SQL DOM: Compile Time Checking of Dynamic SQL Statements Russel A. McClure Ingolf H. Krüger ICSE 2005 University of California, San Diego Department of.

Slides:

Advertisements

Similar presentations

Java Script Session1 INTRODUCTION.

Advertisements

Murali Mani Persistent Stored Modules (Stored Procedures) : PSM.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 13 Introduction to SQL Programming Techniques.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.

End of SQL: Triggers, Impedance Mismatch and Transactions February 6 th, 2004.

Using Relational Databases and SQL Steven Emory Department of Computer Science California State University, Los Angeles Lecture 10: Advanced Topics.

Java Review 2 – Errors, Exceptions, Debugging Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

MIS2502: Data Analytics MySQL and SQL Workbench David Schuff

Deep Typechecking and Refactoring Zachary Tatlock, Chris Tucker, David Shuffleton, Ranjit Jhala, Sorin Lerner 1 University of California, San Diego.

Embedded SQL Host Language (record-oriented) DBMS (set-oriented) 1. Query 3. Process a tuple at a time 4. Close Cursor 2. Evaluate query. Provide cursor.

Getting connected.  Java application calls the JDBC library.  JDBC loads a driver which talks to the database.  We can change database engines without.

CPS120: Introduction to Computer Science Information Systems: Database Management Nell Dale John Lewis.

UNIT 3 TEMPLATE AND EXCEPTION HANDLING. Introduction  Program errors are also referred to as program bugs.  A C program may have one or more of four.

SQL Training SQL Statements – Part 1. Confidential & Proprietary Copyright © 2009 Cardinal Directions, Inc. Lesson Objectives Explain the role of SQL.

Data Access Patterns Some of the problems with data access from OO programs: 1.Data source and OO program use different data modelling concepts 2.Decoupling.

9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.

Chapter 7 Advanced SQL Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.

Java Chapter 1 Problem solving: 1. Understanding the problem. 2. Breaking the problem into manageable pieces. 3. Designing a solution. 4. Considering alternatives.

Introduction to LINQ Lecture # 19 August Introduction How do you interrogate/manipulate data? What if you could do the work in a type-safe," string-free.

SQL 101 for Web Developers 14 November What is a database and why have one? Tables, relationships, normalization SQL – What SQL is and isn’t – CRUD:

Module 11: Programming Across Multiple Servers. Overview Introducing Distributed Queries Setting Up a Linked Server Environment Working with Linked Servers.

Geoff Holmes and Bernhard Pfahringer COMP206-08S General Programming 2.

CSE 131 Computer Science 1 Module 1: (basics of Java)

 What software components are required?  How do I install the Oracle JDBC driver?  How do I connect to the database?  What form is the data in and.

Reactive Database Access in Scala with Slick 3

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.

CSE 425: Data Types I Data and Data Types Data may be more abstract than their representation –E.g., integer (unbounded) vs. 64-bit int (bounded) A language.

Copyright  Oracle Corporation, All rights reserved. 7 Accessing a Database Using SQLJ.

8 1 Chapter 8 Advanced SQL Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

Database Systems Design, Implementation, and Management Coronel | Morris 11e ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or.

Oct * Brad Tutterow. VS 2008.NET 3.5LINQ Entity Framework  The ADO.NET Entity Framework is part of Microsoft’s next generation of.NET technologies.

DT228/3 Web Development Databases. Querying a database: Partial info Search engines, on-line catalogues often need to allow user to search a database.

1 CS 430 Database Theory Winter 2005 Lecture 14: Additional SQL Topics.

Chapter 8 Advanced SQL Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

Concordia University Department of Computer Science and Software Engineering Click to edit Master title style ADVANCED PROGRAM DESIGN WITH C++ Static arrays.

Li Tak Sing COMPS311F. Database programming JDBC (Java Database Connectivity) Java version of ODBC (Open Database Connectivity) ODBC provides a standard.

Topic 3: C Basics CSE 30: Computer Organization and Systems Programming Winter 2011 Prof. Ryan Kastner Dept. of Computer Science and Engineering University.

Different Constraint Types Type Where Declared When activated Guaranteed to hold? Attribute with attribute on insertion not if CHECK or update subquery.

1 Announcements Reading for next week: Chapter 4 Your first homework will be assigned as soon as your database accounts have been set up.  Expect an .

Chapter 18 Object Database Management Systems. Outline Motivation for object database management Object-oriented principles Architectures for object database.

Constraining Attribute Values Constrain invalid values –NOT NULL –gender CHAR(1) CHECK (gender IN (‘F’, ‘M’)) –MovieName CHAR(30) CHECK (MovieName IN (SELECT.

The single most important skill for a computer programmer is problem solving Problem solving means the ability to formulate problems, think creatively.

Ch. NoNameMarks 01AWT24 02Networking18 03JDBC20 04Swing18 05Servlet20 Advance Java Programming.

M.Sc. Seminar - Keren Lenz Supervisor - Dr. Yossi Gil July 1 st 2007 Simple and Safe SQL Queries with C++ Templates A RA R AT -

IMS 4212: Application Architecture and Intro to Stored Procedures 1 Dr. Lawrence West, Management Dept., University of Central Florida

April 2002Information Systems Design John Ogden & John Wordsworth SQL2: 1 Database Design SQL (2) John Wordsworth Department of Computer Science The University.

Chapter 7 SQL HUANG XUEHUA. Chapter Objectives Specification of more general constraints via assertions SQL facilities for defining views (virtual.

Intro to JDBC Joseph Sant Applied Computing and Engineering Sciences Sheridan ITAL.

MYSQL AND MYSQL WORKBENCH MIS2502 Data Analytics.

CS 440 Database Management Systems Stored procedures & OR mapping 1.

ADVANCED SQL.  The SQL ORDER BY Keyword  The ORDER BY keyword is used to sort the result-set by one or more columns.  The ORDER BY keyword sorts the.

CS422 Principles of Database Systems Oracle PL/SQL Chengyu Sun California State University, Los Angeles.

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe.

1 CS122A: Introduction to Data Management Lecture #4 (E-R  Relational Translation) Instructor: Chen Li.

CS422 Principles of Database Systems Stored Procedures and Triggers Chengyu Sun California State University, Los Angeles.

Views / Session 3/ 1 of 40 Session 3 Module 5: Implementing Views Module 6: Managing Views.

SQL Injection Attacks S Vinay Kumar, 07012D0506. Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion.

Introduction to Database Programming with Python Gary Stewart

Top 10 Entity Framework Features Every Developer Should Know

SQL – Python and Databases

Principles of programming languages 8: Types

Database Systems: Design, Implementation, and Management Tenth Edition

mysql and mysql workbench

Views, Stored Procedures, Functions, and Triggers

CS4222 Principles of Database System

Contents Preface I Introduction Lesson Objectives I-2

Chapter 7 Using SQL in Applications

Chapter 8 Advanced SQL.

Object Relational Mapping Tools

Presentation transcript:

SQL DOM: Compile Time Checking of Dynamic SQL Statements Russel A. McClure Ingolf H. Krüger ICSE 2005 University of California, San Diego Department of Computer Science and Engineering

“Impedance Mismatch” Huh? OO = Software Engineering Principles Relational = Mathematical Principles. Impedance Mismatch: An SQL “select” in Java. –In OO you traverse pointers, and send messages. –In Relational, you apply operators to relations: Select Cartesian Product Project Union Set Difference

Tedious Composition of SQL statements Challenge: generate a simple SQL query on customers relation: SELECT * FROM Customers WHERE companyName = ‘ ’ AND …

public string GetCustomers(string companyName, …. ) { bool firstCondition = true; StringBuilder sql= new StringBuilder(“SELECT * FROM Customers “); if ((companyName!= null) && (companyName.Length > 0) { if (firstCondition) { firstCondition=false; sql,Append (“ WHERE “); } else sql.Append(“ AND”); sql.Append(“CompnyName=‘”); sql.Append(companyName); sql.Append(“’”); } return sql.ToString(); } Tedious Composition of SQL statements misspelled name ! SQL syntax error Can you find the bugs? (Sorry, the compiler won’t help you)

Type Translation Horrors public string SetUnitsInStock (int productID, int unitsInStock) { string sql = “UPDATE Products “ + “ SET UnitsInStock = “ + unitsInStock.ToString() + “ WHERE ProductID = “ + productID.ToString(); return sql; } UnitsInStock is 16-bit integer. Runtime error if unitsInStock (32-bit integer) is too big.

The SQL DOM solution database DOM sqldomgen the SQL DOM generator sqldomgen – an executable, executed against a database. Output: a DLL (Dynamic Link Library). Classes are referred to as SQL DOM – SQL Domain Object Model.

How about now? public string GetCustomers (string companyName, … ) { CustomersTblSelectSQLStmt sql= new CustomersTblSelectSQLStmt (); if ((companyName!= null) && (companyName.Length > 0) { sql.AddWhereCondition( new CompanyNameWhereCond(companyName)); } return sql.GetSQL(); }

The DOM works its wonders in mysterious ways… 3 steps for DOM generation: Obtain database schema (through methods from OLEDB provider) Iterate through tables and columns (produce source files) Compile… (produce DLL)

The Object Model Three main types of classes: SQL statements –select –update –insert –delete columns where conditions

SQL Statements SQLStmt InsertSQLStmtUpdateSQLStmtSelectSQLStmt CustomersTblSelectSQLStmtOrdersTblSelectSQLStmt CustomersTblSelectSQLStmt() JoinToOrders() JoinTo() AddWhereCondition() AddOrderBy() OrdersTblSelectSQLStmt() JoinToOrderDetails() JoinToCustomers() JoinTo() …

Column classes CustomersTblColumn CustomersTblInsertColumnCustomersTblUpdateColumn CustomersTblSelectColumn Column

Remember “nasty bug”? This is what would happen now public string SetUnitsInStock(int productID, int unitsInStock) { … sql.UnitsInStock = | … }

Where condition classes CustomersTblWhereCond CustomerIDWhereCondCompanyNameWhereCond WhereCond

So this the answer… public string GetCustomers (string companyName, … ) { CustomersTblSelectSQLStmt sql= new CustomersTblSelectSQLStmt (); if ((companyName!= null) && (companyName.Length > 0) { sql.AddWhereCondition( new CompanyNameWhereCond(companyName)); } return sql.GetSQL(); }

Advantages Problems solved: –type mismatch –syntax errors (and spelling errors) –semantic (structural) errors and more…

Databases Change!! Question: What’ll happen when there is a change in the database? Answer: Re-run sqldomgen. May get errors: No such class exists – if table/column is renamed/removed Data type conversion error – if data type of column is changed Missing constructor parameter – if a new column is added to a table

Convenient IDE public string GetallCustomers() { new CustomersTblSelectSQLStmt( ECustomersTblColumns.CustomerID, ECustomersTblColumns. …

SQL injection protection example: malicious SQL statements inserted into database through web form. e.g. submission of parameter “Bad Guy’ drop table Customers” non-string data types are now safe string types are checked and proofed

Disadvantages We do not enjoy the full power of SQL. What about GROUP BY and aggregate functions? EXISTS keyword? Nested queries? Co-dependent queries?

Can we do this? SELECT column1,column2 FROM Table T WHERE column2 > (SELECT AVG(column2) FROM Table T1 WHERE T.column1=T1.column1)

Disadvantages Performance (??) –Query generation takes up to x100 longer  –But…Actual figures are in thousands of ms per 10,000 generations of queries. –Query generation time << query runtime

Other existing developments SQLJ/Embedded SQL – do not support dynamic SQL statements. Object/relational mapping and persistent object systems – reduce expressive power.

Conclusion Many runtime problems become compile-time problems. More convenient Less powerful Slight overhead