COMP 430 Intro. to Database Systems SQL from application code.

Slides:

Advertisements

Similar presentations

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.

Advertisements

19-Jun-15 SQL. SQL is Structured Query Language Some people pronounce SQL as “sequel” Other people insist that only “ess-cue-ell” is the only correct.

DAT702.  Standard Query Language  Ability to access and manipulate databases ◦ Retrieve data ◦ Insert, delete, update records ◦ Create and set permissions.

Liang, Introduction to Java Programming, Seventh Edition, (c) 2009 Pearson Education, Inc. All rights reserved Chapter 37 Java Database Programming.

CVSQL 2 The Design. System Overview System Components CVSQL Server –Three network interfaces –Modular data source provider framework –Decoupled SQL parsing.

CSE446 S OFTWARE Q UALITY M ANAGEMENT Spring 2014 Yazılım ve Uyguluma Geliştirme Yöneticisi Orhan Başar Evren.

CSCI 6962: Server-side Design and Programming JDBC Database Programming.

CSE470 Software Engineering Fall Database Access through Java.

Beginning Databases with JDBC Mike Bradley Adapted from and notes by Kevin Parker, Ph.D.

NHibernate in Action Web Seminar at UMLChina By Pierre Henri Kuaté 2008/08/27

Dr. Magdi AMER Unit 2 Introduction to Database. Intro Many programs need to save information on disk. The role of DB system is to provide a layer of abstraction.

Georgia Institute of Technology Making Text for the Web part 5 Barb Ericson Georgia Institute of Technology March 2006.

JDBC Tutorial MIE456 - Information Systems Infrastructure II Vinod Muthusamy November 4, 2004.

12-CRS-0106 REVISED 8 FEB 2013 CSG2H3 Object Oriented Programming.

NMED 3850 A Advanced Online Design January 12, 2010 V. Mahadevan.

JDBC Java and Databases, including Postgress. JDBC l Developed by Industry leaders l Three main goals: –JDBC should be an SQL-level API –JDBC should capitalize.

CS 160: Software Engineering October 1 Class Meeting Department of Computer Science San Jose State University Fall 2014 Instructor: Ron Mak

JDBC Java and Databases. RHS – SOC 2 JDBC JDBC – Java DataBase Connectivity An API (i.e. a set of classes and methods), for working with databases in.

Hibernate Persistence. What is Persistence Persist data to database or other storage.  In OO world, persistence means persist object to external storage.

Hibernate 3.0. What is Hibernate Hibernate is a free, open source Java package that makes it easy to work with relational databases. Hibernate makes it.

Chapter 8 Databases.

Accessing Database using JDBC. JDBC Objectives Gain basic knowledge of Java JDBC Become familiar with the basics of interacting with a database using.

WEB/DB1 DATABASE PROGRAMMING 3JDBC by the ASU Scholars.

Chapter 25 Databases. Chapter Scope Database concepts Tables and queries SQL statements Managing data in a database Java Foundations, 3rd Edition, Lewis/DePasquale/Chase25.

Java Database Connectivity. Java and the database Database is used to store data. It is also known as persistent storage as the data is stored and can.

SQL Basic. What is SQL? SQL (pronounced "ess-que-el") stands for Structured Query Language. SQL is used to communicate with a database.

Li Tak Sing COMPS311F. Database programming JDBC (Java Database Connectivity) Java version of ODBC (Open Database Connectivity) ODBC provides a standard.

JDBC CS 260 Database Systems. Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL.

Access Databases from Java Programs via JDBC Tessema M. Mengistu Department of Computer Science Southern Illinois University Carbondale

CHAPTER 10 PHP MySQL Database

JDBC Java and Databases. SWC – JDBC JDBC – Java DataBase Connectivity An API (i.e. a set of classes and methods), for working with databases in.

JDBC I IS Why do we have databases?

Intro to JDBC Joseph Sant Applied Computing and Engineering Sciences Sheridan ITAL.

CS520 Web Programming Object-Relational Mapping with Hibernate and JPA (I) Chengyu Sun California State University, Los Angeles.

CS 440 Database Management Systems Stored procedures & OR mapping 1.

CS320 Web and Internet Programming SQL and MySQL Chengyu Sun California State University, Los Angeles.

Understand Data Definition Language (DDL) Database Administration Fundamentals LESSON 1.4.

CS320 Web and Internet Programming Database Access with JDBC Chengyu Sun California State University, Los Angeles.

Web Systems & Technologies

Databases and the MVC Model

Introduction to Entity framework

CS3220 Web and Internet Programming Database Access with JDBC

Chengyu Sun California State University, Los Angeles

COMP 430 Intro. to Database Systems

CS320 Web and Internet Programming SQL and MySQL

Web Technologies IT230 Dr Mohamed Habib.

CS320 Web and Internet Programming Database Access with JDBC

A very brief introduction

How to connect natively?

Database JDBC Overview CS Programming Languages for Web Applications

Unix System Administration

HW#4 Making Simple BBS Using JDBC

Interacting with Database

SQL DATA CONSTRAINTS.

Bolat Azamat, Kim Dongmin

Using a Database with JDBC

CS3220 Web and Internet Programming SQL and MySQL

Databases and the MVC Model

Databases and the MVC Model

CS3220 Web and Internet Programming SQL and MySQL

Databases and the MVC Model

Chengyu Sun California State University, Los Angeles

MySQL Database System Installation Overview SQL summary

CS3220 Web and Internet Programming Database Access with JDBC

CS3220 Web and Internet Programming Database Access with JDBC

SQL – Application Persistence Design Patterns

Presentation transcript:

COMP 430 Intro. to Database Systems SQL from application code

Some issues How to connect to database Where, what type, user credentials, … How to send SQL commands How to get communicate data to/from DB Data type conversion Details vary by language & library.

Connecting to database – Java example public class Example { public static void main(String[] args) { Connection connection = null; Class.forName(“com.Microsoft.jdbc.sqlserver.SQLServerDriver”); String url = “jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=MYDB”; connection = DriverManager.getConnection(url, “USERNAME”, “PASSWORD”); … } Need sqljdbc4.jar in CLASSPATH. Imports and error handling omitted for brevity. Key pieces: Driver Host DB name User credentials

Connecting to database – Python + SQLAlchemy example engine = + “driver=SQL+Server+Native+Client+10.0”) Key pieces: Driver Host DB name User credentials String split for readability.

Connecting to database Those connection strings share a standard syntax, although some arguments can be specified separately by library.

Commands & data often strings connection = …; Statement stmt1 = connection.createStatement(); stmt1.executeUpdate(“CREATE TABLE Student” + “(id INT, first VARCHAR(50), last VARCHAR(50))”); … Statement stmt2 = connection.createStatement(); ResultSet result = stmt2.executeQuery(“SELECT id FROM Student”); …

Problems with string representation Two data conversions: application  string, string  DB Minimal API Requires SQL knowledge SQL commands not limited to an API Lacks structure Arbitrary data representation in application No static checking

Plain strings allows SQL injection attacks

What are some bad input strings? studentId = getRequestString(“StudentID”); String query = “SELECT first, last FROM Student WHERE id = “ + studentId; Statement stmt = connection.createStatement(query); Many variations on these themes OR 1=1 WHERE clause irrelevant: ; DROP TABLE Student Destructive behavior:

Techniques for preventing injection attacks Validate input used in SQL command strings Build SQL commands via parameterized APIs (next) Access DB via stored procedures Tightly manage user permissions

Simple parameterization – Java example studentId = getRequestString(“StudentID”); Statement stmt = connection.preparedStatement( “SELECT first, last FROM Student WHERE id=?”); Stmt.setInt(1, Integer.parseInt(studentId)); ResultSet result = Stmt.executeQuery(stmt); while (result.next()) { String first = result.getString(“first”); String last = result.getString(“last”); … } Essentially a cursor.

Object-Relational Mapping (ORM) A high-level overview

Primary goal – persistent objects DB viewed as a tool for implementing persistent objects. Relational DB assumed for practical or legacy reasons. But, DB isn’t organized in terms of objects. Programmer think in terms of application & objects. Specify which objects persistent Interaction with DB largely(?) hidden

Focus on data

CREATE TABLE Student ( id INT AUTOINCREMENT, first_name VARCHAR(50), last_name VARCHAR(50), PRIMARY KEY (id) ); public class Student { private int id; private String firstName; private String lastName; public Student(…) {} … /* getters & setters */ }

What an ORM can provide Generate code for simple object/table-record mapping API for OO-style CRUD (Create-Read-Update-Delete) of objects API for OO-style queries Manage how & when data is moved

Generate object (& table?) from specification class Student(Base): __tablename__ = ‘Student’ id = Column(Integer, primary_key=True, autoincrement=True) first_name = Column(String) last_name = Column(String) Hibernate SQLAlchemy

OO-style CRUD Object constructor Object getters & setters Methods corresponding to CREATE, INSERT, UPDATE, DELETE engine.execute(Student.insert(), {‘first_name’: ‘John’, ‘last_name’: ‘Smith’})

OO-style queries Potentially no explicit SQL in application code. But programmer still needs to understand SQL concepts. resultset = session.query(User, Document, DocumentPermission).join(Document).join(DocumentPermission).filter(User. ==

How & when data is moved Granularity: Application-level traditionally accesses an attribute at a time. DB-level access one or more records at a time. Consistency Are application & DB data guaranteed to be consistent? Eager vs. lazy loading

Some ORM problems Complicated Hard to learn Some would say bloated Fragmented Many frameworks, many standards Hard to move from one to another Only partially successful