Wentworth Institute of Technology COMP570 Database Applications Fall 2014 Derbinsky. SQL Programming. Lecture 8. SQL Programming

Similar documents
Copyright 2016 Ramez Elmasri and Shamkant B. Navathe

Chapter 13 Introduction to SQL Programming Techniques

SQL: Programming. Announcements (September 25) Motivation. CPS 116 Introduction to Database Systems. Pros and cons of SQL.

SQL: Programming Midterm in class next Thursday (October 5)

ITCS Implementation. Jing Yang 2010 Fall. Class 14: Introduction to SQL Programming Techniques (Ch13) Outline

Lecture 27 10/30/15. CMPSC431W: Database Management Systems. Instructor: Yu- San Lin

Instructor: Jinze Liu. Fall 2008

Java and the Java DataBase Connectivity (JDBC) API. Todd Kaufman April 25, 2002

Announcements. SQL: Part IV. Transactions. Summary of SQL features covered so far. Fine prints. SQL transactions. Reading assignments for this week

Databases 2012 Embedded SQL

Non-interactive SQL. EECS Introduction to Database Management Systems

Lecture 2. Introduction to JDBC

Discuss setting up JDBC connectivity. Demonstrate a JDBC program Discuss and demonstrate methods associated with JDBC connectivity

The Object-Oriented Paradigm. Employee Application Object. The Reality of DBMS. Employee Database Table. From Database to Application.

Kyle Brown Knowledge Systems Corporation by Kyle Brown and Knowledge Systems Corporation

The Design of JDBC The Structured Query Language Basic JDBC Programming Concepts Query Execution Scrollable and Updatable Result Sets

DATABASE DESIGN I - 1DL300

Database Programming Overview. COSC 304 Introduction to Database Systems. Database Programming. JDBC Interfaces. JDBC Overview

Database Application Development

L6 Application Programming. Thibault Sellam Fall 2018

SQL in a Server Environment (ii)

Overview. Database Application Development. SQL in Application Code. SQL in Application Code (cont.)

Database Application Development

Database Application Development

COMP 430 Intro. to Database Systems. SQL from application code

Database Applications. SQL/PSM Embedded SQL JDBC

Outline. CS 235: Introduction to Databases. DB Application Programming. Interface Solutions. Basic PSM Form. Persistent Stored Modules

COMP102: Introduction to Databases, 23

Advances in Programming Languages

Working with Databases and Java

Assertions, Views, and Programming. CS157A Chris Pollett Oct. 31, 2005.

How to program applications. CS 2550 / Spring 2006 Principles of Database Systems. SQL is not enough. Roadmap

Advances in Programming Languages

DB I. 1 Dr. Ahmed ElShafee, Java course

JAVA AND DATABASES. Summer 2018

Programming in Java

Database Application Programs PL/SQL, Java and the Web

JDBC, Transactions. Niklas Fors JDBC 1 / 38

Advanced Programming Techniques. Database Systems. Christopher Moretti

JDBC Architecture. JDBC API: This provides the application-to- JDBC Manager connection.

Database Applications

CSC System Development with Java. Database Connection. Department of Statistics and Computer Science. Budditha Hettige

Types of Databases. Types of Databases. Types of Databases. Databases and Web. Databases and Web. Relational databases may also have indexes

Chapter 3 DB-Gateways

SQL: Programming. Introduction to Databases CompSci 316 Fall 2017

Logging and Recovery. 444 Section, April 23, 2009

Databases and SQL Lab EECS 448

Embedded SQL. Host Language (record-oriented) 3. Process a tuple at a time. 1. Query. 4. Close Cursor

INTRODUCTION TO JDBC - Revised spring

SQL Stored Programs. You Can Not Do Everything in SQL SQL/PSM Cursors Recursion Triggers. Niklas Fors Stored Programs 1 / 21

Chapter 3 DB-Gateways

More Database Programming. CS157A Chris Pollett Nov. 2, 2005.

Chapter 9 SQL in a server environment

Database Application Development

INTRODUCTION TO JDBC - Revised Spring

Questions and Answers. A. A DataSource is the basic service for managing a set of JDBC drivers.

Enterprise Java Unit 1- Chapter 6 Prof. Sujata Rizal

Relational Databases. CS 240 Advanced Programming Concepts

CSE 135. Three-Tier Architecture. Applications Utilizing Databases. Browser. App. Server. Database. Server

Databases and MySQL. COMP 342: Programming Methods. 16 September Databases and MySQL

SQL in a Server Environment

BUSINESS INTELLIGENCE LABORATORY. Data Access: Relational Data Bases. Business Informatics Degree

Java Database Connectivity (JDBC) 25.1 What is JDBC?

A1 (Part 2): Injection SQL Injection

Calling SQL from a host language (Java and Python) Kathleen Durant CS 3200

Server-side web security (part 2 - attacks and defences)

CS108 Lecture 19: The Python DBAPI

Part I: Stored Procedures. Introduction to SQL Programming Techniques. CSC 375, Fall 2017

Cyrus Shahabi Computer Science Department University of Southern California C. Shahabi

Application Programming for Relational Databases

Why use a database? You can query the data (run searches) You can integrate with other business systems that use the same database You can store huge

Database Application Development Part 2 - Chapter

Database Systems: Design, Implementation, and Management Tenth Edition. Chapter 14 Database Connectivity and Web Technologies

JDBC Drivers Type. JDBC drivers implement the defined interfaces in the JDBC API for interacting with your database server.

Data Base Concepts. Course Guide 2

JDBC MOCK TEST JDBC MOCK TEST IV

CSE 308. Database Issues. Goals. Separate the application code from the database

Embedded SQL. csc343, Introduction to Databases Diane Horton with examples from Ullman and Widom Fall 2014

Embedded SQL. csc343, Introduction to Databases Renée J. Miller and Fatemeh Nargesian and Sina Meraji Winter 2018

MANTHLY TEST SEPTEMBER 2017 QUESTION BANK CLASS: XII SUBJECT: INFORMATICS PRACTICES (065)

CSE 127 Computer Security

This tutorial is going to guide you throughout the setup of your. workspace. First, we re going to see how to install the MySQL RDBMS

The Web Application Developer s. Red Hat Database. View. October 30, Webcast. Patrick Macdonald, Fernando Nasser. Red Hat Database Engineering

ITP 140 Mobile Technologies. Databases Client/Server

A roadmap to java stored procedures on z/os

ERwin and JDBC. Mar. 6, 2007 Myoung Ho Kim

Introduction to Databases [p.3]

Database in Applica.on Development. Debapriyo Majumdar DBMS Fall 2016 Indian Statistical Institute Kolkata

Outline. Lecture 10: Database Connectivity -JDBC. Java Persistence. Persistence via Database

Top 50 JDBC Interview Questions and Answers

SQL Environment: Module Types. System Aspects of SQL. SQL Environment: Introduction. SQL Environment: Introduction. SQL Environment: Privileges

Java Database Connectivity

Database Application Architectures

Introduction to SQL Server. nikos bikakis

Designing Performance-Optimized JDBC Applications

Database Applications (15-415)

JDBC [Java DataBase Connectivity]

IBM DB2 9 Application Developer. Download Full Version :

JDBC. Sun Microsystems has included JDBC API as a part of J2SDK to develop Java applications that can communicate with databases.

JDBC Installation Transactions Metadata

Transcription:

Lecture 8 1

Outline Context General Approaches Typical Programming Sequence Examples 2

Database Design and Implementation Process Normalization 3

SQL via API Embedded SQL SQLJ General Approaches DB Programming Language PL/SQL, T-SQL Hybrid MS Access, Filemaker 4

SQL via API Most common approach, access database functions via library PreparedStatement stmt = conn.preparestatement( "SELECT LASTNAME" + ", FIRSTNAME" + ", SALARY" + " FROM EMPLOYEE" + " WHERE SALARY BETWEEN? AND?" ); stmt.setbigdecimal( 1, min ); stmt.setbigdecimal( 2, max ); ResultSet rs = stmt.executequery(); while ( rs.next() ) { lastname = rs.getstring( 1 ); firstname = rs.getstring( 2 ); salary = rs.getbigdecimal( 3 ); // Print row... } rs.close(); stmt.close(); 5

Issues with Accessing SQL via API Impedance mismatch Object-relational mapping DBMS abstraction layer Cursors Injection attacks 6

Impedance Mismatch In this context, refers to several issues that arise when OO language interacts with RDBMS Differences in data types Query results as row/column Limited compile-time error detection w.r.t. SQL 7

Object-Relational Mapping (ORM) Common technique to convert between incompatible systems (e.g. OO objects and RDBMS rows/columns) part = new Part(); part.name = "Sample part"; part.price = 123.45; part.save(); INSERT INTO parts (name, price) VALUES ('Sample part', 123.45); 8

Database Abstraction Layer Most database systems have native APIs for several programming languages To ease software development, there are database abstraction efforts Libraries: JDBC (Java), PearDB (PHP), Sequel (Ruby) Middleware: ODBC Varying degree of abstraction from DBMS/SQL Works well for many applications; can harm efficiency and/or access to DBMS-specific functionality 9

Cursors Libraries typically offer two types of access to query results (i.e. result set) All at once (e.g. in an array/data structure) Row-by-row The latter may be required for larger results, typically facilitated by a cursor data structure (can be thought of as a pointer to a single row within a larger set, similar to iterator) Library may optimize for access patterns (e.g. read-only, forward-only, etc) 10

SQL Injection Attacks ala XKCD 11

Preventing SQL Injection Whenever user inputs interact with SQL, sanitizing is a vital security concern Parameterization API Use prepared statements (or stored queries); bind value via function call, API automatically escapes appropriate to DBMS Value escaping API Make sure string to be appended is properly quoted to prevent unintended leakage Principle of Least Privilege Database user should only be allowed to access/ change what is absolutely necessary; optionally use different users for different classes of operation 12

Embedded SQL Insert [typically prefixed] code directly into source; compiler auto-generates DBMSspecific code vs. 13

DB Language (SQL/PSM) Store Procedures 14

Typical Programming Sequence 1. Connect to DBMS URL, database name, user/pw, driver Sometimes persistent for performance 2. Arbitrary interactions Transactions via SQL 3. Close the connection 15

1. Generate SQL Query Sequence Could be static or composed of algorithmic/ user-contributed parts 2. Execute 3. Get results 16

Prepared Query Sequence 1. Generate parameterized SQL Could be static or composed of algorithmic parts (typically nothing user-contributed) 2. Bind values to SQL parameters Could be static or algorithmic/user-contributed 3. Execute 4. Get results 17

Examples 1. MySQL: PHP+Apache a. Change parameters at top for Chinook DB b. Copy to www directory c. Access via browser 2. SQLite: Java+JDBC+Xerial SQLite Driver a. Easiest is to import into Eclipse, run 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback