M.P. Johnson, DBMS, Stern/NYU, Spring C : Database Management Systems Lecture #22 M.P. Johnson Stern School of Business, NYU Spring, 2005

M.P. Johnson, DBMS, Stern/NYU, Spring Homework Project part 5  Topic: web interface + any remaining loose ends  Up now  Due: end of semester Will return proj3 today  Remind me!

M.P. Johnson, DBMS, Stern/NYU, Spring Agenda Programming for SQL:  DB-conn from web scripting languages  DBI/DBDs in Perl, PHP Transactions Next: Security  Secrecy  Integrity  Availability  Web issues

M.P. Johnson, DBMS, Stern/NYU, Spring Goals: after this week After Today:  Have all the tools for building a DB-backed website in Perl or PHP (but will it be secure?)

M.P. Johnson, DBMS, Stern/NYU, Spring Review: PHP Program Client Server HTTP Request Data for program Generated HTML HTML Image from

M.P. Johnson, DBMS, Stern/NYU, Spring Form example On clicking Send, we go to the same page, but with “name=99&sumbit=OK” Enter a number: Enter a number:

M.P. Johnson, DBMS, Stern/NYU, Spring Review: dynamic webpages First option: for each request: run program, produce whole page, send back  CGI & some host language, Java Servlets, etc. Second option: create html page with missing parts; for each response, fill in the wholes and send back  Embedded scripting  PHP and others  PHP = Personal Home Page or = PHP Hypertext Processor

M.P. Johnson, DBMS, Stern/NYU, Spring hello.php Q: What the difference between and \n? Hello from PHP Here is the PHP part: \n"; ?> That's it! Hello from PHP Here is the PHP part: \n"; ?> That's it!

M.P. Johnson, DBMS, Stern/NYU, Spring hello2.php Script errors, w/ and w/o display_errors on:   Local dir must contain.htaccess:  Automatically load GET/POST params as vars  php_flag display_errors on php_flag register_globals on php_flag display_errors on php_flag register_globals on

M.P. Johnson, DBMS, Stern/NYU, Spring More on PHP Somewhat C-like, somewhat Perl-like Case-sensitive Strings:  Concatenation op:.  Single, double quotes similar to Perl Comments:  # Unix shell-style  /* */ C-style  // C++-style Output:  echo(“hi there”);  print(“hi there”);  C’s printf

M.P. Johnson, DBMS, Stern/NYU, Spring PHP vars Similar to those of Perl, except no “my”  <? $num1 = 58; $num2 = 67; print "First number ". $num1. " "; print "Second number ". $num2. " "; $total = $num1 + $num2; print "The sum is ". $total. " "; ?> <? $num1 = 58; $num2 = 67; print "First number ". $num1. " "; print "Second number ". $num2. " "; $total = $num1 + $num2; print "The sum is ". $total. " "; ?>

M.P. Johnson, DBMS, Stern/NYU, Spring Combining PHP and HTML <?php for($z=0;$z<=5;$z++) { ?> Iteration number <? } ?> <?php for($z=0;$z<=5;$z++) { ?> Iteration number <? } ?>

M.P. Johnson, DBMS, Stern/NYU, Spring PHP info PHP does not have both string and number ops like Perl Number ops treat (number) strings as numbers, regular strings as strings  Info function displays lots of server info: 

M.P. Johnson, DBMS, Stern/NYU, Spring PHP & MySQL PHP 5 has a DBI/JDBC-like interface Our version/setup uses a proprietary lib: 1. Open a connection and open our DB: 2. Run query: $db = mysql_connect("mysql2.stern.nyu.edu:3306", user, pass); mysql_select_db("test", $db); $db = mysql_connect("mysql2.stern.nyu.edu:3306", user, pass); mysql_select_db("test", $db); $result = mysql_query($query,$db);

M.P. Johnson, DBMS, Stern/NYU, Spring PHP & MySQL 3. Extract next row of data from statement, if available:  What this means: myrow is an array that can then be accessed  Other options, but this should suffice In general, to scroll through results, do: $myrow = mysql_fetch_row($result) while ($myrow = mysql_fetch_row($result)) # print row’s data while ($myrow = mysql_fetch_row($result)) # print row’s data

M.P. Johnson, DBMS, Stern/NYU, Spring Limit: PHP webpages that do something Semi-interesting Perl script:   Non-trivial but not huge: ~60 lines, but much of it’s plain html Works with two-column (a,b) table Takes input from user Returns rows whose a field contains value If no/empty input, returns all rows  Bad idea in general!

M.P. Johnson, DBMS, Stern/NYU, Spring lookup.php: port of lookup.cgi Two possible situations for running script: 1. Page opened for the first time 2. User entered parameter and pressed button Structure of file: 1. Print input box and button for next search  On button click, parameter is sent to this page’s url 2. (Try to) read input parameter 3. Open MySQL connection 4. Run query 5. Print results in a table 6. Disconnect from MySQL

M.P. Johnson, DBMS, Stern/NYU, Spring Insert/delete Perl/PHP example Similar to search example NB: form has two buttons

M.P. Johnson, DBMS, Stern/NYU, Spring Master-detail Perl/PHP example Idea: display list of regions;  When region clicked on, display its countries Mechanism: pass GET param in link, not with a FORM

M.P. Johnson, DBMS, Stern/NYU, Spring Tutorials on PHP Some material drawn from the following good tutorials: PHP introduction and examples:  Interactive PHP with database access:  Longer PHP/MySQL Tutorial from webmonkey:  Nice insert/update/delete example from webmonkey:  MySQL/Perl/PHP page from U-Wash: 

M.P. Johnson, DBMS, Stern/NYU, Spring Pros & cons PHP v. Perl v. Java servlets v. …:  -side-scripting-language/ -side-scripting-language/ PHP is fast Perl has JDBC-like DBI/DBD interface PHP is fast Perl is good for much more than web dev

M.P. Johnson, DBMS, Stern/NYU, Spring Advice for use of novel languages 1. Rerun often  Don’t write the whole thing and then try to run 2. Use frequent prints to be sure of var vals (While debugging) 3. When stuck, picture continuum from your current program to some other program  other prog. works but doesn’t do what you want  change either/both, step by step, until they meet in the middle 4. Google is your friend Search for error messages, situations

M.P. Johnson, DBMS, Stern/NYU, Spring That’s really all, folks! Q: Is this enough to get a job coding PHP? A: Again, probably not. But: most jobs are just programming-in-PHP or administering-Oracle  Being able to acquire new skills when needed is a good thing But: again pretty easy to produce a semi-interested site with a few copies of lookup.php and cia.php. Don’t like PHP either? Lots of other choices, but again, you’re strongly discouraged from using something else for your project unless you know what you’re doing.

M.P. Johnson, DBMS, Stern/NYU, Spring New-old topic: Transactions So far, have simply issued commands  Ignored xacts Recall, though: an xact is an operation/set of ops executed atomically  In one instant ACID test:  Xacts are atomic  Each xact (not each statement) must leave the DB consistent

M.P. Johnson, DBMS, Stern/NYU, Spring Default xact behavior An xact begins upon login By default, xact lasts until logoff  Except for DDL statements  They automatically commit Examples with two views of emp…

M.P. Johnson, DBMS, Stern/NYU, Spring Direct xact instructions At any point, may explicitly COMMIT:  SQL> COMMIT;  Saves all statements entered up to now  Begins new xact Conversely, can ROLLBACK  SQL> ROLLBACK;  Cancels all statements entered since start of xact Example: delete from emp; or delete junk;

M.P. Johnson, DBMS, Stern/NYU, Spring Direct xact instructions Remember, DDL statements are auto- committed  They cannot be rollbacked Examples: Q: Why doesn’t rollback “work”? drop table junk; rollback; drop table junk; rollback; truncate table junk; rollback; truncate table junk; rollback;

M.P. Johnson, DBMS, Stern/NYU, Spring Savepoints Xacts are atomic Can rollback to beginning of current xact But might want to rollback only part way Make 10 changes, make one bad change Want to: roll back to before last change Don’t have Word-like multiple undo  But do have savepoints

M.P. Johnson, DBMS, Stern/NYU, Spring Savepoints Create a savepoint: emp example: --changes SAVEPOINT sp1; --changes SAVEPOINT sp2; --changes SAVEPOINT sp3 --changes ROLLBACK TO sp2; ROLLBACK TO sp1; --changes SAVEPOINT sp1; --changes SAVEPOINT sp2; --changes SAVEPOINT sp3 --changes ROLLBACK TO sp2; ROLLBACK TO sp1; SAVEPOINT savept_name; Can skip savepoints But can ROLLBACK only backwards Can ROLLBACK only to last COMMIT

M.P. Johnson, DBMS, Stern/NYU, Spring AUTOCOMMIT Finally, can turn AUTOCOMMIT on:  SQL> SET AUTOCOMMIT ON;  Can put this in your config file  Can specify through JDBC, etc. Then each statement is auto-committed as its own xact  Not just DDL statements

M.P. Johnson, DBMS, Stern/NYU, Spring For next time Read chapter 21  Lots of interesting security topics Start proj5!