Download SQL_DOM

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
Document related concepts
no text concepts found
Transcript 
SQL DOM: Compile Time Checking of
Dynamic SQL Statements
Russel A. McClure
Ingolf H. Krüger
ICSE 2005
University of California, San Diego
Department of Computer Science and Engineering
“Impedance Mismatch” Huh?
• OO = Software Engineering Principles
• Relational = Mathematical Principles.
• Impedance Mismatch: An SQL “select” in Java.
– In OO you traverse pointers, and send messages.
– In Relational, you apply operators to relations:
•
•
•
•
•
Select
Cartesian Product
Project
Union
Set Difference
Tedious Composition of SQL
statements
Challenge: generate a simple SQL query on
customers relation:
SELECT *
FROM Customers
WHERE companyName = ‘<company name>’
AND …
Tedious Composition of SQL
statements
public string GetCustomers(string companyName, …. )
{
bool firstCondition = true;
StringBuilder sql= new StringBuilder(“SELECT *
FROM Customers “);
if ((companyName!= null) && (companyName.Length
> 0) {
if (firstCondition) {
SQL syntax
firstCondition=false;
error
sql,Append
(“ WHERE “);
Can you
find the bugs?
} else
(Sorry, the compiler
sql.Append(“ AND”);
won’t help you)
sql.Append(“CompnyName=‘”);
sql.Append(companyName);
misspelled name
sql.Append(“’”);
!
}
return sql.ToString();
}
Type Translation Horrors
public string SetUnitsInStock (int
productID, int unitsInStock)
{
string sql = “UPDATE Products “ + “ SET
UnitsInStock = “ + unitsInStock.ToString()
+ “ WHERE ProductID = “ +
productID.ToString();
return sql;
}
UnitsInStock is 16-bit
integer. Runtime error if
unitsInStock (32-bit
integer) is too big.
The SQL DOM solution
sqldomgen – an executable, executed against a
database.
database
sqldomgen
DOM
the SQL DOM
generator
Output: a DLL (Dynamic Link Library). Classes are referred to
SQL DOM – SQL Domain Object
Model.
as
How about now?
public string GetCustomers (string companyName, …
)
{
CustomersTblSelectSQLStmt sql= new
CustomersTblSelectSQLStmt ();
if ((companyName!= null) && (companyName.Length
> 0)
{
sql.AddWhereCondition( new
CompanyNameWhereCond(companyName));
}
return sql.GetSQL();
}
The DOM works its wonders in
mysterious ways…
3 steps for DOM generation:
• Obtain database schema (through methods
from OLEDB provider)
• Iterate through tables and columns (produce
source files)
• Compile… (produce DLL)
The Object Model
Three main types of classes:
• SQL statements
–
–
–
–
select
update
insert
delete
• columns
• where conditions
SQL Statements
SQLStmt
InsertSQLStmt
SelectSQLStmt
UpdateSQLStmt
CustomersTblSelectSQLStmt
OrdersTblSelectSQLStmt
CustomersTblSelectSQLStmt()
OrdersTblSelectSQLStmt()
JoinToOrders()
JoinToOrderDetails()
JoinTo()
JoinToCustomers()
AddWhereCondition()
JoinTo()
AddOrderBy()
…
Column classes
Column
CustomersTblColumn
CustomersTblInsertColumn
CustomersTblUpdateColumn
CustomersTblSelectColumn
Remember “nasty bug”?
This is what would happen now
public string SetUnitsInStock(int
productID, int unitsInStock)
{
…
sql.UnitsInStock = |
…
}
Where condition classes
WhereCond
CustomersTblWhereCond
CustomerIDWhereCond
CompanyNameWhereCond
So this the answer…
public string GetCustomers (string companyName,
… )
{
CustomersTblSelectSQLStmt sql= new
CustomersTblSelectSQLStmt ();
if ((companyName!= null) &&
(companyName.Length > 0)
{
sql.AddWhereCondition( new
CompanyNameWhereCond(companyName));
}
return sql.GetSQL();
}
Advantages
• Problems solved:
– type mismatch
– syntax errors (and spelling errors)
– semantic (structural) errors
and more…
Databases Change!!
Question: What’ll happen when there is a
change in the database?
Answer: Re-run sqldomgen. May get errors:
•No such class exists – if table/column is
renamed/removed
•Data type conversion error – if data type of
column is changed
•Missing constructor parameter – if a new column
is added to a table
Convenient IDE
public string GetallCustomers()
{
new CustomersTblSelectSQLStmt(
ECustomersTblColumns.CustomerID,
ECustomersTblColumns.
…
SQL injection protection
example: malicious SQL statements inserted
into database through web form.
e.g. submission of parameter
“Bad Guy’ drop table Customers”
• non-string data types are now safe
• string types are checked and proofed
Disadvantages
We do not enjoy the full power of SQL.
• What about GROUP BY and aggregate
functions?
• EXISTS keyword?
• Nested queries? Co-dependent queries?
Can we do this?
SELECT column1,column2
FROM Table T
WHERE column2 >
(SELECT AVG(column2)
FROM Table T1
WHERE T.column1=T1.column1)
Disadvantages
• Performance (??)
– Query generation takes up to x100
longer 
– But…Actual figures are in thousands of
ms per 10,000 generations of queries.
– Query generation time << query runtime

Other existing developments
• SQLJ/Embedded SQL –
do not support dynamic SQL statements.
• Object/relational mapping and
persistent object systems –
reduce expressive power.
Conclusion
• Many runtime problems become
compile-time problems.
• More convenient
• Less powerful
• Slight overhead
Related documents