System Aspects of SQL - inf.fu-berlin.de fileSystem Aspects of SQL SQL Environment User Access...

1

System Aspects of SQLSystem Aspects of SQL

SQL Environment

User Access Control

SQL in Programming Environment

Embedded SQL

SQL and Java

Transactions (Programmers View)

2

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL Environment: IntroductionSQL Environment: Introduction

�SQL server � Supports operations on database elements

� Typically runs on large host machine

�SQL client� Supports user connections to server

� Runs on (different) host machine

�Connection� Channel between client and server

2

3

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL Environment: IntroductionSQL Environment: Introduction

�Session� All SQL operations performed while connection open� Current catalog, current schema , authorized user

�Application� Module: application program� SQL agent: execution of module

SQL ClientSQL ServerConnection

Session

SQL EnvironmentSQL agent

4

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL Environment: Module TypesSQL Environment: Module Types

�Generic SQL Interface:� Module: each query or statement

�Embedded SQL:� SQL statements within host-language program

� SQL statements pre-processed to function calls

� Calls executed at run-time

�True modules:� Collection of stored procedures

� Host language code, SQL code

3

5

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL Environment: PrivilegesSQL Environment: Privileges

�User� Outside schema, handling implementation dependent

� Identification by Authorization ID (user name)

�Role� Defines user group

� Inside schema, handling via SQL statements

� Identification by Authorization ID (role name)

� All users: special role PUBLIC

� Examples:

CREATE ROLE Customer; CREATE ROLE Secretary WITH ADMIN Klaus; CREATE ROLE Movie_staff; CREATE ROLE Shop_owner;

6

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: IntroductionUser Access Control: Introduction

�Secrecy: � Users should not be able to see things they are not supposed to.

� e.g., A student can’t see other students’ grades.

�Integrity: � Users should not be able to modify things they are not supposed to.

� e.g., Only instructors can assign grades.

�Availability: � Users should be able to see and modify things they are allowed to.

4

7

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: IntroductionUser Access Control: Introduction

�Security policy specifies authorization�Security mechanism enforces a security policy

�Two mechanisms at DBMS level

�Discretionary access control� Concept of privileges for objects (tables and views)� Mechanisms for giving and revoking users privileges

�Mandatory access control� System-wide policies for DBS� DB object have security class� Rules on security classes govern access � Used for specialized (e.g., military) applications

8

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: PrivilegesUser Access Control: Privileges

�Privileges� Right to perform SQL statement type on objects

� Assigned to roles (authorization IDs)

� Creator of object: all privileges

� DBMS: management of privileges and access rights

�Privilege types:� SELECT on table or view

� INSERT on table or view

� DELETE on table or view

� UPDATE on table or view

� REFERENCES: right to refer to relation in constraint

� USAGE: (SQL-92) right to use specified domain

� ALL PRIVILEGES: short form for all privileges

5

9

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: PrivilegesUser Access Control: Privileges

�Example

�Privileges: � SELECT on Tape

� SELECT on Format

� INSERT on Format

INSERT INTO Format(name)

SELECT format

FROM Tape t

WHERE t.format NOT IN (SELECT name

FROM format);

10

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: PrivilegesUser Access Control: Privileges

�Grant privilege

� GRANT OPTION: Right to pass privilege on to other users

� Only owner can execute CREATE, ALTER, and DROP

GRANT <privileges> ON <object>

TO <users> [WITH GRANT OPTION]

GRANT <privileges>

ON <tablename(<attributenames>)>

TO <users> [WITH GRANT OPTION]

�Privilege to SELECT particular columns in a table

6

11

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: PrivilegesUser Access Control: Privileges

�Examples:

GRANT INSERT, SELECT ON Movie TO Klaus

Klaus can query Movie or insert tuples into it.

GRANT DELETE ON Movie TO shop_owner WITH GRANT OPTION

Anna can delete tuples, and also authorize others to do so

GRANT UPDATE (pricePDay) ON Movie TO movie_staff

Staff can update (only) the price field of Movie tuples

GRANT SELECT ON MovieView TO Customers

This does NOT allow the customers to query Movie directly!

12

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: Privileges on viewsUser Access Control: Privileges on views

�Creator has privilege on view if privilege on all underlying tables

�Creator loses SELECT privilege on underlying table ⇒ view is dropped

�Creator loses a privilege on underlying table ⇒creator loses privilege on view

�Creator loses a privilege held with grant option on underlying table ⇒ users who were granted that privilege on the view lose privilege on view

7

13

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: PrivilegesUser Access Control: Privileges

�Revoke privilege

� RESTRICT: only revoke if non of the privileges have been granted by these users

� Privilege given from different users – must be revoked from all users to loose privilege

REVOKE <privileges>

ON <object>

FROM <users> RESTRICT

Core SQL:1999

14

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: ExamplesUser Access Control: Examples

Owner: GRANT Update ON Movie TO Klaus;

Owner: GRANT Update ON Movie TO Anna;

owner

Movie

Priv

Klaus

Priv

Anna

Priv

Owner: REVOKE Update ON Movie FROM Klaus RESTRICT;

owner

Movie

Priv

Klaus Anna

Priv

8

15

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: ExamplesUser Access Control: Examples

Owner: GRANT Update ON Movie TO Klaus WITH GRANT OPTION;

Klaus: GRANT Update ON Movie TO Anna;

owner

Movie

Priv

Klaus

Priv

Anna

Priv

Owner: REVOKE Update ON Movie FROM Klaus RESTRICT;

owner

Movie

Priv

Klaus Anna

Grant

Priv Priv

Grant Command fails !

16

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: PrivilegesUser Access Control: Privileges

�Revoke privilege

� CASCADE: revoke from all users that have been granted the privilege by these users

� RESTRICT: only revoke if non of the privileges have been granted by this user

REVOKE [GRANT OPTION FOR] <privileges>

ON <object>

FROM <users> {RESTRICT | CASCADE}

enhanced SQL:1999

9

17

FU-Berlin, DBS I 2

006, H

inze / S

cholz

Grant

User Access Control: ExamplesUser Access Control: Examples

Owner: GRANT Update ON Movie TO Klaus WITH GRANT OPTION;

Klaus: GRANT Update ON Movie TO Anna;

owner

Movie

Priv

Klaus

Priv

Anna

Priv

Owner: REVOKE Update ON Movie FROM Klaus CASCADE;

owner

Movie

Priv

Klaus Anna

18

FU-Berlin, DBS I 2

006, H

inze / S

cholz

Grant

User Access Control: ExamplesUser Access Control: Examples

Owner: GRANT Update ON Movie TO Klaus WITH GRANT OPTION;

Klaus: GRANT Update ON Movie TO Anna;

owner

Movie

Priv

Klaus

Priv

Anna

Priv

Owner: REVOKE GRANT OPTION FOR Update ON Movie FROM Klaus CASCADE;

owner

Movie

Priv

Klaus Anna

Priv

10

19

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: ExamplesUser Access Control: Examples

Owner: REVOKE GRANT OPTION FOR Update ON Movie FROM Klaus CASCADE;

owner

Movie

Priv

Klaus Anna

Priv

Owner: GRANT Update ON Movie TO Klaus WITH GRAND OPTION;

Owner: GRANT Update ON Movie TO Anna;

owner

Movie

Priv

Klaus

Priv

Anna

Priv

Klaus: GRANT Update ON Movie TO Anna;

20

FU-Berlin, DBS I 2

006, H

inze / S

cholz

User Access Control: Object ownersUser Access Control: Object owners

�Schema owner: � Right for create, drop, alter (no privilege, not grantable)

� All privileges on schema objects

�Object creator/owner:� Create statement: current authorizationID is owner

� Enhanced SQL:1999 : owner needn't be creator

�Current user privileges in Oracle:

SQL> SELECT * FROM session_privs;

PRIVILEGE

----------------------------------------

CREATE SESSION

ALTER SESSION

CREATE TABLE

....

SQL> SELECT * FROM session_privs;

PRIVILEGE

----------------------------------------

CREATE SESSION

ALTER SESSION

CREATE TABLE

....

11

21

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: IntroductionSQL in Programs: Introduction

�SQL� Sub-language for data access

� Efficient database operations

�Host language: � Control structures

� Complex computations

� User interface: output formatting, forms

� Transactions: DB interactions as unit of work

�SQL and host language needed

22

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Impedance MismatchSQL in Programs: Impedance Mismatch

�Impedance Mismatch:

differing data model of SQL and host language

�Problems:� Set oriented operations vs manipulation of individuals

� Interconnection of program variables and SQL statements

� Compilation time of embedded SQL-statements

12

23

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Program/DBS CommunicationSQL in Programs: Program/DBS Communication

1. Fourth Generation Languages (4GL)� Decreasing importance

2. Module Languages� Standardized in SQL:1999

3. Call level interface� Most important approach

� Standardized in SQL:1999

4. Component architectures� Hiding the details of DB interaction

� Example: Enterprise Java Beans (EJB)

24

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: 1. SQL in Programs: 1. 4GL4GL

�Underlying assumption: � application programs algorithmically simple

� sophisticated output formatting needed

� difficult to switch between different DBS

�Technical concept:

�Decreasing importance

Client workstation(presentation, requests, GUI)

Database server

Proprietary protocol

13

25

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: 2. SQL in Programs: 2. ModulesModules

�Parameterized modules of SQL statements

�Standardized in SQL:1999

�Compiled for a particular language

�Linked to application program

�Language Examples: COBOL, C, ADA, ...

�Disadvantages:� SQL code hidden in application and vice versa

� Not widely used

�Used in stored procedures (e.g., Oracle PL/SQL)

�Executed under control of DBS

26

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: 2. SQL in Programs: 2. Modules (cont)Modules (cont)

�Example:MODULE demo NAMES are ascii

LANGUAGE FORTRAN

SCHEMA movie_db AUTHORIZATION ...

PROCEDURE discount_op

(SQLSTATE, :title VARCHAR(40),

:discount DECIMAL(3,2))

UPDATE Movie M

SET pricePday = pricePday - :discount

WHERE M.title = :title;

PROCEDURE customerState

(SQLSTATE, :customer INTEGER)

SELECT movie_id,tape_id,from_date

FROM Tape T, Rental R

WHERE R.member = customer

AND R.tape_id = T.id;

MODULE demo NAMES are ascii

LANGUAGE FORTRAN

SCHEMA movie_db AUTHORIZATION ...

PROCEDURE discount_op

(SQLSTATE, :title VARCHAR(40),

:discount DECIMAL(3,2))

UPDATE Movie M

SET pricePday = pricePday - :discount

WHERE M.title = :title;

PROCEDURE customerState

(SQLSTATE, :customer INTEGER)

SELECT movie_id,tape_id,from_date

FROM Tape T, Rental R

WHERE R.member = customer

AND R.tape_id = T.id;

ProgramLanguagevariables

Returnedstate value

14

27

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: 3. Call level interfaceSQL in Programs: 3. Call level interface

�Interface in standard programming languages

�Proprietary library routines, API

�Embedded C / Java / ..Standardized language extensions

�Standardized API � Open Database connection (ODBC),

� Java Database Connectivity (JDBC)

28

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: 3. Call level interfaceSQL in Programs: 3. Call level interface

�Language/DBS specific library of procedures

�Example: MySQL C API� Buffer for transferring commands and results

� API data types, e.g.,

� API functions, e.g.,

MYSQL handle for db connections

MYSQL_RES result set structure

mysql_real_query()

mysql_real_query(MYSQL *mysql,

const char *query,

unsigned int queryLength)

15

29

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL

�Direct SQL:� SQL interpreter accepts and executes SQL commands

�SQL in host language:� Program in programming language (C, Java,…)

� Parts of program in SQL statements

� Most implementations: call level interface used

� Most popular: Embedded C (Oracle: PRO*C)

�Java support� SQLJ = Embedded Java

� JDBC = Standardized call interface for Java

30

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL

�Program with "native" and SQL-like statements

�Pre-compiler = Preprocessor creates native code

�Calls to DBS resources included

�Programmer: embedded SQL or function calls

Preprocessor

Host language+

Embedded SQL

Host language+

Function CallsHost languagecompiler

Object-codeprogram

SQLlibrary

16

31

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Static/dynamic embeddingSQL in Programs: Static/dynamic embedding

�Static embedding: � SQL commands known in advance

� SQL-compilation and language binding at pre-compile time

�Dynamic SQL: � SQL-String compiled at runtime

� variable bindings at runtime

32

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL

�Concepts:� Well defined type mapping (for different languages)

� Syntax for embedded SQL statements

� Binding to host language variables

� Exception handling

WHENEVER <condition> <action>SQLSTATE

EXEC SQL {SELECT title FROM ...}

EXEC SQL {SELECT id FROM Movie

WHERE titel = :titleString};...

17

33

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL

�SQL / Host Language Interface:

� Embedded SQL-statement:

� Shared variables:

� Exception handling:

EXEC SQL <sql statement>

:<variableName> (access in SQL)

<variableName> (access in host language)

SQLSTATE (SQL function execution status)

e.g., 00000 - no problem

02000 – answer tuple not found

34

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL

�Shared variable declaration

�Syntax:

� Declaration in host language

� Use variable types in common

�Example:

EXEC SQL BEGIN DECLARE SECTION;

…

EXEC SQL END DECLARE SECTION;

EXEC SQL BEGIN DECLARE SECTION;

integer movie_number;integer movie_number;

integer tape_number; integer tape_number;

EXEC SQL END DECLARE SECTION;

18

35

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL

�Single row results: � direct insert into variable

�Syntax:

�Multiple row results:� Use of cursors on result set

EXEC SQL SELECT <attributeName>

INTO :<sharedVariable>

FROM <tableNames>

WHERE <condition>

36

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Cursor conceptSQL in Programs: Cursor concept

�Cursor: � Name of SQL statement and

� Handle for processing the result set record by record

�Defined at runtime

�Opened at runtime (SQL-statement executed)

�Used in most language embeddings of SQL � e.g., ESQL-C, PL/SQL, JDBC

Important concept

19

37

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Cursor conceptSQL in Programs: Cursor concept

� No binding of result attributes to variables

� Allows traversal of result set row by row

1. Cursor declaration

2. Cursor initialisation

3. Fetch tuples

4. Close cursor

OPEN FETCH EMPTY? CLOSEDECLAREyes

no

38

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Cursor conceptSQL in Programs: Cursor concept

�Cursor declaration:

�Cursor initialisation:

� binds input variables

� executes query

� puts first results into communication area

� positions cursor before first row of the result set

EXEC SQL DECLARE <cursorName> CURSOR

FOR <query>

EXEC SQL OPEN <cursorName>;

20

39

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Cursor conceptSQL in Programs: Cursor concept

�Fetch tuples:

� Puts next results into communication area

� Positions cursor before before next row of the result set

� Assigns tuple to shared variables

� Sets SQLSTATE

EXEC SQL FETCH <cursorName>

INTO :<shared variable>;

40

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: ExampleSQL in Programs: Example

#include <stdio.h>

/* declare host variables */

EXEC SQL BEGIN DECLARE SECTION;

char userid[12] = "ABEL/xyz";

char movie_name[10];

int movie_number;

int tape_number;

char temp[32];

void sql_error();

EXEC SQL END DECLARE SECTION;

/* include the SQL Communication Area */

#include <sqlca.h>

#include <stdio.h>

/* declare host variables */

EXEC SQL BEGIN DECLARE SECTION;

char userid[12] = "ABEL/xyz";

char movie_name[10];

int movie_number;

int tape_number;

char temp[32];

void sql_error();

EXEC SQL END DECLARE SECTION;

/* include the SQL Communication Area */

#include <sqlca.h>

21

41

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: ExampleSQL in Programs: Example

/* main program */

main()

{ movie_number = 200;

/* handle errors */

EXEC SQL WHENEVER SQLERROR

do sql_error("Oracle error");

/* connect to Oracle */

EXEC SQL CONNECT :userid;

printf("Connected.\n");

/* main program */

main()

{ movie_number = 200;

/* handle errors */

EXEC SQL WHENEVER SQLERROR

do sql_error("Oracle error");

/* connect to Oracle */

EXEC SQL CONNECT :userid;

printf("Connected.\n");

42

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: ExampleSQL in Programs: Example

/* declare a cursor */

EXEC SQL DECLARE movie_cursor

CURSOR FOR

SELECT m.title

FROM movie m, tape t

WHERE t.id = :tape_number

AND t.movie_id = m.id;

/* get user data */

printf(“Tape number? ");

gets(temp);

tape_number = atoi(temp);

/* declare a cursor */

EXEC SQL DECLARE movie_cursor

CURSOR FOR

SELECT m.title

FROM movie m, tape t

WHERE t.id = :tape_number

AND t.movie_id = m.id;

/* get user data */

printf(“Tape number? ");

gets(temp);

tape_number = atoi(temp);

22

43

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: ExampleSQL in Programs: Example

/* open the cursor and

identify the result set */

EXEC SQL OPEN movie_cursor;

…

/* fetch and process data in a loop

exit when no more data */

EXEC SQL WHENEVER NOT FOUND DO break;

while (1){

EXEC SQL FETCH movie_cursor

INTO :movie_name; …

}

/* open the cursor and

identify the result set */

EXEC SQL OPEN movie_cursor;

…

/* fetch and process data in a loop

exit when no more data */

EXEC SQL WHENEVER NOT FOUND DO break;

while (1){

EXEC SQL FETCH movie_cursor

INTO :movie_name; …

}

44

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: ExampleSQL in Programs: Example

/* close cursor before another SQL

statement is executed */

EXEC SQL CLOSE movie_cursor;

EXEC SQL COMMIT WORK RELEASE;

exit(0);

}

/* close cursor before another SQL

statement is executed */

EXEC SQL CLOSE movie_cursor;

EXEC SQL COMMIT WORK RELEASE;

exit(0);

}

23

45

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Positioned UpdateSQL in Programs: Positioned Update

�Step through set of rows and update or delete

�Syntax:

�Example:

EXEC SQL DECLARE <cursorName> CURSOR

FOR <query>

FOR UPDATE ON <attribute>;

… WHERE CURRENT OF <cursorName>…

EXEC SQL DECLARE myCurs CURSOR

FOR SELECT id,length,title FROM MovieFOR UPDATE ON length

EXEC SQL UPDATE Movie

SET lenght = length + 1

WHERE CURRENT OF myCurs;

46

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Cursor OptionsSQL in Programs: Cursor Options

�Ordering tuples� Use ORDER BY in query

�Cursor motion � SCROLL CURSOR

� Relative to current position: PRIOR/NEXT/RELATIVE<nr>

e.g., FETCH <cursorName> PRIOR INTO ...

� Absolute position: first/last/ABSOLUTE<nr>

�Limit effect of changes� Performance: cursor FOR READ ONLY

� Concurrent access: INSENSITIVE CURSOR FOR …

24

47

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Cursor sensitivitySQL in Programs: Cursor sensitivity

�Example:

�Changes not visible in result set

�Visible if cursor closed and reopened

EXEC SQL DECLARE myCurs INSENSITIVE CURSOR

FOR SELECT id,length,title FROM MovieFOR UPDATE ON length WHERE id >100;

EXEC SQL OPEN...

EXEC SQL FETCH myCurs INTO .....

UPDATE Movie SET lenght = length + 20

WHERE CURRENT OF myCurs;

48

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Dynamic SQLSQL in Programs: Dynamic SQL

�Statements not known at compile time� Statements computed by host language

� User input of query

�Tasks at run-time:� Pass query string to SQL system

� Translate to executable statement

� Execute statement

�Use ‘Prepared Statements’

25

49

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Dynamic SQLSQL in Programs: Dynamic SQL

�Step 1:

� String: SQL statement

� SQLvariable: assigned SQL statement

� Parse and prepare statement for execution

EXEC SQL PREPARE <SQLvariable>

FROM <string>

EXEC SQL EXECUTE <SQLvariable>

�Step 2:

� Execute statement SQLvariable

50

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Dynamic SQLSQL in Programs: Dynamic SQL

�Example:

void readQuery(){

EXEC SQL BEGIN DECLARE SECTION;

char *query;

EXEC SQL END DECLARE SECTION;

…

/* prompt user for query

allocate space

make :query point to query*/

…

EXEC SQL PREPARE SQLquery FROM :query;

EXEC SQL EXECUTE SQLquery;

}

void readQuery(){

EXEC SQL BEGIN DECLARE SECTION;

char *query;

EXEC SQL END DECLARE SECTION;

…

/* prompt user for query

allocate space

make :query point to query*/

…

EXEC SQL PREPARE SQLquery FROM :query;

EXEC SQL EXECUTE SQLquery;

}

26

51

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Dynamic SQLSQL in Programs: Dynamic SQL

�Multiple execution:� Prepare once

� Execute many times

�Single execution:� Combination of step 1 an 2

� Example:

EXEC SQL EXECUTE IMMEDIATE <string>

…

EXEC SQL EXECUTE IMMEDIATE :query;

…

…

EXEC SQL EXECUTE IMMEDIATE :query;

…

52

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: SQL in Programs: SQL & JavaSQL & Java

�SQLJ � Embedded SQL for Java

� Compiles to JDBC method call

� Defined and implemented by major DBS companies (Oracle in particular)

�JDBC � Java call-level interface (API) for SQL DBS

� DB vendor independent

� Supports static and dynamic SQL

� Implemented by nearly all DB vendors

27

53

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: SQLJSQL in Programs: SQLJ

�Part 1: SQLJ Embedded SQL� Mostly reviewed and implemented

� Integrated with JDBC API

� Oracle has placed Translator source into public domain

�Part 2: SQLJ Stored Procedures and UDFs� Using Java static methods as SQL stored procedures & functions

� Leverages JDBC API

�Part 3: SQLJ Data Types� Pure Java Classes as SQL ADTs

� Alternative to SQL:1999 Abstract Data Types

54

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: SQLJ ExampleSQL in Programs: SQLJ Example

// Part of a SQLJ program, one method:

public void changeMovie(int movieid, int newTape)

{

string mtitle;

int tnumber;

#sql { SELECT m.title, count(t.id)

INTO :mtitle, :tnumber

FROM movie m, tape t

WHERE m.id = :movieid

AND m.id = t.movie_id };

if (tnumber < 3)

#sql {INSERT INTO tape VALUES

(:newTape, 'DVD', :movieid)};

}

// Part of a SQLJ program, one method:

public void changeMovie(int movieid, int newTape)

{

string mtitle;

int tnumber;

#sql { SELECT m.title, count(t.id)

INTO :mtitle, :tnumber

FROM movie m, tape t

WHERE m.id = :movieid

AND m.id = t.movie_id };

if (tnumber < 3)

#sql {INSERT INTO tape VALUES

(:newTape, 'DVD', :movieid)};

}

28

55

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: SQL in Programs: SQL & JavaSQL & Java

�Java in Web context (2 tier architecture):

JDBC

Java application

DBMS

Business Logic (application)

Proprietary protocol of DBMS

Database Server

56

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: SQL in Programs: SQL & JavaSQL & Java

�Java in Web context (3 tier architecture):

JDBC

Application server

DBMS

Java applet or WWW Browser

GUI

Proprietary protocol of DBMS

Database Server

Business Logic (application)

HTTP, RMI, CORBA,…

29

57

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: SQL in Programs: JDBCJDBC

1. Preparation

2. Load a driver � many vendor products

� url JDBC-Driver and host information

Class.forName(

"oracle.jdbc.driver.OracleDriver");

String url = "jdbc:oracle:thin:

@<host>:<port>:<db>";

import java.sql.*;

58

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: SQL in Programs: JDBCJDBC

3. Set up connection database(s)

� Several connections at a time possible

4. Create statement object

� Similar to channel for sending queries to database

Connection con = DriverManager.getConnection(

"jdbc:oracle:thin:@<host>:<port>:<db>",

<username>,<password>);

Statement stmt = con.createStatement();

30

59

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: SQL in Programs: JDBCJDBC

5. Send SQL query string

� results in ResultSet object

6. Process results one after the other� processed with "hidden cursor"

ResultSet rs = stmt.executeQuery(“<query>" );

while (rs.next()){

for (i = 1; i <= numCols; i++){

if (i > 1) System.out.print(",");

System.out.print(rs.getString(i));

}

}

60

FU-Berlin, DBS I 2

006, H

inze / S

cholz

#import java.io.*;#import java.sql.*;#import java.util.*;...

#import java.io.*;#import java.sql.*;#import java.util.*;...

SQL in Programs: JDBC ExampleSQL in Programs: JDBC Example

Class.forName("oracle.jdbc.driver.OracleDriver");

String url = "jdbc:oracle:thin:@kuh:1521:INTROKUH";

Connection con = DriverManager.getConnection

( url, “user", “passwort");

Protocol Oracle-spec. Sub-protocol Host Port

3. Connect to database

2. Load driver

1. Preparation

31

61

FU-Berlin, DBS I 2

006, H

inze / S

cholz

.

.

.

.

.

.

.

.

Statement stmt = con.createStatement();

ResultSet rs = stmt.executeQuery("SELECT id, title FROM movie");

while (rs.next()) {String n = rs.getInt(“id");String n = rs.getString(“title");System.out.println(s + ": " + n);}

5. execute statement

4. Create SQL-statement

SQL in Programs: JDBC ExampleSQL in Programs: JDBC Example

6. Process results

}

62

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: JDBC variable binding SQL in Programs: JDBC variable binding

�No explicit cursor

�Several methods in JDBC� e.g.,

�Access result data by position or by name� By position:

� By name:

boolean next(), void close(),

<JavaType> get<JavaType>(),

boolean wasNull()

String s = rs.getString(2);

String rs.getString ("b") ;

32

63

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: JDBC variable binding SQL in Programs: JDBC variable binding

�Example:

java.sql.Statement stmt = con.createStatement();

ResultSet rs1 = stmt.executeQuery

("SELECT id, title FROM movie");

while (rs1.next()) {

int mid = rs1.getInt(“id");

String mt = rs1.getString(“title");

System.out.println("ROW:" + mid + " " + mt);}

ResultSet rs2 = stmt.executeQuery

("SELECT id, movie_id FROM tape");

while (rs2.next()) {

int tid = rs2.getInt(1);

int tmid = rs2.getInt(2);

System.out.println("ROW:" + tid + " " + tmid);}

java.sql.Statement stmt = con.createStatement();

ResultSet rs1 = stmt.executeQuery

("SELECT id, title FROM movie");

while (rs1.next()) {

int mid = rs1.getInt(“id");

String mt = rs1.getString(“title");

System.out.println("ROW:" + mid + " " + mt);}

ResultSet rs2 = stmt.executeQuery

("SELECT id, movie_id FROM tape");

while (rs2.next()) {

int tid = rs2.getInt(1);

int tmid = rs2.getInt(2);

System.out.println("ROW:" + tid + " " + tmid);}

64

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Prepared statementsSQL in Programs: Prepared statements

�Pass input parameters

�Use prepared statement

� Statement compiled

� Missing values in query: “?”

�Set value:

java.sql.PreparedStatement prepStmt =

con.prepareStatement(<query>);

prepStmt.setString(<position>, <value>);

33

65

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Prepared statementsSQL in Programs: Prepared statements

String mTitle;

....

java.sql.PreparedStatement prepStmt =

con.prepareStatement(

"SELECT count(*)

FROM Movie m, Tape t

WHERE t.movie_id = m.id

AND m.title = ? );

prepStmt.setString(1, mTitle);

ResultSet rs = prepStmt.executeQuery() ;

while (rs.next()){

int i = r.getInt(1);

// by position, no name available

System.out.println("Number of tapes for " +

mTitle + " is: " +i)

}

String mTitle;

....

java.sql.PreparedStatement prepStmt =

con.prepareStatement(

"SELECT count(*)

FROM Movie m, Tape t

WHERE t.movie_id = m.id

AND m.title = ? );

prepStmt.setString(1, mTitle);

ResultSet rs = prepStmt.executeQuery() ;

while (rs.next()){

int i = r.getInt(1);

// by position, no name available

System.out.println("Number of tapes for " +

mTitle + " is: " +i)

}

66

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Positioned updateSQL in Programs: Positioned update

�Positioned update needs cursor name

�Define cursor (JDBC 1)

� Use for updates and deletes

�Define cursor (JDBC2)� more flexible (anonymous) cursor handling

� setCursorName not implemented in Oracle Driver

public void setCursorName(String name)

throws SQLException

34

67

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Positioned updateSQL in Programs: Positioned update

�JDBC 2.0� Result set scrollable and updateable

� Example:

Statement stmt = con.createStatement(

ResultSet.TYPE_SCROLL_SENSITIVE,

ResultSet.CONCUR_UPDATABLE);

stmt.setFetchSize(25);

ResultSet rs = stmt.executeQuery(

"SELECT id, title

FROM movie");

rs.first();

rs.updateString(“title“, “xxxxx”);

rs.updateRow();

68

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: TransactionsSQL in Programs: Transactions

�Transaction: � Collection of one or more database operations executed atomically (either all operations or none )

�Programmers view:� Everything between beginning of a sequence of operations on the database and ‘COMMIT’ or ‘ROLLBACK’

� No explicit "transaction begin" command

... OPEN MyCurs;........ ; COMMIT;

Begin of first transaction(first SQL command in program) End of first transaction

35

69

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: TransactionsSQL in Programs: Transactions

�COMMIT� Effects on database made permanent

�ROLLBACK� Aborts transaction

� All changes in transaction undone (rolled back)

�Programmers View:� Auto-commit mode: each SQL-command is a transaction

� Various transaction isolation levels

70

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: TransactionsSQL in Programs: Transactions

�Transaction manager: � Isolate concurrent users from each other

�Problems:� Lost update: same object concurrently updated by two users, one update lost

� Dirty read: object value changed by transaction which aborts later

� Non-repeatable read: same object has different value within same transaction

� Phantom tuples: non-repeatable read caused by insertions or deletions

36

71

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Isolation levelsSQL in Programs: Isolation levels

�READ UNCOMMITTED

� Allows read access to uncommitted transactions

� Transaction has to be read only

� Lowest locking overhead

� Unpleasant effects may occur

�Example:� TA1 increases the prices of some movies in DB by 5%

� TA2 scrolls through all movies, sees new prices

SET TRANSACTION

READ ONLY,

ISOLATION LEVEL READ UNCOMMITTED

72

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Isolation levelsSQL in Programs: Isolation levels

�READ COMMITTED

� Allows read access to committed transactions only

� Long write locks, no or short read locks

� Non-repeatable reads

�Example:

SET TRANSACTION

ISOLATION LEVEL READ COMMITTED

TA1

Read(a)

x=x+a

Read(a)

y:=y-a

TA2

Write a=a-10

commit

Wrong balance

37

73

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Isolation levelsSQL in Programs: Isolation levels

�REPEATABLE READ

� Allows read access to committed transactions only

� All data isolated from concurrent writes

� Read and write locks long term until end of TA

� Phantom tuples may occur

SET TRANSACTION

ISOLATION LEVEL REPEATABLE READ

74

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Isolation levelsSQL in Programs: Isolation levels

�SERIALIZABLE

� Allows read access to committed transactions only

� All data isolated from concurrent writes

� No phantom tuples inserted into the read set by other transaction

� Standard default

SET TRANSACTION

ISOLATION LEVEL SERIALIZABLE

38

75

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Transactions and JDBCSQL in Programs: Transactions and JDBC

�Transactional properties of connections� TRANSACTION_NONE (not implemented)

� TRANSACTION_READ_UNCOMMITTED

� TRANSACTION_READ_COMMITTED

� TRANSACTION_REPEATABLE_READ

� TRANSACTION_SERIALIZABLE

�Methods:� public void setTransactionIsolation(int

level) throws SQLExceptionpublic void

� setAutoCommit(boolean autoCommit)

� public void commit() throws SQLException

� public void rollback() throws SQLException

76

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Visibility of changesSQL in Programs: Visibility of changes

�Scroll-insensitive result set� no change by other result sets – even in the same TA – are visible

� Updates in result set r visible for operations on r

� Deletes / inserts (!) in result set r not visible

�Sensitive result set: � depending on connection isolation level

ResultSet rs = stmt1.executeQuery(

"SELECT id, length FROM movie");

int i = stmt2.executeUpdate (

“DELETE FROM movie“);

rs.first();

rs.updateString(“title“, “xxxxx”);

rs.updateRow();

39

77

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: Exception handlingSQL in Programs: Exception handling

�Abort transaction when error:

� WHENEVER SQLERROR CONTINUE prevents ROLLBACK from (infinite) invocation of routine

�Example:

EXEC SQL WHENEVER SQLERROR CONTINUE;

EXEC SQL ROLLBACK WORK RELEASE;

void sql_error(msg){

char buf[500];

int buflen, msglen;

EXEC SQL WHENEVER SQLERROR CONTINUE;

EXEC SQL ROLLBACK WORK RELEASE;

buflen = sizeof (buf);

sqlglm(buf, &buflen, &msglen);

printf("%s\n", msg);

printf("%*.s\n", msglen, buf);

exit(1); }

void sql_error(msg){

char buf[500];

int buflen, msglen;

EXEC SQL WHENEVER SQLERROR CONTINUE;

EXEC SQL ROLLBACK WORK RELEASE;

buflen = sizeof (buf);

sqlglm(buf, &buflen, &msglen);

printf("%s\n", msg);

printf("%*.s\n", msglen, buf);

exit(1); }

78

FU-Berlin, DBS I 2

006, H

inze / S

cholz

SQL in Programs: SummarySQL in Programs: Summary

� Access Rights� Means to ensure data security

� Privileges to roles

� Program – DB communication:� Fourth Generation Languages (4GL)

� Module Languages

� Call level interface

� Component architectures

� Transactions in programs � Isolation levels

� Begin, end transaction