Accessing SQL Server and MySQL – Live Demo Svetlin Nakov Telerik Software Academy academy.telerik.com Manager Technical Training

Slides:



Advertisements
Similar presentations
Windows Basic and Dynamic Disk Borislav Varadinov Telerik Software Academy academy.telerik.com System Administrator Marian Marinov CEO of 1H Ltd.
Advertisements

HTML Forms, GET, POST Methods Tran Anh Tuan Edit from Telerik Academy
Amazon S 3, App Engine Blobstore, Google Cloud Storage, Azure Blobs Svetlin Nakov Telerik Software Academy academy.telerik.com.
RPN and Shunting-yard algorithm Ivaylo Kenov Telerik Software Academy academy.telerik.com Technical Assistant
Shortest paths in edge-weighted digraph Krasin Georgiev Technical University of Sofia g.krasin at gmail com Assistant Professor.
Telerik Software Academy Telerik School Academy.
Asynchronous Programming with C# and WinRT
Unleash the Power of JavaScript Tooling Telerik Software Academy End-to-end JavaScript Applications.
Character sequences, C-strings and the C++ String class, Working with Strings Learning & Development Team Telerik Software Academy.
Done already for your convenience! Telerik School Academy Unity 2D Game Development.
Processing Sequences of Elements Telerik School Academy C# Fundamentals – Part 1.
Welcome to the JSON-stores world Telerik Software Academy Databases.
NoSQL Concepts, Redis, MongoDB, CouchDB
Telerik Software Academy Telerik School Academy Creating E/R Diagrams with SQL Server.
The Business Plan and the Business Model Margarita Antonova Volunteer Telerik Academy academy.telerik.com Business System Analyst Telerik Corporation.
What are ADTs, STL Intro, vector, list, queue, stack Learning & Development Team Telerik Software Academy.
Making JavaScript code by template! Learning & Development Team Telerik Software Academy.
Svetlin Nakov Telerik Software Academy academy.telerik.com Manager Technical Training Who, What, Why?
Svetlin Nakov Telerik Software Academy Manager Technical Training
Access to known folders, using pickers, writing to and reading from files, caching files for future access George Georgiev Telerik Software Academy academy.telerik.com.
Processing Matrices and Multidimensional Tables Svetlin Nakov Telerik Software Academy academy.telerik.com Technical Trainer
Learning & Development Telerik Software Academy.
Reading and Writing Text Files Svetlin Nakov Telerik Software Academy academy.telerik.com Technical Trainer
Classical OOP in JavaScript Classes and stuff Telerik Software Academy
Using Selenium for Mobile Web Testing Powered by KendoUI Telerik QA Academy Atanas Georgiev Senior QA Engineer KendoUI Team.
NoSQL Concepts, Redis, MongoDB, CouchDB Svetlin Nakov Telerik Software Academy academy.telerik.com Manager Technical Training
New features: classes, generators, iterators, etc. Telerik Academy Plus JavaScript.Next.
Creating E/R Diagrams with SQL Server Management Studio and MySQL Workbench Svetlin Nakov Telerik Software Academy Manager Technical.
Throwing and Catching Exceptions Tran Anh Tuan Edit from Telerik Software Academy
Loops, Conditional Statements, Functions Tran Anh Tuan Edit from Telerik Academy
Telerik Software Academy ASP.NET Web Forms.
Private/Public fields, Module, Revealing Module Learning & Development Team Telerik Software Academy.
Building Data-Driven ASP.NET Web Forms Apps Telerik Software Academy ASP.NET Web Forms.
Course Introduction Svetlin Nakov Telerik Software Academy academy.telerik.com Manager Technical Training
Accessing SQL Server and OLE DB from.NET Svetlin Nakov Telerik Corporation
Nikolay Kostov Telerik Software Academy Senior Software Developer and Trainer
Telerik Software Academy End-to-end JavaScript Applications.
What is a Database, MySQL Specifics Trần Anh Tuấn Edit from Telerik Software Academy
Planning and Tracking Software Quality Yordan Dimitrov Telerik Corporation Team Leader, Team Pulse, Team Leader, Team Pulse, Telerik Corporation,
What you need to know Ivaylo Kenov Telerik Corporation Telerik Academy Student.
Data binding concepts, Bindings in WinJS George Georgiev Telerik Software Academy academy.telerik.com Technical Trainer itgeorge.net.
Pavel Kolev Telerik Software Academy Senior.Net Developer and Trainer
Objects, Properties, Primitive and Reference Types Learning & Development Team Telerik Software Academy.
ORM Concepts, Entity Framework (EF), DbContext
When and How to Refactor? Refactoring Patterns Alexander Vakrilov Telerik Corporation Senior Developer and Team Leader.
Free Training and Job for Software Engineers Svetlin Nakov, PhD Manager Technical Training Telerik Corp. Telerik Software Academy.
Free Training and Job for Software Engineers Svetlin Nakov, PhD Manager Technical Training Telerik Corp. Telerik Software Academy.
Access to known folders, using pickers, writing to and reading from files, caching files for future access George Georgiev Telerik Software Academy academy.telerik.com.
Doing the Canvas the "easy way"! Learning & Development Telerik Software Academy.
.NET Cloud Development Made Easy George Georgiev Telerik Software Academy academy.telerik.com Technical Trainer 1.
Creating and Running Your First C# Program Svetlin Nakov Telerik Software Academy academy.telerik.com Manager Technical Training
Accessing SQL Server and MySQL from.NET and C# Learning & Development Team Telerik Software Academy.
Data Types, Primitive Types in C++, Variables – Declaration, Initialization, Scope Telerik Software Academy academy.telerik.com Learning and Development.
Learn to Design Error Steady Code Svetlin Nakov Telerik Software Academy academy.telerik.com Technical Trainer
Connecting, Queries, Best Practices Tran Anh Tuan Edit from Telerik Software Academy
Processing Sequences of Elements Telerik Software Academy C# Fundamentals – Part 2.
Telerik JavaScript Framework Telerik Software Academy Hybrid Mobile Applications.
Telerik Software Academy Databases.
Things start to get serious Telerik Software Academy JavaScript OOP.
Learning & Development Mobile apps for iPhone & iPad.
Processing Matrices and Multidimensional Tables Telerik Software Academy C# Fundamentals – Part 2.
Nikolay Kostov Telerik Software Academy academy.telerik.com Team Lead, Senior Developer and Trainer
Functions and Function Expressions Closures, Function Scope, Nested Functions Telerik Software Academy
Implementing Control Logic in C# Svetlin Nakov Telerik Software Academy academy.telerik.com Manager Technical trainer
Inheritance, Abstraction, Encapsulation, Polymorphism Telerik Software Academy Mobile apps for iPhone & iPad.
Mocking tools for easier unit testing Telerik Software Academy High Quality Code.
What why and how? Telerik School Academy Unity 2D Game Development.
Windows Security Model Borislav Varadinov Telerik Software Academy academy.telerik.com System Administrator
DB Apps Introduction Intro to ADO.NET SQL SoftUni Team DB Apps Intro
Presentation transcript:

Accessing SQL Server and MySQL – Live Demo Svetlin Nakov Telerik Software Academy academy.telerik.com Manager Technical Training

 ADO.NET Overview  Accessing MS SQL Server  Connecting to SQL Server  Executing Commands  Processing Result Sets  SQL Injection and Command Parameters  Accessing MySQL  ADO.NET Data Provider for MySQL  Executing SQL commands in MySQL 2

ADO.NET Overview

 ADO.NET is a.NET technology (API) for accessing databases  Works through data providers (drivers)  Data providers are available for:  SQL Server, MySQL, Oracle, PostgreSQL, SQLite, Access, Excel, OLE DB, etc.  What does ADO.NET provide?  Executing SQL commands in RDBMS server  ORM support: ADO.NET Entity Framework (EF) 4

5 SQL Server.NET Data Provider OleDb.NET Data Provider Oracle.NET Data Provider ODBC.NET Data Provider DataReader DbCommand Connected Model DataSet DataAdapter Disconn. Model … DataContext Table<T> LINQ-to-SQL ObjectContext EntityObject Entity Framework …

 Data Providers are collections of classes that provide access to various databases  For different RDBMS systems different Data Providers are available  Each provider uses vendor-specific protocols to talk to the database server  Several common objects are defined:  Connection – to connect to the database  Command – to run an SQL command  DataReader – to retrieve data 6

 Several standard ADO.NET Data Providers come as part of.NET Framework  SqlClient – accessing SQL Server  OleDB – accessing standard OLE DB data sources  Odbc – accessing standard ODBC data sources  Oracle – accessing Oracle database  Third party Data Providers are available for:  MySQL, PostgreSQL, Interbase, DB 2, SQLite  Other RDBMS systems and data sources  SQL Azure, Salesforce CRM, Amazon SimpleDB, … 7

Executing SQL Commands in SQL Server

 Retrieving data for MS SQL Server 1.Open a connection ( SqlConnection ) 2.Execute command ( SqlCommand ) 3.Process the result set of the query by using a reader ( SqlDataReader ) 4.Close the reader 5.Close the connection 9 SqlConnection SqlCommand SqlDataReader Database SqlParameter SqlParameter SqlParameter

10  Use SqlConnection to connect to SQL Server database  Requires a valid connection string  Connection string example:  Connecting to SQL Server: Data Source=(local)\SQLEXPRESS;Initial Catalog=Northwind;Integrated Security=SSPI; SqlConnection con = new SqlConnection( "Server=.\SQLEXPRESS;Database=Northwind; "Server=.\SQLEXPRESS;Database=Northwind; Integrated Security=true"); Integrated Security=true");con.Open();

 Use SqlCommand class to execute SQL  ExecuteScalar()  Executes a SQL query and returns a single value as result, e.g. SELECT COUNT(*) FROM …  ExecuteReader()  Executes a SQL query and returns a set of rows as result, e.g. SELECT * FROM …  ExecuteNonQuery()  Executes a SQL command and returns the number of rows affected, e.g. INSERT … INTO … 11

12 SqlConnection dbCon = new SqlConnection( "Server=.\\SQLEXPRESS; " + "Server=.\\SQLEXPRESS; " + "Database=TelerikAcademy; " + "Database=TelerikAcademy; " + "Integrated Security=true"); "Integrated Security=true");dbCon.Open();using(dbCon){ SqlCommand command = new SqlCommand( SqlCommand command = new SqlCommand( "SELECT COUNT(*) FROM Employees", dbCon); "SELECT COUNT(*) FROM Employees", dbCon); int employeesCount = (int) command.ExecuteScalar(); int employeesCount = (int) command.ExecuteScalar(); Console.WriteLine( "Employees count: {0} ", employeesCount); Console.WriteLine( "Employees count: {0} ", employeesCount);}

Live Demo

 SqlDataReader retrieves a sequence of records (cursor) returned as result of an SQL command  Data is available for reading only (can't be changed)  Forward-only row processing (no move back)  Important properties and methods:  Read() – moves the cursor forward and returns false if there is no next record  Item (indexer) – retrieves the value in the current record by given column name or index  Close() – closes the cursor and releases resources 14

15 SqlConnection dbCon = new SqlConnection(…); dbCon.Open();using(dbCon){ SqlCommand command = new SqlCommand( SqlCommand command = new SqlCommand( "SELECT * FROM Employees", dbCon); "SELECT * FROM Employees", dbCon); SqlDataReader reader = command.ExecuteReader(); SqlDataReader reader = command.ExecuteReader(); using (reader) using (reader) { while (reader.Read()) while (reader.Read()) { { string firstName = (string)reader["FirstName"]; string firstName = (string)reader["FirstName"]; string lastName = (string)reader["LastName"]; string lastName = (string)reader["LastName"]; decimal salary = (decimal)reader["Salary"]; decimal salary = (decimal)reader["Salary"]; Console.WriteLine("{0} {1} - {2}", Console.WriteLine("{0} {1} - {2}", firstName, lastName, salary); firstName, lastName, salary); } }}

Live Demo

What is SQL Injection and How to Prevent It?

18 bool IsPasswordValid(string username, string password) { string sql = string sql = "SELECT COUNT(*) FROM Users " + "SELECT COUNT(*) FROM Users " + "WHERE UserName = '" + username + "' and " + "WHERE UserName = '" + username + "' and " + "PasswordHash = '" + CalcSHA1(password) + "'"; "PasswordHash = '" + CalcSHA1(password) + "'"; SqlCommand cmd = new SqlCommand(sql, dbConnection); SqlCommand cmd = new SqlCommand(sql, dbConnection); int matchedUsersCount = (int) cmd.ExecuteScalar(); int matchedUsersCount = (int) cmd.ExecuteScalar(); return matchedUsersCount > 0; return matchedUsersCount > 0;} bool normalLogin = IsPasswordValid("peter", "qwerty123"); // true IsPasswordValid("peter", "qwerty123"); // true bool sqlInjectedLogin = IsPasswordValid(" ' or 1=1 --", "qwerty123"); // true IsPasswordValid(" ' or 1=1 --", "qwerty123"); // true bool evilHackerCreatesNewUser = IsPasswordValid( "' INSERT INTO Users VALUES('hacker','') --", "qwerty123"); "' INSERT INTO Users VALUES('hacker','') --", "qwerty123");

 The following SQL commands are executed:  Usual password check (no SQL injection):  SQL-injected password check:  SQL-injected INSERT command: 19 SELECT COUNT(*) FROM Users WHERE UserName = 'peter' and PasswordHash = 'XOwXWxZePV5iyeE86Ejvb+rIG/8=' SELECT COUNT(*) FROM Users WHERE UserName = ' ' or 1=1 -- ' and PasswordHash = 'XOwXWxZePV5iyeE86Ejvb+rIG/8=' SELECT COUNT(*) FROM Users WHERE UserName = '' INSERT INTO Users VALUES('hacker','') --' and PasswordHash = 'XOwXWxZePV5iyeE86Ejvb+rIG/8='

Live Demo

 Ways to prevent the SQL injection:  SQL-escape all data coming from the user:  Not recommended: use as last resort only!  Preferred approach:  Use parameterized queries  Separate the SQL command from its arguments 21 string escapedUsername = username.Replace("'", "''"); string sql = "SELECT COUNT(*) FROM Users " + "SELECT COUNT(*) FROM Users " + "WHERE UserName = '" + escapedUsername + "' and " + "WHERE UserName = '" + escapedUsername + "' and " + "PasswordHash = '" + CalcSHA1(password) + "'"; "PasswordHash = '" + CalcSHA1(password) + "'";

 What are SqlParameters ?  SQL queries and stored procedures can have input and output parameters  Accessed through the Parameters property of the SqlCommand class 22 SqlCommand cmd = new SqlCommand("INSERT INTO Pets" + "(Name, Description) dbCon); "(Name, Description) dbCon); name); description); cmd.ExecuteNonQuery();

23 private void InsertProject(string name, string description, DateTime startDate, DateTime? endDate) DateTime startDate, DateTime? endDate){ SqlCommand cmd = new SqlCommand("INSERT INTO Projects " + SqlCommand cmd = new SqlCommand("INSERT INTO Projects " + "(Name, Description, StartDate, EndDate) VALUES " + "(Name, Description, StartDate, EndDate) VALUES @end)", dbCon); name); name); description); description); startDate); startDate); SqlParameter sqlParameterEndDate = SqlParameter sqlParameterEndDate = new endDate); new endDate); if (endDate == null) if (endDate == null) sqlParameterEndDate.Value = DBNull.Value; sqlParameterEndDate.Value = DBNull.Value; cmd.Parameters.Add(sqlParameterEndDate); cmd.Parameters.Add(sqlParameterEndDate); cmd.ExecuteNonQuery(); cmd.ExecuteNonQuery();}

 Retrieval of an automatically generated primary key is specific to each database server  In MS SQL Server IDENTITY column is used  Obtained by executing the following query:  Example of obtaining the automatically generated primary key in ADO.NET: 24 SELECT SqlCommand selectIdentityCommand = new SqlCommand("SELECT dbCon); new SqlCommand("SELECT dbCon); int insertedRecordId = (int) (decimal) selectIdentityCommand.ExecuteScalar(); (decimal) selectIdentityCommand.ExecuteScalar();

Live Demo

Executing SQL Commands in MySQL

 To access MySQL from.NET you need  ADO.NET Driver for MySQL (Connector/NET)   Add reference to MySQL.Data.dll  Use code similar to accessing SQL Server 27 MySqlConnection dbConnection = new MySqlConnection( "Server=localhost;Database=test;Uid=test;Pwd=test"); "Server=localhost;Database=test;Uid=test;Pwd=test");dbConnection.Open(); using (dbConnection) { MySqlCommand cmd = new MySqlCommand( MySqlCommand cmd = new MySqlCommand( "SELECT COUNT(*) FROM Town", dbConnection); "SELECT COUNT(*) FROM Town", dbConnection); Console.WriteLine(cmd.ExecuteScalar()); Console.WriteLine(cmd.ExecuteScalar());}

Live Demo

форум програмиране, форум уеб дизайн курсове и уроци по програмиране, уеб дизайн – безплатно програмиране за деца – безплатни курсове и уроци безплатен SEO курс - оптимизация за търсачки уроци по уеб дизайн, HTML, CSS, JavaScript, Photoshop уроци по програмиране и уеб дизайн за ученици ASP.NET MVC курс – HTML, SQL, C#,.NET, ASP.NET MVC безплатен курс "Разработка на софтуер в cloud среда" BG Coder - онлайн състезателна система - online judge курсове и уроци по програмиране, книги – безплатно от Наков безплатен курс "Качествен програмен код" алго академия – състезателно програмиране, състезания ASP.NET курс - уеб програмиране, бази данни, C#,.NET, ASP.NET курсове и уроци по програмиране – Телерик академия курс мобилни приложения с iPhone, Android, WP7, PhoneGap free C# book, безплатна книга C#, книга Java, книга C# Николай Костов - блог за програмиране

1. Write a program that retrieves from the Northwind sample database in MS SQL Server the number of rows in the Categories table. 2. Write a program that retrieves the name and description of all categories in the Northwind DB. 3. Write a program that retrieves from the Northwind database all product categories and the names of the products in each category. Can you do this with a single SQL query (with table join)? 4. Write a method that adds a new product in the products table in the Northwind database. Use a parameterized SQL command. 30

5. Write a program that retrieves the images for all categories in the Northwind database and stores them as JPG files in the file system. 6. Create an Excel file with 2 columns: name and score: Write a program that reads your MS Excel file through the OLE DB data provider and displays the name and score row by row. 7. Implement appending new rows to the Excel file. 31

8. Write a program that reads a string from the console and finds all products that contain this string. Ensure you handle correctly characters like ', %, ", \ and _. 9. Download and install MySQL database, MySQL Connector/Net (.NET Data Provider for MySQL) + MySQL Workbench GUI administration tool. Create a MySQL database to store Books (title, author, publish date and ISBN). Write methods for listing all books, finding a book by name and adding a book. 10. Re-implement the previous task with SQLite embedded DB (see

 Telerik School Academy  schoolacademy.telerik.com schoolacademy.telerik.com  Telerik Software Academy  academy.telerik.com academy.telerik.com  Telerik Facebook  facebook.com/TelerikAcademy facebook.com/TelerikAcademy  Telerik Software Academy Forums  forums.academy.telerik.com forums.academy.telerik.com