Databases 2010 Embedded SQL Christian S. Jensen Computer Science, Aarhus University Acknowledgments: revised version of slides developed by Michael I. Schwartzbach Embedded SQL SQL is rarely written as ad-hoc queries using the generic SQL interface The typical scenario: client server database SQL is embedded in the server application code Embedded SQL 2 Static vs. Dynamic SQL Static SQL • syntactic extension of host language • predefined and stored in the database • typical use: monthly accounting statements • checked in advance, efficient • SQLJ for Java, supported by, e.g., DB2 Dynamic SQL • API in host language • dynamically interpreted by the database • typical use: web applications • highly flexible • JDBC for Java, works well with Hibernate Embedded SQL 3 JDBC – Java Database Connectivity A common Java framework for SQL databases • java.sql.* Each vendor provides a driver class • com.ibm.db2.jcc.DB2driver • oracle.jdc.driver.OracleDriver • com.microsoft.sqlserver.jdbc.SQLServerDriver • org.gjt.mm.mysql.Driver SQL statements are built as string expressions Results are accessed through a cursor Embedded SQL 4 Running a JDBC Application load driver java.sql.DriverManager Initialization create connection java.sql.Connection generate SQL java.sql.Statement Processing process results java.sql.ResultSet end connection java.sql.Connection Termination release data structures java.sql.Statement Embedded SQL 5 A Simple Example Dreyer-201 12 import java.sql.*; Zuse-127 10 Shannon-164 30 Shannon-157 40 public class Test { Shannon-159 38 public static void main(String args[]) { Wiener-026 30 Hopper-334A 4 Connection con; Ada-333 26 Turing-029 8 try { Turing-129 8 String server = "localhost"; Turing-230 12 Turing-130 12 String port = "50000"; Turing-030 12 String url = "jdbc:db2://"+server+":"+port+"/sample"; Stibitz-123 12 Hopper-334 4 String userid = ”userid"; Shannon-156 24 Stibitz-113 12 String password = ”password"; Undervisning 36 Class.forName("com.ibm.db2.jcc.DB2Driver").newInstance(); Store-Aud 152 Lille-Aud 70 con = DriverManager.getConnection(url, userid, password); Turing-014 26 Statement stmt = con.createStatement(); Turing-229 8 D-01 25 ResultSet rs = stmt.executeQuery("SELECT * FROM Rooms"); D-02 18 D-03 18 while (rs.next()) Aud-D1 100 System.out.println(rs.getString(1)+" "+rs.getString(2)); Aud-D2 100 Aud-D4 62 stmt.close(); Aud-G1 85 con.close(); Aud-G2 85 Kol-G3 22 } catch(Exception e) { e.printStackTrace(); } Kol-G4 22 G-32 20 } G-33 20 } Aud-E 286 Aud-F 165 ... Embedded SQL 6 Creating A Connection Load the appropriate driver class: Class.forName("com.ibm.db2.jcc.DB2Driver"); Create a connection object: DriverManager.getConnection(url, userid, password); URL structure (for DB2) • jdbc:db2://server:port/database • the name of your own machine is localhost • the standard port number is 50000 • the name of the database is, e.g., SAMPLE Embedded SQL 7 Simple SQL Statements Create a statement object: Statement stmt = con.createStatement(); The statement object is used many times • stmt.executeQuery("…"); • stmt.executeUpdate("…"); And is finally closed • stmt.close(); Embedded SQL 8 Transactions Default auto-commits after every statement, change with • con.setAutoCommit(false); • con.commit(); • con.rollback(); Transaction isolation levels • con.setTransactionIsolation(level); • Connection.TRANSACTION_READ_COMMITTED • Connection.TRANSACTION_READ_UNCOMMITTED • Connection.TRANSACTION_READ_REPEATABLE_READ • Connection.TRANSACTION_SERIALIZABLE • con.setReadOnly(true); Embedded SQL 9 Impedance Mismatch Java uses native types • int, char[], String, ... • collection classes SQL uses tables • CHAR(7), VARCHAR(20), FLOAT, DATE, ... • possibly huge amounts of data Not obvious how to translate tables into Java objects Results are instead accessed using cursors Embedded SQL 10 Using Result Sets A ResultSet object manages a cursor on rows ResultSet rs = stmt.executeQuery("..."); while (rs.next()) { ... } rs.close(); room capacity Turing-216 4 rs Ada-333 26 Aud-E 286 Embedded SQL 11 Navigating With Cursors A cursor can by default only move forward • rs.next(); A Boolean result tells if the move was possible • looks like an iterator object An ORDER BY clause determines the order Embedded SQL 12 Reading With Cursors Column index or column name • String room = rs.getString(1); • int capacity = rs.getInt("capacity"); Different result types • getString(...) • getInt(...) • java.sql.Time time = getTime(...) Check for NULL • wasNull() room capacity Turing-216 4 rs Ada-333 26 Aud-E 286 Embedded SQL 13 Better Cursors A result set can be made scrollable and updatable • stmt = createStatement( ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_UPDATABLE); • rs.previous(); • rs.first(); • rs.last(); • rs.absolute(42); Embedded SQL 14 Modifications with Cursors A result set can then be updated • rs.updateString("room","ADA-333"); Updates can be pushed to the database • rs.updateRow(); Rows can be deleted both places • rs.deleteRow(); room capacity Turing-216 4 rs ADA-333Ada-333 2626 Aud-E 286 Embedded SQL 15 Insertions With Cursors A special virtual insert row exists rs.moveToInsertRow(); rs.updateString("room”,"Turing-310"); rs.updateInt("capacity",4); rs.insertRow(); rs.moveToCurrentRow(); room capacity Turing-216 4 rs Ada-333 26 Aud-E 286 Turing-310 4 Embedded SQL 16 Prepared Statements SQL statements may be prepared • checked and compiled once • executed multiple times PreparedStatement pstmt = con.prepareStatement( "SELECT * FROM Rooms" ); ResultSet rs = pstmt.executeQuery(); Embedded SQL 17 Arguments to Prepared Statements Use ? symbols for variables Insert values using absolute position PreparedStatement pstmt = con.prepareStatement( "INSERT INTO Meetings VALUES(?,?,?,'dDB',?)" ); pstmt.setInt(1,34716); pstmt.setDate(2,new java.sql.Date(2010,8,23)); pstmt.setInt(3,14); pstmt.setString(4,"csj"); pstmt.executeUpdate(); Embedded SQL 18 Metadata java.sql.ResultSetMetaData • reflectively describes the structure of a result • names and types of columns • allows generic queries java.sql.DatabaseMetaData • reflectively describes the structure of a database • name, version, tables, supported SQL types • allows generic connections Embedded SQL 19 Result Set Metadata rs = stmt.executeQuery("SELECT * FROM Rooms"); ResultSetMetaData rsm = rs.getMetaData(); int columns = rsm.getColumnCount(); for (int i=1; i<=columns; i++) { System.out.println( "Column "+i+" "+ "has name "+rsm.getColumnName(i)+", " "SQL type "+rsm.getColumnType(i)+" and " "JDBC type "+rsm.getColumnTypeName(i) ); } Column 1 has name ROOM, SQL type 12 and JDBC type VARCHAR Column 2 has name CAPACITY, SQL type 4 and JDBC type INTEGER Embedded SQL 20 SQL Injection Attacks Be careful with dynamic SQL: "SELECT * FROM Users WHERE userid ='" + userid + "'" Fine if userid is "mis" Bad if userid is "x' OR 'y'='y" • all data is revealed Worse if userid is ”x';DROP TABLE Users;--" • all data is deleted Prepared statements avoid this problem Embedded SQL 21 SQL Injection Cartoon Embedded SQL 22 SQLJ An extension of Java for SQL programming • SQL syntax mixed with Java syntax • a preprocessor generates Java and SQL code Simpler syntax • syntax and type checking at compile time Strongly typed cursors Static binding as a DB2 package • better performance • stronger security authorization Embedded SQL 23 Processing SQLJ Programs Foo.sqlj translator Foo.ser binder Foo.java javac Foo.class Embedded SQL 24 A Simple Example import java.sql.*; import sqlj.runtime.*; import sqlj.runtime.ref.*; public class Test { public static void main(String args[]) { Connection con; try { String server = "localhost"; String port = "50000"; String url = "jdbc:db2://"+server+":"+port+"/sample"; String userid = ”userid"; String password = ”password"; Class.forName("com.ibm.db2.jcc.DB2Driver").newInstance(); con = DriverManager.getConnection(url, userid, password); DefaultContext.setDefaultContext(new DefaultContext(con)); #sql public iterator iter(String room, int capacity); #sql iter = { SELECT * FROM Rooms }; while (iter.next()) System.out.println(iter.room()+" "+iter.capacity()); con.close(); } catch(Exception e) { e.printStackTrace(); } } } Embedded SQL 25.