SQL Basics+ Brandon Checketts

Why SQL? Structured Query Language Structured Query Language Frees programmers from dealing with specifics of data persistence Frees programmers from dealing with specifics of data persistence Cross-platform, language independent Cross-platform, language independent Indexing and data optimization Indexing and data optimization Data integrity Data integrity

Some Pitfalls Vendor-Specific features Vendor-Specific features Standardization is not great Standardization is not great Complexity? Additional Overhead? Complexity? Additional Overhead?

SQL Engines MySQL MySQL PostgreSQL PostgreSQL Informix Informix Oracle Oracle MSSQL MSSQL Many others Many others

Database Organization A database server may have multiple databases A database server may have multiple databases Each database is made up of one or more tables Each database is made up of one or more tables Queries can select from multiple databases and tables. Queries can select from multiple databases and tables.

Accessing your Database Command Line Command Line Web / GUI Interfaces Web / GUI Interfaces Programmatically Programmatically Spreadsheets (Excel) Spreadsheets (Excel) Reporting Applications (Crystal Reports) Reporting Applications (Crystal Reports)

INSERT and SELECT INSERT INTO kids INSERT INTO kids SET name = ‘Noah’, SET name = ‘Noah’, status = ‘nice’; status = ‘nice’; SELECT * FROM kids WHERE name = ‘Noah’

Table Manipulation CREATE CREATE CREATE TABLE `christmas`.`kids` ( CREATE TABLE `christmas`.`kids` ( `name` VARCHAR( 40 ) NOT NULL, `status` VARCHAR( 7 ) NOT NULL `name` VARCHAR( 40 ) NOT NULL, `status` VARCHAR( 7 ) NOT NULL ) ; ) ; ALTER ALTER ALTER TABLE `kids` ALTER TABLE `kids` CHANGE `name` `first_name` VARCHAR( 40 ), CHANGE `name` `first_name` VARCHAR( 40 ), ADD `last_name` VARCHAR( 40 ) NOT NULL AFTER `first_name` ; ADD `last_name` VARCHAR( 40 ) NOT NULL AFTER `first_name` ; DROP DROP

Column Types Char, varchar, text, longtext Char, varchar, text, longtext Int, tinyint, smallint, mediumint, bigint Int, tinyint, smallint, mediumint, bigint Float, double, decimal, Float, double, decimal, Blob (binary large objects) Blob (binary large objects) Date, datetime, timestamp, year, Date, datetime, timestamp, year, Enum, bool Enum, bool

Santa’s Database Santa would like to move into the 21 st century and start keeping all of his required information in a database. Santa would like to move into the 21 st century and start keeping all of his required information in a database. Lets try developing it ourselves Lets try developing it ourselves Demonstrate creating a ‘christmas’ database using phpMyAdmin (including user/pass) Demonstrate creating a ‘christmas’ database using phpMyAdmin (including user/pass) Create kids table Create kids table What columns might we need? What types? What columns might we need? What types?

Santa’s Christmas App Santa decided that developing this entire application by himself is too complicated. Santa decided that developing this entire application by himself is too complicated. He found an open-source application that he wants to use to track his lists. We’ve installed it at: He found an open-source application that he wants to use to track his lists. We’ve installed it at:

Kids Table mysql> describe kids; | Field | Type | Null | Key | Default | Extra | | id | int(11) | NO | PRI | NULL | auto_increment | | first_name | varchar(40) | NO | | | | | last_name | varchar(40) | NO | | | | | status | varchar(7) | NO | | | | | zip | varchar(5) | NO | | | | | modified | timestamp | NO | | CURRENT_TIMESTAMP | | Mysql> show create table kids; …… CREATE TABLE `kids` ( CREATE TABLE `kids` ( `id` int(11) NOT NULL auto_increment, `id` int(11) NOT NULL auto_increment, `first_name` varchar(40) NOT NULL, `first_name` varchar(40) NOT NULL, `last_name` varchar(40) NOT NULL, `last_name` varchar(40) NOT NULL, `status` varchar(7) NOT NULL, `status` varchar(7) NOT NULL, `zip` varchar(5) NOT NULL, `zip` varchar(5) NOT NULL, `modified` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, `modified` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, PRIMARY KEY (`id`) PRIMARY KEY (`id`) ) ENGINE=MyISAM; ) ENGINE=MyISAM;

Adding reports Santa is very happy with his new application. Now he’d like to add some additional features Santa is very happy with his new application. Now he’d like to add some additional features What reports might we want to add? What reports might we want to add? What have kids wished for? What have kids wished for? Kids who have been naughty Kids who have been naughty Kids who have been nice Kids who have been nice Kids who are avoiding being checked up on Kids who are avoiding being checked up on

Gift Lists (Importing from CSV) Santa Elves have compiled gift lists and have them available in a CSV format Santa Elves have compiled gift lists and have them available in a CSV format We can create a table for them and load them directly from CSV We can create a table for them and load them directly from CSV mysql>CREATE TABLE `christmas`.`gifts` ( `kid_id` INT NOT NULL, `kid_id` INT NOT NULL, `gift` VARCHAR( 255 ) NOT NULL `gift` VARCHAR( 255 ) NOT NULL ) ENGINE = MYISAM ; mysql> LOAD DATA local infile ‘gifts.csv' INTO TABLE gifts INTO TABLE gifts FIELDS TERMINATED BY ',' ENCLOSED BY '"' LINES TERMINATED BY '\n' FIELDS TERMINATED BY ',' ENCLOSED BY '"' LINES TERMINATED BY '\n'

Manufacturing Report Santa is an optimist and hopes that all kids will be good and get what they asked for. He needs a report to pass on to his elves so that they know what to manufacture Santa is an optimist and hopes that all kids will be good and get what they asked for. He needs a report to pass on to his elves so that they know what to manufacture SELECT gift, COUNT(gift) AS count FROM gifts GROUP BY gift ORDER BY count DESC;

Date/Time Functions SELECT * FROM sometable SELECT * FROM sometable WHERE timestamp > NOW() WHERE timestamp > NOW() WHERE timestamp > DATE_SUB( NOW(), INTERVAL 7 DAY) WHERE timestamp > DATE_SUB( NOW(), INTERVAL 7 DAY)

Sleigh Loading Report We only want to load gifts for kids that have been nice We only want to load gifts for kids that have been nice We’ll introduce a JOIN on the kids table We’ll introduce a JOIN on the kids table SELECT gift, COUNT(gift) AS count SELECT gift, COUNT(gift) AS count FROM gifts FROM gifts JOIN kids ON kids.id = gifts.kid_id JOIN kids ON kids.id = gifts.kid_id WHERE kids.status = 'nice' WHERE kids.status = 'nice' GROUP BY gifts.gift GROUP BY gifts.gift ORDER BY count DESC ORDER BY count DESC

What is Santa’s sleight doesn’t have enough room for all toys? He might have to reload his sleigh based on geography He might have to reload his sleigh based on geography We could query kids within a radius of a given location, that would be helpful We could query kids within a radius of a given location, that would be helpful We have the kids zip codes. Maybe we could group those together? We have the kids zip codes. Maybe we could group those together?

Exporting and Importing Mysqldump to export Mysqldump to export mysqldump db zipcode |gzip -c > zipcode.sql.gz Import with: Import with: zcat zipcode.sql.gz| mysql christmas zcat zipcode.sql.gz| mysql christmas

SQL Arithmetic SQL Can do semi-complicated arithmetic: SQL Can do semi-complicated arithmetic: Find all zip codes with in a distance of a lat/lon: SELECT zc_zip, 6371*acos(sin('$lat')*sin(zc_lat*pi()/180)+cos('$lat')*cos(zc_lat*pi() /180)*cos('$lon'-zc_lon*pi()/180))/ AS distance FROM zipcode WHERE 6371*acos(sin('$lat')*sin(zc_lat*pi()/180)+cos('$lat')*cos(zc_lat*p i()/180)*cos('$lon'-zc_lon*pi()/180))<$radius *1.6093

Complicated Queries Now that we have a zip code database, we can figure out what toys to load for all kids who have been good and live within a given radius of some zip code Now that we have a zip code database, we can figure out what toys to load for all kids who have been good and live within a given radius of some zip code

SQL Injection Attacks The Grinch wants to stop Christmas from coming, and is attempting to delete Santa’s list. We have an SQL injection vulnerability in index.php This will select more ids than we intend to: I’ve tried to construct something that will drop a table, but have been unsuccessful so far…. A good page about SQL injection that I found is at:

Other Useful Features Encryption Encryption Full-Text search Full-Text search Conditionals Conditionals String functions String functions Spacial functions (GIS) Spacial functions (GIS) Precision Math Precision Math

Alternatives to SQL MemCache MemCache RRD RRD