System Aspects of SQLSystem Aspects of SQL
SQL Environment
User Access Control
SQL in Programming Environment
Embedded SQL
SQL and Java
Transactions (Programmers View)
2
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL Environment: IntroductionSQL Environment: Introduction
�SQL server � Supports operations on database elements
� Typically runs on large host machine
�SQL client� Supports user connections to server
� Runs on (different) host machine
�Connection� Channel between client and server
3
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL Environment: IntroductionSQL Environment: Introduction
�Session� All SQL operations performed while connection open� Current catalog, current schema , authorized user
�Application� Module: application program� SQL agent: execution of module
SQL ClientSQL ServerConnection
Session
SQL EnvironmentSQL agent
4
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL Environment: Module TypesSQL Environment: Module Types
�Generic SQL Interface:� Module: each query or statement
�Embedded SQL:� SQL statements within host-language program
� SQL statements pre-processed to function calls
� Calls executed at run-time
�True modules:� Collection of stored procedures
� Host language code, SQL code
5
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL Environment: PrivilegesSQL Environment: Privileges
�User� Outside schema, handling implementation dependent
� Identification by Authorization ID (user name)
�Role� Defines user group
� Inside schema, handling via SQL statements
� Identification by Authorization ID (role name)
� All users: special role PUBLIC
� Examples:
CREATE ROLE Customer; CREATE ROLE Secretary WITH ADMIN Klaus; CREATE ROLE Movie_staff; CREATE ROLE Shop_owner;
6
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: IntroductionUser Access Control: Introduction
�Secrecy: � Users should not be able to see things they are not
supposed to.
� e.g., A student can’t see other students’ grades.
�Integrity: � Users should not be able to modify things they are not
supposed to.
� e.g., Only instructors can assign grades.
�Availability: � Users should be able to see and modify things they are
allowed to.
7
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: IntroductionUser Access Control: Introduction
�Security policy specifies authorization�Security mechanism enforces a security policy
�Two mechanisms at DBMS level
�Discretionary access control� Concept of privileges for objects (tables and views)� Mechanisms for giving and revoking users privileges
�Mandatory access control� System-wide policies for DBS� DB object have security class� Rules on security classes govern access � Used for specialized (e.g., military) applications
8
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: PrivilegesUser Access Control: Privileges
�Privileges� Right to perform SQL statement type on objects
� Assigned to roles (authorization IDs)
� Creator of object: all privileges
� DBMS: management of privileges and access rights
�Privilege types:� SELECT on table or view
� INSERT on table or view
� DELETE on table or view
� UPDATE on table or view
� REFERENCES: right to refer to relation in constraint
� USAGE: (SQL-92) right to use specified domain
� ALL PRIVILEGES: short form for all privileges
9
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: PrivilegesUser Access Control: Privileges
�Example
�Privileges: � SELECT on Tape
� SELECT on Format
� INSERT on Format
INSERT INTO Format(name)
SELECT format
FROM Tape t
WHERE t.format NOT IN (SELECT name
FROM format);
10
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: PrivilegesUser Access Control: Privileges
�Grant privilege
� GRANT OPTION: Right to pass privilege on to other users
� Only owner can execute CREATE, ALTER, and DROP
GRANT <privileges> ON <object>
TO <users> [WITH GRANT OPTION]
GRANT <privileges>
ON <tablename(<attributenames>)>
TO <users> [WITH GRANT OPTION]
�Privilege to SELECT particular columns in a table
11
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: PrivilegesUser Access Control: Privileges
�Examples:
GRANT INSERT, SELECT ON Movie TO Klaus
Klaus can query Movie or insert tuples into it.
GRANT DELETE ON Movie TO shop_owner WITH GRANT OPTION
Anna can delete tuples, and also authorize others to do so
GRANT UPDATE (pricePDay) ON Movie TO movie_staff
Staff can update (only) the price field of Movie tuples
GRANT SELECT ON MovieView TO Customers
This does NOT allow the customers to query Movie directly!
12
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: Privileges on viewsUser Access Control: Privileges on views
�Creator has privilege on view if privilege on all underlying tables
�Creator loses SELECT privilege on underlying table ⇒ view is dropped
�Creator loses a privilege on underlying table ⇒creator loses privilege on view
�Creator loses a privilege held with grant option on underlying table ⇒ users who were granted that privilege on the view lose privilege on view
13
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: PrivilegesUser Access Control: Privileges
�Revoke privilege
� RESTRICT: only revoke if non of the privileges have been granted by these users
� Privilege given from different users – must be revoked from all users to loose privilege
REVOKE <privileges>
ON <object>
FROM <users> RESTRICT
Core SQL:1999
14
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: ExamplesUser Access Control: Examples
Owner: GRANT Update ON Movie TO Klaus;
Owner: GRANT Update ON Movie TO Anna;
owner
Movie
Priv
Klaus
Priv
Anna
Priv
Owner: REVOKE Update ON Movie FROM Klaus RESTRICT;
owner
Movie
Priv
Klaus Anna
Priv
15
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: ExamplesUser Access Control: Examples
Owner: GRANT Update ON Movie TO Klaus WITH GRANT OPTION;
Klaus: GRANT Update ON Movie TO Anna;
owner
Movie
Priv
Klaus
Priv
Anna
Priv
Owner: REVOKE Update ON Movie FROM Klaus RESTRICT;
owner
Movie
Priv
Klaus Anna
Grant
Priv Priv
Grant Command fails !
16
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: PrivilegesUser Access Control: Privileges
�Revoke privilege
� CASCADE: revoke from all users that have been granted the privilege by these users
� RESTRICT: only revoke if non of the privileges have been granted by this user
REVOKE [GRANT OPTION FOR] <privileges>
ON <object>
FROM <users> {RESTRICT | CASCADE}
enhanced SQL:1999
17
FU-Berlin, DBS I 2
006, H
inze / S
cholz
Grant
User Access Control: ExamplesUser Access Control: Examples
Owner: GRANT Update ON Movie TO Klaus WITH GRANT OPTION;
Klaus: GRANT Update ON Movie TO Anna;
owner
Movie
Priv
Klaus
Priv
Anna
Priv
Owner: REVOKE Update ON Movie FROM Klaus CASCADE;
owner
Movie
Priv
Klaus Anna
18
FU-Berlin, DBS I 2
006, H
inze / S
cholz
Grant
User Access Control: ExamplesUser Access Control: Examples
Owner: GRANT Update ON Movie TO Klaus WITH GRANT OPTION;
Klaus: GRANT Update ON Movie TO Anna;
owner
Movie
Priv
Klaus
Priv
Anna
Priv
Owner: REVOKE GRANT OPTION FOR Update ON Movie FROM
Klaus CASCADE;owner
Movie
Priv
Klaus Anna
Priv
19
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: ExamplesUser Access Control: Examples
Owner: REVOKE GRANT OPTION FOR Update ON Movie FROM
Klaus CASCADE;
owner
Movie
Priv
Klaus Anna
Priv
Owner: GRANT Update ON Movie TO Klaus WITH GRAND OPTION;
Owner: GRANT Update ON Movie TO Anna;
owner
Movie
Priv
Klaus
Priv
Anna
Priv
Klaus: GRANT Update ON Movie TO Anna;
20
FU-Berlin, DBS I 2
006, H
inze / S
cholz
User Access Control: Object ownersUser Access Control: Object owners
�Schema owner: � Right for create, drop, alter (no privilege, not grantable)
� All privileges on schema objects
�Object creator/owner:� Create statement: current authorizationID is owner
� Enhanced SQL:1999 : owner needn't be creator
�Current user privileges in Oracle:SQL> SELECT * FROM session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
ALTER SESSION
CREATE TABLE
....
SQL> SELECT * FROM session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
ALTER SESSION
CREATE TABLE
....
21
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: IntroductionSQL in Programs: Introduction
�SQL� Sub-language for data access
� Efficient database operations
�Host language: � Control structures
� Complex computations
� User interface: output formatting, forms
� Transactions: DB interactions as unit of work
�SQL and host language needed
22
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Impedance MismatchSQL in Programs: Impedance Mismatch
�Impedance Mismatch:
differing data model of SQL and host language
�Problems:� Set oriented operations vs manipulation of individuals
� Interconnection of program variables and SQL statements
� Compilation time of embedded SQL-statements
23
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Program/DBS CommunicationSQL in Programs: Program/DBS Communication
1. Fourth Generation Languages (4GL)� Decreasing importance
2. Module Languages� Standardized in SQL:1999
3. Call level interface� Most important approach
� Standardized in SQL:1999
4. Component architectures� Hiding the details of DB interaction
� Example: Enterprise Java Beans (EJB)
24
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: 1. SQL in Programs: 1. 4GL4GL
�Underlying assumption: � application programs algorithmically simple
� sophisticated output formatting needed
� difficult to switch between different DBS
�Technical concept:
�Decreasing importance
Client workstation(presentation, requests, GUI)
Database server
Proprietary protocol
25
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: 2. SQL in Programs: 2. ModulesModules
�Parameterized modules of SQL statements
�Standardized in SQL:1999
�Compiled for a particular language
�Linked to application program
�Language Examples: COBOL, C, ADA, ...
�Disadvantages:� SQL code hidden in application and vice versa
� Not widely used
�Used in stored procedures (e.g., Oracle PL/SQL)
�Executed under control of DBS
26
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: 2. SQL in Programs: 2. Modules (cont)Modules (cont)
�Example:MODULE demo NAMES are ascii
LANGUAGE FORTRAN
SCHEMA movie_db AUTHORIZATION ...
PROCEDURE discount_op
(SQLSTATE, :title VARCHAR(40),
:discount DECIMAL(3,2))
UPDATE Movie M
SET pricePday = pricePday - :discount
WHERE M.title = :title;
PROCEDURE customerState
(SQLSTATE, :customer INTEGER)
SELECT movie_id,tape_id,from_date
FROM Tape T, Rental R
WHERE R.member = customer
AND R.tape_id = T.id;
MODULE demo NAMES are ascii
LANGUAGE FORTRAN
SCHEMA movie_db AUTHORIZATION ...
PROCEDURE discount_op
(SQLSTATE, :title VARCHAR(40),
:discount DECIMAL(3,2))
UPDATE Movie M
SET pricePday = pricePday - :discount
WHERE M.title = :title;
PROCEDURE customerState
(SQLSTATE, :customer INTEGER)
SELECT movie_id,tape_id,from_date
FROM Tape T, Rental R
WHERE R.member = customer
AND R.tape_id = T.id;
ProgramLanguagevariables
Returnedstate value
27
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: 3. Call level interfaceSQL in Programs: 3. Call level interface
�Interface in standard programming languages
�Proprietary library routines, API
�Embedded C / Java / ..Standardized language extensions
�Standardized API � Open Database connection (ODBC),
� Java Database Connectivity (JDBC)
28
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: 3. Call level interfaceSQL in Programs: 3. Call level interface
�Language/DBS specific library of procedures
�Example: MySQL C API� Buffer for transferring commands and results
� API data types, e.g.,
� API functions, e.g.,
MYSQL handle for db connections
MYSQL_RES result set structure
mysql_real_query()
mysql_real_query(MYSQL *mysql,
const char *query,
unsigned int queryLength)
29
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL
�Direct SQL:� SQL interpreter accepts and executes SQL commands
�SQL in host language:� Program in programming language (C, Java,…)
� Parts of program in SQL statements
� Most implementations: call level interface used
� Most popular: Embedded C (Oracle: PRO*C)
�Java support� SQLJ = Embedded Java
� JDBC = Standardized call interface for Java
30
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL
�Program with "native" and SQL-like statements
�Pre-compiler = Preprocessor creates native code
�Calls to DBS resources included
�Programmer: embedded SQL or function calls
Preprocessor
Host language+
Embedded SQL
Host language+
Function CallsHost languagecompiler
Object-codeprogram
SQLlibrary
31
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Static/dynamic embeddingSQL in Programs: Static/dynamic embedding
�Static embedding: � SQL commands known in advance
� SQL-compilation and language binding at pre-compile time
�Dynamic SQL: � SQL-String compiled at runtime
� variable bindings at runtime
32
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL
�Concepts:� Well defined type mapping (for different languages)
� Syntax for embedded SQL statements
� Binding to host language variables
� Exception handling
WHENEVER <condition> <action>SQLSTATE
EXEC SQL {SELECT title FROM ...}
EXEC SQL {SELECT id FROM Movie
WHERE titel = :titleString};...
33
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL
�SQL / Host Language Interface:
� Embedded SQL-statement:
� Shared variables:
� Exception handling:
EXEC SQL <sql statement>
:<variableName> (access in SQL)
<variableName> (access in host language)
SQLSTATE (SQL function execution status)
e.g., 00000 - no problem
02000 – answer tuple not found
34
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL
�Shared variable declaration
�Syntax:
� Declaration in host language
� Use variable types in common
�Example:
EXEC SQL BEGIN DECLARE SECTION;
…
EXEC SQL END DECLARE SECTION;
EXEC SQL BEGIN DECLARE SECTION;
integer movie_number;integer movie_number;
integer tape_number; integer tape_number;
EXEC SQL END DECLARE SECTION;
35
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Embedded SQLSQL in Programs: Embedded SQL
�Single row results: � direct insert into variable
�Syntax:
�Multiple row results:� Use of cursors on result set
EXEC SQL SELECT <attributeName>
INTO :<sharedVariable>
FROM <tableNames>
WHERE <condition>
36
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Cursor conceptSQL in Programs: Cursor concept
�Cursor: � Name of SQL statement and
� Handle for processing the result set record by record
�Defined at runtime
�Opened at runtime (SQL-statement executed)
�Used in most language embeddings of SQL � e.g., ESQL-C, PL/SQL, JDBC
Important concept
37
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Cursor conceptSQL in Programs: Cursor concept
� No binding of result attributes to variables
� Allows traversal of result set row by row
1. Cursor declaration
2. Cursor initialisation
3. Fetch tuples
4. Close cursor
OPEN FETCH EMPTY? CLOSEDECLAREyes
no
38
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Cursor conceptSQL in Programs: Cursor concept
�Cursor declaration:
�Cursor initialisation:
� binds input variables
� executes query
� puts first results into communication area
� positions cursor before first row of the result set
EXEC SQL DECLARE <cursorName> CURSOR
FOR <query>
EXEC SQL OPEN <cursorName>;
39
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Cursor conceptSQL in Programs: Cursor concept
�Fetch tuples:
� Puts next results into communication area
� Positions cursor before before next row of the result set
� Assigns tuple to shared variables
� Sets SQLSTATE
EXEC SQL FETCH <cursorName>
INTO :<shared variable>;
40
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: ExampleSQL in Programs: Example
#include <stdio.h>
/* declare host variables */
EXEC SQL BEGIN DECLARE SECTION;
char userid[12] = "ABEL/xyz";
char movie_name[10];
int movie_number;
int tape_number;
char temp[32];
void sql_error();
EXEC SQL END DECLARE SECTION;
/* include the SQL Communication Area */
#include <sqlca.h>
#include <stdio.h>
/* declare host variables */
EXEC SQL BEGIN DECLARE SECTION;
char userid[12] = "ABEL/xyz";
char movie_name[10];
int movie_number;
int tape_number;
char temp[32];
void sql_error();
EXEC SQL END DECLARE SECTION;
/* include the SQL Communication Area */
#include <sqlca.h>
41
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: ExampleSQL in Programs: Example
/* main program */
main()
{ movie_number = 200;
/* handle errors */
EXEC SQL WHENEVER SQLERROR
do sql_error("Oracle error");
/* connect to Oracle */
EXEC SQL CONNECT :userid;
printf("Connected.\n");
/* main program */
main()
{ movie_number = 200;
/* handle errors */
EXEC SQL WHENEVER SQLERROR
do sql_error("Oracle error");
/* connect to Oracle */
EXEC SQL CONNECT :userid;
printf("Connected.\n");
42
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: ExampleSQL in Programs: Example
/* declare a cursor */
EXEC SQL DECLARE movie_cursor
CURSOR FOR
SELECT m.title
FROM movie m, tape t
WHERE t.id = :tape_number
AND t.movie_id = m.id;
/* get user data */
printf(“Tape number? ");
gets(temp);
tape_number = atoi(temp);
/* declare a cursor */
EXEC SQL DECLARE movie_cursor
CURSOR FOR
SELECT m.title
FROM movie m, tape t
WHERE t.id = :tape_number
AND t.movie_id = m.id;
/* get user data */
printf(“Tape number? ");
gets(temp);
tape_number = atoi(temp);
43
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: ExampleSQL in Programs: Example
/* open the cursor and
identify the result set */
EXEC SQL OPEN movie_cursor;
…
/* fetch and process data in a loop
exit when no more data */
EXEC SQL WHENEVER NOT FOUND DO break;
while (1){
EXEC SQL FETCH movie_cursor
INTO :movie_name; …
}
/* open the cursor and
identify the result set */
EXEC SQL OPEN movie_cursor;
…
/* fetch and process data in a loop
exit when no more data */
EXEC SQL WHENEVER NOT FOUND DO break;
while (1){
EXEC SQL FETCH movie_cursor
INTO :movie_name; …
}
44
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: ExampleSQL in Programs: Example
/* close cursor before another SQL
statement is executed */
EXEC SQL CLOSE movie_cursor;
EXEC SQL COMMIT WORK RELEASE;
exit(0);
}
/* close cursor before another SQL
statement is executed */
EXEC SQL CLOSE movie_cursor;
EXEC SQL COMMIT WORK RELEASE;
exit(0);
}
45
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Positioned UpdateSQL in Programs: Positioned Update
�Step through set of rows and update or delete
�Syntax:
�Example:
EXEC SQL DECLARE <cursorName> CURSOR
FOR <query>
FOR UPDATE ON <attribute>;
… WHERE CURRENT OF <cursorName>…
EXEC SQL DECLARE myCurs CURSOR
FOR SELECT id,length,title FROM MovieFOR UPDATE ON length
EXEC SQL UPDATE Movie
SET lenght = length + 1
WHERE CURRENT OF myCurs;
46
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Cursor OptionsSQL in Programs: Cursor Options
�Ordering tuples� Use ORDER BY in query
�Cursor motion � SCROLL CURSOR
� Relative to current position: PRIOR/NEXT/RELATIVE<nr>
e.g., FETCH <cursorName> PRIOR INTO ...
� Absolute position: first/last/ABSOLUTE<nr>
�Limit effect of changes� Performance: cursor FOR READ ONLY
� Concurrent access: INSENSITIVE CURSOR FOR …
47
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Cursor sensitivitySQL in Programs: Cursor sensitivity
�Example:
�Changes not visible in result set
�Visible if cursor closed and reopened
EXEC SQL DECLARE myCurs INSENSITIVE CURSOR
FOR SELECT id,length,title FROM MovieFOR UPDATE ON length WHERE id >100;
EXEC SQL OPEN...
EXEC SQL FETCH myCurs INTO .....
UPDATE Movie SET lenght = length + 20
WHERE CURRENT OF myCurs;
48
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Dynamic SQLSQL in Programs: Dynamic SQL
�Statements not known at compile time� Statements computed by host language
� User input of query
�Tasks at run-time:� Pass query string to SQL system
� Translate to executable statement
� Execute statement
�Use ‘Prepared Statements’
49
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Dynamic SQLSQL in Programs: Dynamic SQL
�Step 1:
� String: SQL statement
� SQLvariable: assigned SQL statement
� Parse and prepare statement for execution
EXEC SQL PREPARE <SQLvariable>
FROM <string>
EXEC SQL EXECUTE <SQLvariable>
�Step 2:
� Execute statement SQLvariable
50
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Dynamic SQLSQL in Programs: Dynamic SQL
�Example:
void readQuery(){
EXEC SQL BEGIN DECLARE SECTION;
char *query;
EXEC SQL END DECLARE SECTION;
…
/* prompt user for query
allocate space
make :query point to query*/
…
EXEC SQL PREPARE SQLquery FROM :query;
EXEC SQL EXECUTE SQLquery;
}
void readQuery(){
EXEC SQL BEGIN DECLARE SECTION;
char *query;
EXEC SQL END DECLARE SECTION;
…
/* prompt user for query
allocate space
make :query point to query*/
…
EXEC SQL PREPARE SQLquery FROM :query;
EXEC SQL EXECUTE SQLquery;
}
51
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Dynamic SQLSQL in Programs: Dynamic SQL
�Multiple execution:� Prepare once
� Execute many times
�Single execution:� Combination of step 1 an 2
� Example:
EXEC SQL EXECUTE IMMEDIATE <string>
…
EXEC SQL EXECUTE IMMEDIATE :query;
…
…
EXEC SQL EXECUTE IMMEDIATE :query;
…
52
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: SQL in Programs: SQL & JavaSQL & Java
�SQLJ � Embedded SQL for Java
� Compiles to JDBC method call
� Defined and implemented by major DBS companies (Oracle in particular)
�JDBC � Java call-level interface (API) for SQL DBS
� DB vendor independent
� Supports static and dynamic SQL
� Implemented by nearly all DB vendors
53
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: SQLJSQL in Programs: SQLJ
�Part 1: SQLJ Embedded SQL� Mostly reviewed and implemented
� Integrated with JDBC API
� Oracle has placed Translator source into public domain
�Part 2: SQLJ Stored Procedures and UDFs� Using Java static methods as SQL stored procedures &
functions
� Leverages JDBC API
�Part 3: SQLJ Data Types� Pure Java Classes as SQL ADTs
� Alternative to SQL:1999 Abstract Data Types
54
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: SQLJ ExampleSQL in Programs: SQLJ Example
// Part of a SQLJ program, one method:
public void changeMovie(int movieid, int newTape)
{
string mtitle;
int tnumber;
#sql { SELECT m.title, count(t.id)
INTO :mtitle, :tnumber
FROM movie m, tape t
WHERE m.id = :movieid
AND m.id = t.movie_id };
if (tnumber < 3)
#sql {INSERT INTO tape VALUES
(:newTape, 'DVD', :movieid)};
}
// Part of a SQLJ program, one method:
public void changeMovie(int movieid, int newTape)
{
string mtitle;
int tnumber;
#sql { SELECT m.title, count(t.id)
INTO :mtitle, :tnumber
FROM movie m, tape t
WHERE m.id = :movieid
AND m.id = t.movie_id };
if (tnumber < 3)
#sql {INSERT INTO tape VALUES
(:newTape, 'DVD', :movieid)};
}
55
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: SQL in Programs: SQL & JavaSQL & Java
�Java in Web context (2 tier architecture):
JDBC
Java application
DBMS
Business Logic (application)
Proprietary protocol of DBMS
Database Server
56
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: SQL in Programs: SQL & JavaSQL & Java
�Java in Web context (3 tier architecture):
JDBC
Application server
DBMS
Java applet or WWW Browser
GUI
Proprietary protocol of DBMS
Database Server
Business Logic (application)
HTTP, RMI, CORBA,…
57
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: SQL in Programs: JDBCJDBC
1. Preparation
2. Load a driver � many vendor products
� url JDBC-Driver and host information
Class.forName(
"oracle.jdbc.driver.OracleDriver");
String url = "jdbc:oracle:thin:
@<host>:<port>:<db>";
import java.sql.*;
58
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: SQL in Programs: JDBCJDBC
3. Set up connection database(s)
� Several connections at a time possible
4. Create statement object
� Similar to channel for sending queries to database
Connection con = DriverManager.getConnection(
"jdbc:oracle:thin:@<host>:<port>:<db>",
<username>,<password>);
Statement stmt = con.createStatement();
59
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: SQL in Programs: JDBCJDBC
5. Send SQL query string
� results in ResultSet object
6. Process results one after the other� processed with "hidden cursor"
ResultSet rs = stmt.executeQuery(“<query>" );
while (rs.next()){
for (i = 1; i <= numCols; i++){
if (i > 1) System.out.print(",");
System.out.print(rs.getString(i));
}
}
60
FU-Berlin, DBS I 2
006, H
inze / S
cholz
#import java.io.*;#import java.sql.*;#import java.util.*;...
#import java.io.*;#import java.sql.*;#import java.util.*;...
SQL in Programs: JDBC ExampleSQL in Programs: JDBC Example
Class.forName("oracle.jdbc.driver.OracleDriver");
String url = "jdbc:oracle:thin:@kuh:1521:INTROKUH";
Connection con = DriverManager.getConnection
( url, “user", “passwort");
Protocol Oracle-spec. Sub-protocol Host Port
3. Connect to database
2. Load driver
1. Preparation
61
FU-Berlin, DBS I 2
006, H
inze / S
cholz
.
.
.
.
.
.
.
.
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("SELECT id, title FROM movie");
while (rs.next()) {String n = rs.getInt(“id");String n = rs.getString(“title");System.out.println(s + ": " + n);}
5. execute statement
4. Create SQL-statement
SQL in Programs: JDBC ExampleSQL in Programs: JDBC Example
6. Process results
}
62
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: JDBC variable binding SQL in Programs: JDBC variable binding
�No explicit cursor
�Several methods in JDBC� e.g.,
�Access result data by position or by name� By position:
� By name:
boolean next(), void close(),
<JavaType> get<JavaType>(),
boolean wasNull()
String s = rs.getString(2);
String rs.getString ("b") ;
63
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: JDBC variable binding SQL in Programs: JDBC variable binding
�Example:
java.sql.Statement stmt = con.createStatement();
ResultSet rs1 = stmt.executeQuery
("SELECT id, title FROM movie");
while (rs1.next()) {
int mid = rs1.getInt(“id");
String mt = rs1.getString(“title");
System.out.println("ROW:" + mid + " " + mt);}
ResultSet rs2 = stmt.executeQuery
("SELECT id, movie_id FROM tape");
while (rs2.next()) {
int tid = rs2.getInt(1);
int tmid = rs2.getInt(2);
System.out.println("ROW:" + tid + " " + tmid);}
java.sql.Statement stmt = con.createStatement();
ResultSet rs1 = stmt.executeQuery
("SELECT id, title FROM movie");
while (rs1.next()) {
int mid = rs1.getInt(“id");
String mt = rs1.getString(“title");
System.out.println("ROW:" + mid + " " + mt);}
ResultSet rs2 = stmt.executeQuery
("SELECT id, movie_id FROM tape");
while (rs2.next()) {
int tid = rs2.getInt(1);
int tmid = rs2.getInt(2);
System.out.println("ROW:" + tid + " " + tmid);}
64
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Prepared statementsSQL in Programs: Prepared statements
�Pass input parameters
�Use prepared statement
� Statement compiled
� Missing values in query: “?”
�Set value:
java.sql.PreparedStatement prepStmt =
con.prepareStatement(<query>);
prepStmt.setString(<position>, <value>);
65
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Prepared statementsSQL in Programs: Prepared statements
String mTitle;
....
java.sql.PreparedStatement prepStmt =
con.prepareStatement(
"SELECT count(*)
FROM Movie m, Tape t
WHERE t.movie_id = m.id
AND m.title = ? );
prepStmt.setString(1, mTitle);
ResultSet rs = prepStmt.executeQuery() ;
while (rs.next()){
int i = r.getInt(1);
// by position, no name available
System.out.println("Number of tapes for " +
mTitle + " is: " +i)
}
String mTitle;
....
java.sql.PreparedStatement prepStmt =
con.prepareStatement(
"SELECT count(*)
FROM Movie m, Tape t
WHERE t.movie_id = m.id
AND m.title = ? );
prepStmt.setString(1, mTitle);
ResultSet rs = prepStmt.executeQuery() ;
while (rs.next()){
int i = r.getInt(1);
// by position, no name available
System.out.println("Number of tapes for " +
mTitle + " is: " +i)
}
66
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Positioned updateSQL in Programs: Positioned update
�Positioned update needs cursor name
�Define cursor (JDBC 1)
� Use for updates and deletes
�Define cursor (JDBC2)� more flexible (anonymous) cursor handling
� setCursorName not implemented in Oracle Driver
public void setCursorName(String name)
throws SQLException
67
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Positioned updateSQL in Programs: Positioned update
�JDBC 2.0� Result set scrollable and updateable
� Example:
Statement stmt = con.createStatement(
ResultSet.TYPE_SCROLL_SENSITIVE,
ResultSet.CONCUR_UPDATABLE);
stmt.setFetchSize(25);
ResultSet rs = stmt.executeQuery(
"SELECT id, title
FROM movie");
rs.first();
rs.updateString(“title“, “xxxxx”);
rs.updateRow();
68
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: TransactionsSQL in Programs: Transactions
�Transaction: � Collection of one or more database operations executed
atomically (either all operations or none )
�Programmers view:� Everything between beginning of a sequence of operations
on the database and ‘COMMIT’ or ‘ROLLBACK’
� No explicit "transaction begin" command
... OPEN MyCurs;........ ; COMMIT;
Begin of first transaction(first SQL command in program) End of first transaction
69
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: TransactionsSQL in Programs: Transactions
�COMMIT� Effects on database made permanent
�ROLLBACK� Aborts transaction
� All changes in transaction undone (rolled back)
�Programmers View:� Auto-commit mode: each SQL-command is a transaction
� Various transaction isolation levels
70
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: TransactionsSQL in Programs: Transactions
�Transaction manager: � Isolate concurrent users from each other
�Problems:� Lost update: same object concurrently updated by two
users, one update lost
� Dirty read: object value changed by transaction which aborts later
� Non-repeatable read: same object has different value within same transaction
� Phantom tuples: non-repeatable read caused by insertions or deletions
71
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Isolation levelsSQL in Programs: Isolation levels
�READ UNCOMMITTED
� Allows read access to uncommitted transactions
� Transaction has to be read only
� Lowest locking overhead
� Unpleasant effects may occur
�Example:� TA1 increases the prices of some movies in DB by 5%
� TA2 scrolls through all movies, sees new prices
SET TRANSACTION
READ ONLY,
ISOLATION LEVEL READ UNCOMMITTED
72
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Isolation levelsSQL in Programs: Isolation levels
�READ COMMITTED
� Allows read access to committed transactions only
� Long write locks, no or short read locks
� Non-repeatable reads
�Example:
SET TRANSACTION
ISOLATION LEVEL READ COMMITTED
TA1
Read(a)
x=x+a
Read(a)
y:=y-a
TA2
Write a=a-10
commit
Wrong balance
73
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Isolation levelsSQL in Programs: Isolation levels
�REPEATABLE READ
� Allows read access to committed transactions only
� All data isolated from concurrent writes
� Read and write locks long term until end of TA
� Phantom tuples may occur
SET TRANSACTION
ISOLATION LEVEL REPEATABLE READ
74
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Isolation levelsSQL in Programs: Isolation levels
�SERIALIZABLE
� Allows read access to committed transactions only
� All data isolated from concurrent writes
� No phantom tuples inserted into the read set by other transaction
� Standard default
SET TRANSACTION
ISOLATION LEVEL SERIALIZABLE
75
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Transactions and JDBCSQL in Programs: Transactions and JDBC
�Transactional properties of connections� TRANSACTION_NONE (not implemented)
� TRANSACTION_READ_UNCOMMITTED
� TRANSACTION_READ_COMMITTED
� TRANSACTION_REPEATABLE_READ
� TRANSACTION_SERIALIZABLE
�Methods:� public void setTransactionIsolation(int
level) throws SQLExceptionpublic void
� setAutoCommit(boolean autoCommit)
� public void commit() throws SQLException
� public void rollback() throws SQLException
76
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Visibility of changesSQL in Programs: Visibility of changes
�Scroll-insensitive result set� no change by other result sets – even in the same TA – are
visible
� Updates in result set r visible for operations on r
� Deletes / inserts (!) in result set r not visible
�Sensitive result set: � depending on connection isolation level
ResultSet rs = stmt1.executeQuery(
"SELECT id, length FROM movie");
int i = stmt2.executeUpdate (
“DELETE FROM movie“);
rs.first();
rs.updateString(“title“, “xxxxx”);
rs.updateRow();
77
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: Exception handlingSQL in Programs: Exception handling
�Abort transaction when error:
� WHENEVER SQLERROR CONTINUE prevents ROLLBACK from (infinite) invocation of routine
�Example:
EXEC SQL WHENEVER SQLERROR CONTINUE;
EXEC SQL ROLLBACK WORK RELEASE;
void sql_error(msg){
char buf[500];
int buflen, msglen;
EXEC SQL WHENEVER SQLERROR CONTINUE;
EXEC SQL ROLLBACK WORK RELEASE;
buflen = sizeof (buf);
sqlglm(buf, &buflen, &msglen);
printf("%s\n", msg);
printf("%*.s\n", msglen, buf);
exit(1); }
void sql_error(msg){
char buf[500];
int buflen, msglen;
EXEC SQL WHENEVER SQLERROR CONTINUE;
EXEC SQL ROLLBACK WORK RELEASE;
buflen = sizeof (buf);
sqlglm(buf, &buflen, &msglen);
printf("%s\n", msg);
printf("%*.s\n", msglen, buf);
exit(1); }
78
FU-Berlin, DBS I 2
006, H
inze / S
cholz
SQL in Programs: SummarySQL in Programs: Summary
� Access Rights� Means to ensure data security
� Privileges to roles
� Program – DB communication:� Fourth Generation Languages (4GL)
� Module Languages
� Call level interface
� Component architectures
� Transactions in programs � Isolation levels
� Begin, end transaction