBC API drv drv drv mysql oracle postgres

MySQL Program Interface MySQL interface exposes about 50 functions across many languages https://dev.mysql.com/doc/connector-python/en/ https://github.com/felixge/node-mysql import sys, fileinput, _mysql db = _mysql.connect(host=, user=, db=, passwd= ) db.query( ) res = db.store_result() row = res.fetch_row() while len(row)!= 0: print row row = res.fetch_row()

import java.sql.*; public class mysql { public static void main(string args[]) { String url = jdbc:mysql:// ; try { Class.forName("com.mysql.jdbc.Driver"); } catch(java.lang.classnotfoundexception e) { System.err.print("ClassNotFoundException: " + e.getmessage()); } try { Connection con = DriverManager.getConnection(url,, ); Statement stmt = con.createstatement(); ResultSet rs = stmt.executequery("select * from books"); while (rs.next()) System.out.println(rs.getString("title") + " " + rs.getstring("author")); stmt.close(); con.close(); } catch(sqlexception ex) { System.err.println("SQLException: " + ex.getmessage()); } } }

MongoDB Program Interface (Flaskr) from pymongo import Connection db = Connection()['dbfile'] blog = db['blog'] def show_entries(): entries = [dict(title=cur['title'], text=cur['text']) for cur in blog.find()] return render_template('show_entries.html', entries=entries) def add_entry(): blog.insert({"title": request.form['title'], "text": request.form['text']}) # BUG: injection? return redirect(url_for('show_entries')) def clear(): blog.remove() return redirect(url_for('show_entries')) http://openmymind.net/2011/3/28/the-little-mongodb-book/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback