Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL DOM: Compile Time Checking of Dynamic SQL Statements Russel A. McClure Ingolf H. Krüger ICSE 2005 University of California, San Diego Department of.

Published byBernard Richardson Modified over 8 years ago

Similar presentations

Presentation on theme: "SQL DOM: Compile Time Checking of Dynamic SQL Statements Russel A. McClure Ingolf H. Krüger ICSE 2005 University of California, San Diego Department of."— Presentation transcript:

1 SQL DOM: Compile Time Checking of Dynamic SQL Statements Russel A. McClure Ingolf H. Krüger ICSE 2005 University of California, San Diego Department of Computer Science and Engineering

2 “Impedance Mismatch” Huh? OO = Software Engineering Principles Relational = Mathematical Principles. Impedance Mismatch: An SQL “select” in Java. –In OO you traverse pointers, and send messages. –In Relational, you apply operators to relations: Select Cartesian Product Project Union Set Difference

3 Tedious Composition of SQL statements Challenge: generate a simple SQL query on customers relation: SELECT * FROM Customers WHERE companyName = ‘ ’ AND …

4 public string GetCustomers(string companyName, …. ) { bool firstCondition = true; StringBuilder sql= new StringBuilder(“SELECT * FROM Customers “); if ((companyName!= null) && (companyName.Length > 0) { if (firstCondition) { firstCondition=false; sql,Append (“ WHERE “); } else sql.Append(“ AND”); sql.Append(“CompnyName=‘”); sql.Append(companyName); sql.Append(“’”); } return sql.ToString(); } Tedious Composition of SQL statements misspelled name ! SQL syntax error Can you find the bugs? (Sorry, the compiler won’t help you)

5 Type Translation Horrors public string SetUnitsInStock (int productID, int unitsInStock) { string sql = “UPDATE Products “ + “ SET UnitsInStock = “ + unitsInStock.ToString() + “ WHERE ProductID = “ + productID.ToString(); return sql; } UnitsInStock is 16-bit integer. Runtime error if unitsInStock (32-bit integer) is too big.

6 The SQL DOM solution database DOM sqldomgen the SQL DOM generator sqldomgen – an executable, executed against a database. Output: a DLL (Dynamic Link Library). Classes are referred to as SQL DOM – SQL Domain Object Model.

7 How about now? public string GetCustomers (string companyName, … ) { CustomersTblSelectSQLStmt sql= new CustomersTblSelectSQLStmt (); if ((companyName!= null) && (companyName.Length > 0) { sql.AddWhereCondition( new CompanyNameWhereCond(companyName)); } return sql.GetSQL(); }

8 The DOM works its wonders in mysterious ways… 3 steps for DOM generation: Obtain database schema (through methods from OLEDB provider) Iterate through tables and columns (produce source files) Compile… (produce DLL)

9 The Object Model Three main types of classes: SQL statements –select –update –insert –delete columns where conditions

10 SQL Statements SQLStmt InsertSQLStmtUpdateSQLStmtSelectSQLStmt CustomersTblSelectSQLStmtOrdersTblSelectSQLStmt CustomersTblSelectSQLStmt() JoinToOrders() JoinTo() AddWhereCondition() AddOrderBy() OrdersTblSelectSQLStmt() JoinToOrderDetails() JoinToCustomers() JoinTo() …

11 Column classes CustomersTblColumn CustomersTblInsertColumnCustomersTblUpdateColumn CustomersTblSelectColumn Column

12 Remember “nasty bug”? This is what would happen now public string SetUnitsInStock(int productID, int unitsInStock) { … sql.UnitsInStock = | … }

13 Where condition classes CustomersTblWhereCond CustomerIDWhereCondCompanyNameWhereCond WhereCond

14 So this the answer… public string GetCustomers (string companyName, … ) { CustomersTblSelectSQLStmt sql= new CustomersTblSelectSQLStmt (); if ((companyName!= null) && (companyName.Length > 0) { sql.AddWhereCondition( new CompanyNameWhereCond(companyName)); } return sql.GetSQL(); }

15 Advantages Problems solved: –type mismatch –syntax errors (and spelling errors) –semantic (structural) errors and more…

16 Databases Change!! Question: What’ll happen when there is a change in the database? Answer: Re-run sqldomgen. May get errors: No such class exists – if table/column is renamed/removed Data type conversion error – if data type of column is changed Missing constructor parameter – if a new column is added to a table

17 Convenient IDE public string GetallCustomers() { new CustomersTblSelectSQLStmt( ECustomersTblColumns.CustomerID, ECustomersTblColumns. …

18 SQL injection protection example: malicious SQL statements inserted into database through web form. e.g. submission of parameter “Bad Guy’ drop table Customers” non-string data types are now safe string types are checked and proofed

19 Disadvantages We do not enjoy the full power of SQL. What about GROUP BY and aggregate functions? EXISTS keyword? Nested queries? Co-dependent queries?

20 Can we do this? SELECT column1,column2 FROM Table T WHERE column2 > (SELECT AVG(column2) FROM Table T1 WHERE T.column1=T1.column1)

21 Disadvantages Performance (??) –Query generation takes up to x100 longer  –But…Actual figures are in thousands of ms per 10,000 generations of queries. –Query generation time << query runtime

22 Other existing developments SQLJ/Embedded SQL – do not support dynamic SQL statements. Object/relational mapping and persistent object systems – reduce expressive power.

23 Conclusion Many runtime problems become compile-time problems. More convenient Less powerful Slight overhead

Download ppt "SQL DOM: Compile Time Checking of Dynamic SQL Statements Russel A. McClure Ingolf H. Krüger ICSE 2005 University of California, San Diego Department of."

Similar presentations

Java Script Session1 INTRODUCTION.

Java Script Session1 INTRODUCTION.
Murali Mani Persistent Stored Modules (Stored Procedures) : PSM.

Murali Mani Persistent Stored Modules (Stored Procedures) : PSM.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 13 Introduction to SQL Programming Techniques.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 13 Introduction to SQL Programming Techniques.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
End of SQL: Triggers, Impedance Mismatch and Transactions February 6 th, 2004.

End of SQL: Triggers, Impedance Mismatch and Transactions February 6 th, 2004.
Using Relational Databases and SQL Steven Emory Department of Computer Science California State University, Los Angeles Lecture 10: Advanced Topics.

Using Relational Databases and SQL Steven Emory Department of Computer Science California State University, Los Angeles Lecture 10: Advanced Topics.
Java Review 2 – Errors, Exceptions, Debugging Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Java Review 2 – Errors, Exceptions, Debugging Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
MIS2502: Data Analytics MySQL and SQL Workbench David Schuff

MIS2502: Data Analytics MySQL and SQL Workbench David Schuff
Deep Typechecking and Refactoring Zachary Tatlock, Chris Tucker, David Shuffleton, Ranjit Jhala, Sorin Lerner 1 University of California, San Diego.

Deep Typechecking and Refactoring Zachary Tatlock, Chris Tucker, David Shuffleton, Ranjit Jhala, Sorin Lerner 1 University of California, San Diego.
Embedded SQL Host Language (record-oriented) DBMS (set-oriented) 1. Query 3. Process a tuple at a time 4. Close Cursor 2. Evaluate query. Provide cursor.

Embedded SQL Host Language (record-oriented) DBMS (set-oriented) 1. Query 3. Process a tuple at a time 4. Close Cursor 2. Evaluate query. Provide cursor.
Getting connected.  Java application calls the JDBC library.  JDBC loads a driver which talks to the database.  We can change database engines without.

Getting connected.  Java application calls the JDBC library.  JDBC loads a driver which talks to the database.  We can change database engines without.
CPS120: Introduction to Computer Science Information Systems: Database Management Nell Dale John Lewis.

CPS120: Introduction to Computer Science Information Systems: Database Management Nell Dale John Lewis.
UNIT 3 TEMPLATE AND EXCEPTION HANDLING. Introduction  Program errors are also referred to as program bugs.  A C program may have one or more of four.

UNIT 3 TEMPLATE AND EXCEPTION HANDLING. Introduction  Program errors are also referred to as program bugs.  A C program may have one or more of four.
SQL Training SQL Statements – Part 1. Confidential & Proprietary Copyright © 2009 Cardinal Directions, Inc. Lesson Objectives Explain the role of SQL.

SQL Training SQL Statements – Part 1. Confidential & Proprietary Copyright © 2009 Cardinal Directions, Inc. Lesson Objectives Explain the role of SQL.
Data Access Patterns Some of the problems with data access from OO programs: 1.Data source and OO program use different data modelling concepts 2.Decoupling.

Data Access Patterns Some of the problems with data access from OO programs: 1.Data source and OO program use different data modelling concepts 2.Decoupling.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.

9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
Chapter 7 Advanced SQL Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.

Chapter 7 Advanced SQL Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.
Java Chapter 1 Problem solving: 1. Understanding the problem. 2. Breaking the problem into manageable pieces. 3. Designing a solution. 4. Considering alternatives.

Java Chapter 1 Problem solving: 1. Understanding the problem. 2. Breaking the problem into manageable pieces. 3. Designing a solution. 4. Considering alternatives.
Introduction to LINQ Lecture # 19 August 2 2013. Introduction How do you interrogate/manipulate data? What if you could do the work in a type-safe, string-free.

Introduction to LINQ Lecture # 19 August Introduction How do you interrogate/manipulate data? What if you could do the work in a type-safe," string-free.
SQL 101 for Web Developers 14 November 2012. What is a database and why have one? Tables, relationships, normalization SQL – What SQL is and isn’t – CRUD:

SQL 101 for Web Developers 14 November What is a database and why have one? Tables, relationships, normalization SQL – What SQL is and isn’t – CRUD:

Similar presentations

Ads by Google