Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Programming

SQL and programming languages

advertisement 
SQL and programming languages
SET08104 Database Systems
Copyright Napier University
Slide 1/14
Pure SQL
Pure SQL: Queries typed at an SQL prompt.
I
SQL is a non-procedural language.
I
SQL specifies WHAT, not HOW.
Pure SQL is good for:
I
I
I
I
I
defining database structure
generating low-volume, ad hoc queries
prototyping
Sophisticated applications are often implemented by using
SQL in combination with a programming language.
Slide 2/14
Embedded SQL
I
SQL can be embedded within procedural programming
languages.
I
These languages include C/C++, Java, Perl, Python, and
PHP.
Embedded SQL supports:
I
I
I
I
I
Highly customised applications.
Background applications running without user intervention.
Combining database tools with programming tools.
Databases on the WWW.
Slide 3/14
Two types of embedding
Low-level embedding (eg. C/C++):
I
SQL and program compiled into a single executable.
I
Very efficient link.
ODBC - Open Database Connectivity (eg. PHP/Java):
I
SQL query sent from the program to the database as a string.
I
Results returned as an array or list.
Independence of program and database:
I
I
I
Each language has one DBI (database interface) for all DBMS
types. (For example, JDBC for Java.)
Separate database drivers (DBD) for each DBMS type.
Slide 4/14
Low-level embedding (eg. C/C++)
I
Queries consist of a mixture of SQL and special commands.
I
A cursor steps through the resulting rows one at a time.
For example:
EXEC SQL SELECT empname INTO :ename
FROM employee WHERE eno = :eno;
Slide 5/14
Cursors
I
A pointer to the current item in a query result set.
I
Starts with the first item.
I
Steps through the results one at a time.
I
Some cursor implementations allow to step back up as well.
Slide 6/14
ODBC database connections
I
Connect to the database.
I
Prepare a query (as a string).
I
Execute the query.
I
Fetch the results (as an array of rows).
I
Finish the query (so that DB can clean up its buffers).
I
Disconnect from the database.
Slide 7/14
For example: Java
I
import the DBI libraries
Class.forName(”oracle.jdbc.OracleDriver”)
I
connect to the database
Connection con = DriverManager.getConnection
(”jdbc:oracle:Databasename”,”myLogin”,”myPassword”);
I
Execute a query
ResultSet rs = stmt.executeQuery
(”SELECT empno, surname FROM employee”);
I
Cursor points to the first row
rs.next()
Slide 8/14
Fetching the result (Java)
while (rs.next()) {
int emp = rs.getInt("empno");
String surn = rs.getString("surname");
System.out.println(emp + " " + surn); }
or
while (rs.next()) {
int emp = rs.getInt(1);
String surn = rs.getString(2);
System.out.println(emp + " " + surn);}
Slide 9/14
For example: PHP
I
I
I
I
I
I
connect to the database
$link = mysql connect(’hostname’,’uname’, ’passwd’);
Select database
mysql select db(’test’);
Execute a query
$result = mysql query(’select * from test’);
Fetch the result
(See next slide)
Finish the query
mysql free result($result);
Disconnect the database
mysql close($link);
mysql commands might throw errors, which should be caught:
... or die(’Error message ’ . mysql error());
Slide 10/14
Fetching the result (PHP)
echo "<table>";
while ($line = mysql fetch array($result, MYSQL ASSOC)){
echo "<tr>"; echo "<td>",$line[’firstfield’],"</td>";
echo "<td>",$line[’secondfield’],"</td>";
echo "<td>",$line[’thirdfield’],"</td>";
echo "</tr>";
}
echo "</table>";
Slide 11/14
Security Warning!
I
Using MySQL and PHP on the web is a potential severe
security risk.
I
There is a lot of nonsense information about how to use
MySQL with PHP on the web.
I
It is especially dangerous to take any user input (i.e. form
variables) and use them directly in an SQL query.
I
For an experienced programmer, PHP provides a lot of support
for writing secure code (but that is beyond this lecture).
I
Inexperienced programmers should not use MySQL with PHP.
Slide 12/14
Security Warning continued
This is a statement found in a PHP forum:
“At first my remote connection to Mysql did not work,
but then I discovered I only had to stop my firewall and it
worked fine.”
Slide 13/14
Security Warning continued
This is what a hacker might type into a textfield written by the
user on the previous slide:
0; SELECT * from mysql.user; - -
Slide 14/14
Related documents
Web Design and Database Course Outline and Content F27WD
Web Design and Database Course Outline and Content F27WD
Database Performance
Database Performance
Syllabus
Syllabus
sathyabama university - IndiaStudyChannel.com
sathyabama university - IndiaStudyChannel.com
Sociological Data Analysis
Sociological Data Analysis
SQL Saturday 2014-10-04
SQL Saturday 2014-10-04
Database Systems Manager
Database Systems Manager
CDT Core Decision Technolgies Inc
CDT Core Decision Technolgies Inc
To change the primary key using Table Designer (the semantic
To change the primary key using Table Designer (the semantic
Interim Evaluation 2
Interim Evaluation 2
lecture4
lecture4
PHP Bible – Chapter 19
PHP Bible – Chapter 19
Download
advertisement