Dr. Magdi AMER Unit 2 Introduction to Database
Intro Many programs need to save information on disk. The role of DB system is to provide a layer of abstraction between the program and the database (Save, read, update, delete). First system was released in 1960 by IBM called Information Management System (IMS). It was based on the hierarchical model. 2Dr. Magdi Amer
Intro (Cnt) Hierarchical model has several drawbacks (query, update) Edgar Codd, a British mathematician, created the relational model in 1970, where information is saved into tables. SEQUEL, which was later named SQL (but still pronounced sequel), was developed, based on relational algebra to allow users to define, query and update the database in a standardized way. Codd, with the collaboration of Chris Date, formed their own consulting company and continued to develop the relational standard. 3Dr. Magdi Amer
First Normal Form 4 Project codeDescriptionEmployee name Emp #GradeCost/ hour MonthAllocated Time Prj406E-CommerceSmith127A13012/9950 hour 1/ hour Mark431A22512/9920 hour 1/ hour Tom121A13012/9920 hour 1/ hour Prj012PayrollJack114A13012/9922 hour 1/ hour Green323A22512/9926 hour 1/ hour Dr. Magdi Amer
First Normal Form Each record contains the same number of columns. Each column contain 1 and only 1 value. No information is saved in the order of the records. Each Record must have a key 5 Project code DescriptionEmployee nameEmp #GradeCost/ hourMonthAllocated Time Prj406E-CommerceSmith127A13012/9950 hour Prj406E-CommerceSmith127A1301/ hour Prj406E-CommerceMark431A22512/9920 hour Prj406E-CommerceMark431A2251/ hour Prj406E-CommerceTom121A13012/9920 hour Prj406E-CommerceTom121A1301/ hour Prj012PayrollJack114A13012/9922 hour Prj012PayrollJack114A1301/ hour Prj012PayrollGreen323A22512/9926 hour Prj012PayrollGreen323A2251/ hour Dr. Magdi Amer
Second Normal Form Each column is a function of the entire key, not part of the key. 6 Project code DescriptionEmployee nameEmp #GradeCost/ hourMonthAllocated Time Prj406E-CommerceSmith127A13012/9950 hour Prj406E-CommerceSmith127A1301/ hour Prj406E-CommerceMark431A22512/9920 hour Prj406E-CommerceMark431A2251/ hour Prj406E-CommerceTom121A13012/9920 hour Prj406E-CommerceTom121A1301/ hour Prj012PayrollJack114A13012/9922 hour Prj012PayrollJack114A1301/ hour Prj012PayrollGreen323A22512/9926 hour Prj012PayrollGreen323A2251/ hour Dr. Magdi Amer
Second Normal Form Each column is a function of the entire key, not part of the key. 7Dr. Magdi Amer
Third Normal Form Each column is directly a function of the key. Third normal form is violated when a non-key field is a fact about another non-key field 8Dr. Magdi Amer
Normalization What you need to remember: Normalization is needed: – To save space – To prevent data inconsistency (2 rows supposedly containing the same info but in reality there is a difference in the information stored) – To facilitate update 9Dr. Magdi Amer Student_idStudent_nameCampus_nameCampus_location S101AmalFemale-campusAbedeya S102NohaFemale-campusAbedeya S103HebaFemale-campusDowntown S104MonaFemale-campusDowntown Example of inconsistent data due to lack of normalization
Introduction to SQL 10Dr. Magdi Amer
Introduction to SQL 11Dr. Magdi Amer
Introduction to SQL 12Dr. Magdi Amer
Getting data from normalized tables 13Dr. Magdi Amer Select Employee.Employee_number, Employee.Employee_name, Grade_data.Grade, Grade_data.Cost_per_hour From Employee inner join Grade_data on Grade_data.Grade = Employee.Grade Employee Grade_Data This is done by rebuilding the original table before normalization
Accessing Oracle Express Dr. Magdi Amer14
Dr. Magdi Amer15 Accessing Oracle Express
Dr. Magdi Amer16
Dr. Magdi Amer17 SQL Dev
Dr. Magdi Amer18 SQL Dev
Dr. Magdi Amer19 SQL Dev
Dr. Magdi Amer20 SQL Dev
Dr. Magdi Amer21 SQL Dev
22Dr. Magdi Amer Creating NetBeans App
23Dr. Magdi Amer Making a Connection
24Dr. Magdi Amer Accessing the data from Java
25Dr. Magdi Amer Accessing the data from Java
Making a query 26Dr. Magdi Amer import java.io.*; import java.sql.*; public class DatabaseTest{ public static void main(String[] args){ Connection con= null; Statement s = null; try { con = DatabaseManager.getConnection(); s = con.createStatement(); String query = " SELECT firstName, lastName, sin FROM Employee" ; System.out.println(query); ResultSet result = s.executeQuery(query); String firstName, lastName, sin;
Making a query 27Dr. Magdi Amer while(result.next()) { firstName = result.getString("firstName"); lastName = result.getString("lastName"); sin = result.getString("sin"); System.out.println("first Name = "+firstName+"last Name="+lastName+ "sin ="+sin); }//end while }//end try catch(Exception ex) { System.out.println(ex); } finally { if(con != null) try { con.close(); } catch(Exception ex) { ex.printStackTrace(); } } } // end main } // end class
28Dr. Magdi Amer Writing in a table
29Dr. Magdi Amer Writing in a table
30Dr. Magdi Amer Writing in a table
31Dr. Magdi Amer Writing in a table
32Dr. Magdi Amer Writing in a table try { con = DatabaseManager.getConnection(); s = con.createStatement(); String sql = "create table Data (name varchar (32), id integer);"; int result = s.executeUpdate(sql); sql = "insert into Data (name, id) values ('Tom', 123 );"; result = s.executeUpdate(sql); sql = "insert into Data (name, id) values ('Mike', 123 );"; result = s.executeUpdate(sql); sql = "UPDATE Data SET Data.id = 121 WHERE (Data.name='Mike');"; result = s.executeUpdate(sql); }
33Dr. Magdi Amer Writing in a table catch(Exception ex) { System.out.println(ex); } finally { try { s.close(); con.close(); } catch(Exception e) { System.out.println(e);} } } }
Dr. Magdi Amer34 SQL Injection Consider the following code Normally this code will return the information if the password is correct What will happen if the user enters ' or '1'='1 The executed query will be SELECT firstName, lastName, sin FROM Employee where password = ' ' or '1'='1‘ The previous query result will always be true hacker can access any record ……… String pass = // read from GUI or web String query = " SELECT firstName, lastName, sin FROM Employee where password = ' "+pass+ " ' "; ResultSet result = s.executeQuery(query); ……………
35Dr. Magdi Amer public void Save() { String query = "INSERT INTO LANGUAGE ( ID, NAME) VALUES (?, ?)"; PreparedStatement s = null; Connection con = null; String url=”…”; try { Connection con = DatabaseManager.getConnection(); s = con.prepareStatement(query); s.setString(2, ""+getName()); //reads it from GUI or web s.setString(1, ""+getId()); // reads it from GUI or web int result = s.executeUpdate(); } catch (SQLException e) { System.err.println(e); } finally { try{ if(s !=null) s.close(); if(con != null) con.close(); } catch(Exception e1) { System.err.println(e1); } } } Prepared Statement
36Dr. Magdi Amer Example
37Dr. Magdi Amer From Java to DB
38Dr. Magdi Amer Saving: Tire
39Dr. Magdi Amer Saving : Motor
40Dr. Magdi Amer Saving : Motor
41Dr. Magdi Amer Saving : Car
42Dr. Magdi Amer Saving : Car
43Dr. Magdi Amer Example: Saving
44Dr. Magdi Amer Loading: Motor
45Dr. Magdi Amer Loading: Tire
46Dr. Magdi Amer Loading: Car
47Dr. Magdi Amer Example: Loading