Dr. Magdi AMER Unit 2 Introduction to Database. Intro Many programs need to save information on...

Post on 20-Jan-2016

213 views 0 download

Tags:

transcript

Dr. Magdi AMER

Unit 2Introduction to Database

Dr. Magdi Amer 2

Intro• Many programs need to save information on disk.• The role of DB system is to provide a layer of abstraction between the

program and the database (Save, read, update, delete).• First system was released in 1960 by IBM called Information

Management System (IMS).• It was based on the hierarchical model.

Dr. Magdi Amer 3

Intro (Cnt)• Hierarchical model has several drawbacks (query, update)• Edgar Codd, a British mathematician, created the relational

model in 1970, where information is saved into tables.• SEQUEL, which was later named SQL (but still pronounced

sequel), was developed, based on relational algebra to allow users to define, query and update the database in a standardized way.

• Codd, with the collaboration of Chris Date, formed their own consulting company and continued to develop the relational standard.

Dr. Magdi Amer 4

First Normal FormProject code Description Employee

nameEmp # Grade Cost/

hourMonth Allocated

Time

Prj406 E-Commerce Smith 127 A1 30 12/99 50 hour

1/2000 40 hour

Mark 431 A2 25 12/99 20 hour

1/2000 60 hour

Tom 121 A1 30 12/99 20 hour

1/2000 25 hour

Prj012 Payroll Jack 114 A1 30 12/99 22 hour

1/2000 43 hour

Green 323 A2 25 12/99 26 hour

1/2000 13 hour

Dr. Magdi Amer 5

First Normal Form• Each record contains the same number of columns.• Each column contain 1 and only 1 value.• No information is saved in the order of the records.• Each Record must have a key

Project code

Description Employee name Emp # Grade Cost/ hour Month Allocated Time

Prj406 E-Commerce Smith 127 A1 30 12/99 50 hour

Prj406 E-Commerce Smith 127 A1 30 1/2000 40 hour

Prj406 E-Commerce Mark 431 A2 25 12/99 20 hour

Prj406 E-Commerce Mark 431 A2 25 1/2000 60 hour

Prj406 E-Commerce Tom 121 A1 30 12/99 20 hour

Prj406 E-Commerce Tom 121 A1 30 1/2000 25 hour

Prj012 Payroll Jack 114 A1 30 12/99 22 hour

Prj012 Payroll Jack 114 A1 30 1/2000 43 hour

Prj012 Payroll Green 323 A2 25 12/99 26 hour

Prj012 Payroll Green 323 A2 25 1/2000 13 hour

Dr. Magdi Amer 6

Second Normal Form• Each column is a function of the entire key, not part of the key.

Project code

Description Employee name Emp # Grade Cost/ hour Month Allocated Time

Prj406 E-Commerce Smith 127 A1 30 12/99 50 hour

Prj406 E-Commerce Smith 127 A1 30 1/2000 40 hour

Prj406 E-Commerce Mark 431 A2 25 12/99 20 hour

Prj406 E-Commerce Mark 431 A2 25 1/2000 60 hour

Prj406 E-Commerce Tom 121 A1 30 12/99 20 hour

Prj406 E-Commerce Tom 121 A1 30 1/2000 25 hour

Prj012 Payroll Jack 114 A1 30 12/99 22 hour

Prj012 Payroll Jack 114 A1 30 1/2000 43 hour

Prj012 Payroll Green 323 A2 25 12/99 26 hour

Prj012 Payroll Green 323 A2 25 1/2000 13 hour

Dr. Magdi Amer 7

Second Normal Form• Each column is a function of the entire key, not part of the key.

Dr. Magdi Amer 8

Third Normal Form• Each column is directly a function of the key.• Third normal form is violated when a non-key field is a fact about another

non-key field

Dr. Magdi Amer 9

NormalizationWhat you need to remember:• Normalization is needed:

– To save space– To prevent data inconsistency (2 rows supposedly containing the same info but in reality

there is a difference in the information stored)– To facilitate update

Student_id Student_name Campus_name Campus_location

S101 Amal Female-campus Abedeya

S102 Noha Female-campus Abedeya

S103 Heba Female-campus Downtown

S104 Mona Female-campus Downtown

Example of inconsistent data due to lack of normalization

Dr. Magdi Amer 10

Introduction to SQL

Dr. Magdi Amer 11

Introduction to SQL

Dr. Magdi Amer 12

Introduction to SQL

Dr. Magdi Amer 13

Getting data from normalized tables

Select Employee.Employee_number, Employee.Employee_name, Grade_data.Grade, Grade_data.Cost_per_hourFrom Employee inner join Grade_data on Grade_data.Grade = Employee.Grade

Employee

Grade_Data

This is done by rebuilding the original table before normalization

Dr. Magdi Amer 14

Accessing Oracle Express

Dr. Magdi Amer 15

Accessing Oracle Express

Dr. Magdi Amer 16

Dr. Magdi Amer 17

SQL Dev

Dr. Magdi Amer 18

SQL Dev

Dr. Magdi Amer 19

SQL Dev

Dr. Magdi Amer 20

SQL Dev

Dr. Magdi Amer 21

SQL Dev

Dr. Magdi Amer 22

Creating NetBeans App

Dr. Magdi Amer 23

Making a Connection

Dr. Magdi Amer 24

Accessing the data from Java

Dr. Magdi Amer 25

Accessing the data from Java

Dr. Magdi Amer 26

Making a queryimport java.io.*;

import java.sql.*;

public class DatabaseTest{

public static void main(String[] args){

Connection con= null;

Statement s = null;

try { con = DatabaseManager.getConnection();

s = con.createStatement(); String query = " SELECT firstName, lastName, sin FROM Employee" ; System.out.println(query); ResultSet result = s.executeQuery(query);String firstName, lastName, sin;

Dr. Magdi Amer 27

Making a querywhile(result.next())

{ firstName = result.getString("firstName"); lastName = result.getString("lastName"); sin = result.getString("sin"); System.out.println("first Name = "+firstName+"last Name="+lastName+ "sin ="+sin); }//end while}//end trycatch(Exception ex){ System.out.println(ex); } finally { if(con != null) try { con.close(); } catch(Exception ex) { ex.printStackTrace(); } }} // end main} // end class

Dr. Magdi Amer 28

Writing in a table

Dr. Magdi Amer 29

Writing in a table

Dr. Magdi Amer 30

Writing in a table

Dr. Magdi Amer 31

Writing in a table

Dr. Magdi Amer 32

Writing in a tabletry {

con = DatabaseManager.getConnection();

s = con.createStatement();

String sql = "create table Data (name varchar (32), id integer);";

int result = s.executeUpdate(sql);

sql = "insert into Data (name, id) values ('Tom', 123 );";

result = s.executeUpdate(sql);

sql = "insert into Data (name, id) values ('Mike', 123 );";

result = s.executeUpdate(sql);

sql = "UPDATE Data SET Data.id = 121 WHERE (Data.name='Mike');";

result = s.executeUpdate(sql); }

Dr. Magdi Amer 33

Writing in a tablecatch(Exception ex)

{ System.out.println(ex); }

finally

{ try { s.close(); con.close(); }

catch(Exception e) { System.out.println(e);}

} } }

Dr. Magdi Amer 34

SQL Injection• Consider the following code

• Normally this code will return the information if the password is correct• What will happen if the user enters ' or '1'='1• The executed query will be

SELECT firstName, lastName, sin FROM Employee where password = ' ' or '1'='1‘

• The previous query result will always be true hacker can access any record

………

String pass = // read from GUI or web

String query = " SELECT firstName, lastName, sin FROM Employee where password = ' "+pass+ " ' ";

ResultSet result = s.executeQuery(query);

……………

Dr. Magdi Amer 35

public void Save() {

String query = "INSERT INTO LANGUAGE ( ID, NAME) VALUES (?, ?)";

PreparedStatement s = null;

Connection con = null;

String url=”…”;

try {

Connection con = DatabaseManager.getConnection();

s = con.prepareStatement(query);

s.setString(2, ""+getName()); //reads it from GUI or web

s.setString(1, ""+getId()); // reads it from GUI or web

int result = s.executeUpdate(); }

catch (SQLException e) { System.err.println(e); }

finally {

try{ if(s !=null) s.close(); if(con != null) con.close(); }

catch(Exception e1)

{ System.err.println(e1); }

} }

Prepared Statement

Dr. Magdi Amer 36

Example

Dr. Magdi Amer 37

From Java to DB

Dr. Magdi Amer 38

Saving: Tire

Dr. Magdi Amer 39

Saving : Motor

Dr. Magdi Amer 40

Saving : Motor

Dr. Magdi Amer 41

Saving : Car

Dr. Magdi Amer 42

Saving : Car

Dr. Magdi Amer 43

Example: Saving

Dr. Magdi Amer 44

Loading: Motor

Dr. Magdi Amer 45

Loading: Tire

Dr. Magdi Amer 46

Loading: Car

Dr. Magdi Amer 47

Example: Loading