COMP 430 Intro. to Database Systems. SQL from application code

Similar documents
Wentworth Institute of Technology COMP570 Database Applications Fall 2014 Derbinsky. SQL Programming. Lecture 8. SQL Programming

COMP 430 Intro. to Database Systems. Encapsulating SQL code

L6 Application Programming. Thibault Sellam Fall 2018

Accessing databases in Java using JDBC

CSCI/CMPE Object-Oriented Programming in Java JDBC. Dongchul Kim. Department of Computer Science University of Texas Rio Grande Valley

Databases 2012 Embedded SQL

The Object-Oriented Paradigm. Employee Application Object. The Reality of DBMS. Employee Database Table. From Database to Application.

Database Application Architectures

Object-Relational Mapping

TypeScript. Types. CS144: Web Applications

Working with Databases and Java

Database Programming Overview. COSC 304 Introduction to Database Systems. Database Programming. JDBC Interfaces. JDBC Overview

PERSİSTENCE OBJECT RELATİON MAPPİNG

PART I SQLAlchemy Core

Classes and Objects 3/28/2017. How can multiple methods within a Java class read and write the same variable?

SQL: Programming. Announcements (September 25) Motivation. CPS 116 Introduction to Database Systems. Pros and cons of SQL.

Lecture 5. Monday, September 15, 2014

A1 (Part 2): Injection SQL Injection

Cyrus Shahabi Computer Science Department University of Southern California C. Shahabi

Application Programming for Relational Databases

CSC System Development with Java. Database Connection. Department of Statistics and Computer Science. Budditha Hettige

Ghislain Fourny. Information Systems for Engineers 7. The ecosystem around SQL

Java application using JDBC to connect to a database.

Unit 27 Web Server Scripting Extended Diploma in ICT

Installing MySQL. Hibernate: Setup, Use, and Mapping file. Setup Hibernate in IDE. Starting WAMP server. phpmyadmin web console

COMP 250 Winter 2011 Reading: Java background January 5, 2011

CSE 530A. DAOs and MVC. Washington University Fall 2012

Java Database Connectivity

SQL: Programming Midterm in class next Thursday (October 5)

Lecture 9&10 JDBC. Mechanism. Some Warnings. Notes. Style. Introductory Databases SSC Introduction to DataBases 1.

Databases and SQL Lab EECS 448

object/relational persistence What is persistence? 5

Unit 6 Hibernate. List the advantages of hibernate over JDBC

Lecture 02, Fall 2018 Friday September 7

Embedded SQL. csc343, Introduction to Databases Diane Horton with examples from Ullman and Widom Fall 2014

Perform Database Actions Using Java 8 Stream Syntax Instead of SQL. Emil Forslund Java Developer Speedment, Inc.

Programming II (CS300)

COP4540 TUTORIAL PROFESSOR: DR SHU-CHING CHEN TA: H S IN-YU HA

Introduction to Programming

Databases and MySQL. COMP 342: Programming Methods. 16 September Databases and MySQL

foreword to the first edition preface xxi acknowledgments xxiii about this book xxv about the cover illustration

HIBERNATE MOCK TEST HIBERNATE MOCK TEST IV

SQream Connector JDBC SQream Technologies Version 2.9.3

Some Facts Web 2.0/Ajax Security

Java Persistence API (JPA)

Web Security. Attacks on Servers 11/6/2017 1

What data persistence means? We manipulate data (represented as object state) that need to be stored

SQL: Programming. Introduction to Databases CompSci 316 Fall 2018

Java Database Connectivity (JDBC) 25.1 What is JDBC?

Enterprise Systems. Lecture 02: JDBC. Behzad BORDBAR

INF 102 CONCEPTS OF PROG. LANGS ADVERSITY. Instructors: James Jones Copyright Instructors.

Classes. Classes as Code Libraries. Classes as Data Structures. Classes/Objects/Interfaces (Savitch, Various Chapters)

13 Creation and Manipulation of Tables and Databases

Java Persistence API (JPA) Entities

SQLAlchemy Session - In Depth

CSE 135. Three-Tier Architecture. Applications Utilizing Databases. Browser. App. Server. Database. Server

COMP-202: Foundations of Programming. Lecture 9: Classes and Objects Sandeep Manjanna, Summer 2015

Object Oriented Programming

IBM DB2 9 Application Developer. Download Full Version :

Databases/JQuery AUGUST 1, 2018

BUSINESS INTELLIGENCE LABORATORY. Data Access: Relational Data Bases. Business Informatics Degree

Types of Databases. Types of Databases. Types of Databases. Databases and Web. Databases and Web. Relational databases may also have indexes

This tutorial is designed for all those Python programmers who would like to understand the ORM framework with SQLAlchemy and its API.

razi Documentation Release 2.0.0b0 Riccardo Vianello

Introduction to Web Application Development Using JEE, Frameworks, Web Services and AJAX

Classes. Classes as Code Libraries. Classes as Data Structures

Database connectivity (I) ()

ICS4U Project Development Example Discovery Day Project Requirements. System Description

EMBEDDED SQL. SE 3DB3 Fall 2016 MICHAEL LIUT DEPARTMENT OF COMPUTING AND SOFTWARE MCMASTER UNIVERSITY

Database Access with JDBC. Dr. Jens Bennedsen, Aarhus University, School of Engineering Aarhus, Denmark

Binghamton University. CS-140 Fall Problem Solving. Creating a class from scratch

Server-side Web Programming

Vendor: IBM. Exam Code: Exam Name: DB2 9 Application Developer. Version: Demo

Software Tools Data Access Layers

Spring Interview Questions

Getting Started with the Bullhorn SOAP API and Java

SQL from Applications

ERwin and JDBC. Mar. 6, 2007 Myoung Ho Kim

Overview. SQL from Applications. Accesing data from an application. Embedded SQL JDBC Stored Procedures. UVic C SC 370, Fall 2002

Database Applications

Relational databases and SQL

Review. Objec,ves. Example Students Table. Database Overview 3/8/17. PostgreSQL DB Elas,csearch. Databases

Database Application Development

JDBC Java Database Connectivity is a Java feature that lets you connect

Developing an Object- Oriented Database for Embedded Systems on Java ME

Consistency The DBMS must ensure the database will always be in a consistent state. Whenever data is modified, the database will change from one

Technical basis. Interfaces. Framework and tool overview

WEB SERVICES EXAMPLE 2

Chair of Software Engineering. Java and C# in depth. Carlo A. Furia, Marco Piccioni, Bertrand Meyer. Java: Persistence

Advances in Programming Languages

Database Application Development

How to program applications. CS 2550 / Spring 2006 Principles of Database Systems. SQL is not enough. Roadmap

Intoduction to JDBC (Java Database Connectivity-- Connecting to DBMS)

Computer Science II. OO Programming Classes Scott C Johnson Rochester Institute of Technology

Introduction to Databases

COMP-202: Foundations of Programming. Lecture 14: static, private, public Jackie Cheung, Winter 2015

Ch 7 Designing Java Classes & Class structure. Fields have data values define/describe an instance

CE419 Web Programming. Session 15: Django Web Framework

Integrating Spring Boot with MySQL

The Design of JDBC The Structured Query Language Basic JDBC Programming Concepts Query Execution Scrollable and Updatable Result Sets

Transcription:

COMP 430 Intro. to Database Systems SQL from application code

Some issues How to connect to database Where, what type, user credentials, How to send SQL commands How to get communicate data to/from DB Data type conversion Details vary by language & library.

Connecting to database Java example public class Example { public static void main(string[] args) { Connection connection = null; Class.forName( com.microsoft.jdbc.sqlserver.sqlserverdriver ); } } String url = jdbc:microsoft:sqlserver://localhost:1433;databasename=mydb ; connection = DriverManager.getConnection(url, USERNAME, PASSWORD ); Need sqljdbc4.jar in CLASSPATH. Imports and error handling omitted for brevity. Key pieces: Driver Host DB name User credentials

Key pieces: Driver Host DB name User credentials Connecting to database Python + SQLAlchemy example String split for readability. engine = create_engine( mssql+pyodbc://username:password@localhost/mydb + driver=sql+server+native+client+10.0 )

Connecting to database Those connection strings share a standard syntax, although some arguments can be specified separately by library.

Commands & data often strings connection = ; Statement stmt1 = connection.createstatement(); stmt1.executeupdate( CREATE TABLE Student + (id INT, first VARCHAR(50), last VARCHAR(50)) ); Statement stmt2 = connection.createstatement(); ResultSet result = stmt2.executequery( SELECT id FROM Student );

Problems with string representation Two data conversions: application string, string DB Minimal API Requires SQL knowledge SQL commands not limited to an API Lacks structure Arbitrary data representation in application No static checking

Plain strings allows SQL injection attacks

What are some bad input strings? studentid = getrequeststring( StudentID ); String query = SELECT first, last FROM Student WHERE id = + studentid; Statement stmt = connection.createstatement(query); WHERE clause irrelevant: 123456789 OR 1=1 Destructive behavior: 123456789; DROP TABLE Student Many variations on these themes.

Techniques for preventing injection attacks Validate input used in SQL command strings Build SQL commands via parameterized APIs (next) Access DB via stored procedures Tightly manage user permissions

Simple parameterization Java example Essentially a cursor. studentid = getrequeststring( StudentID ); Statement stmt = connection.preparedstatement( SELECT first, last FROM Student WHERE id=? ); Stmt.setInt(1, Integer.parseInt(studentId)); ResultSet result = Stmt.executeQuery(stmt); while (result.next()) { String first = result.getstring( first ); String last = result.getstring( last ); }

Object-Relational Mapping (ORM) A high-level overview

Primary goal persistent objects DB viewed as a tool for implementing persistent objects. Relational DB assumed for practical or legacy reasons. But, DB isn t organized in terms of objects. Programmer think in terms of application & objects. Specify which objects persistent Interaction with DB largely(?) hidden

Focus on data

Focus on data public class Student { private int id; private String firstname; private String lastname; } public Student( ) {} /* getters & setters */ CREATE TABLE Student ( id INT AUTOINCREMENT, first_name VARCHAR(50), last_name VARCHAR(50), PRIMARY KEY (id) );

What an ORM can provide Generate code for simple object/table-record mapping API for OO-style CRUD (Create-Read-Update-Delete) of objects API for OO-style queries Manage how & when data is moved

Generate object (& table?) from specification Hibernate SQLAlchemy <hibernate-mapping> <class name= Student table= Student > <id name= id type= int column= id > <generator class= native /> </id> <property name= firstname column= first_name type= string /> <property name= lastname column= last_name type= string /> </class> </hibernate-mapping> class Student(Base): tablename = Student id = Column(Integer, primary_key=true, autoincrement=true) first_name = Column(String) last_name = Column(String)

OO-style CRUD Object constructor Object getters & setters Methods corresponding to CREATE, INSERT, UPDATE, DELETE engine.execute(student.insert(), { first_name : John, last_name : Smith })

OO-style queries Potentially no explicit SQL in application code. But programmer still needs to understand SQL concepts. resultset = session.query(user, Document, DocumentPermission).join(Document).join(DocumentPermission).filter(User.email == john_smith@foo.com )

How & when data is moved Granularity: Application-level traditionally accesses an attribute at a time. DB-level access one or more records at a time. Consistency Are application & DB data guaranteed to be consistent? Eager vs. lazy loading

Some ORM problems Complicated Hard to learn Some would say bloated Fragmented Many frameworks, many standards Hard to move from one to another Only partially successful

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback