Post on 20-Jan-2016
transcript
Dr. Magdi AMER
Unit 2Introduction to Database
Dr. Magdi Amer 2
Intro• Many programs need to save information on disk.• The role of DB system is to provide a layer of abstraction between the
program and the database (Save, read, update, delete).• First system was released in 1960 by IBM called Information
Management System (IMS).• It was based on the hierarchical model.
Dr. Magdi Amer 3
Intro (Cnt)• Hierarchical model has several drawbacks (query, update)• Edgar Codd, a British mathematician, created the relational
model in 1970, where information is saved into tables.• SEQUEL, which was later named SQL (but still pronounced
sequel), was developed, based on relational algebra to allow users to define, query and update the database in a standardized way.
• Codd, with the collaboration of Chris Date, formed their own consulting company and continued to develop the relational standard.
Dr. Magdi Amer 4
First Normal FormProject code Description Employee
nameEmp # Grade Cost/
hourMonth Allocated
Time
Prj406 E-Commerce Smith 127 A1 30 12/99 50 hour
1/2000 40 hour
Mark 431 A2 25 12/99 20 hour
1/2000 60 hour
Tom 121 A1 30 12/99 20 hour
1/2000 25 hour
Prj012 Payroll Jack 114 A1 30 12/99 22 hour
1/2000 43 hour
Green 323 A2 25 12/99 26 hour
1/2000 13 hour
Dr. Magdi Amer 5
First Normal Form• Each record contains the same number of columns.• Each column contain 1 and only 1 value.• No information is saved in the order of the records.• Each Record must have a key
Project code
Description Employee name Emp # Grade Cost/ hour Month Allocated Time
Prj406 E-Commerce Smith 127 A1 30 12/99 50 hour
Prj406 E-Commerce Smith 127 A1 30 1/2000 40 hour
Prj406 E-Commerce Mark 431 A2 25 12/99 20 hour
Prj406 E-Commerce Mark 431 A2 25 1/2000 60 hour
Prj406 E-Commerce Tom 121 A1 30 12/99 20 hour
Prj406 E-Commerce Tom 121 A1 30 1/2000 25 hour
Prj012 Payroll Jack 114 A1 30 12/99 22 hour
Prj012 Payroll Jack 114 A1 30 1/2000 43 hour
Prj012 Payroll Green 323 A2 25 12/99 26 hour
Prj012 Payroll Green 323 A2 25 1/2000 13 hour
Dr. Magdi Amer 6
Second Normal Form• Each column is a function of the entire key, not part of the key.
Project code
Description Employee name Emp # Grade Cost/ hour Month Allocated Time
Prj406 E-Commerce Smith 127 A1 30 12/99 50 hour
Prj406 E-Commerce Smith 127 A1 30 1/2000 40 hour
Prj406 E-Commerce Mark 431 A2 25 12/99 20 hour
Prj406 E-Commerce Mark 431 A2 25 1/2000 60 hour
Prj406 E-Commerce Tom 121 A1 30 12/99 20 hour
Prj406 E-Commerce Tom 121 A1 30 1/2000 25 hour
Prj012 Payroll Jack 114 A1 30 12/99 22 hour
Prj012 Payroll Jack 114 A1 30 1/2000 43 hour
Prj012 Payroll Green 323 A2 25 12/99 26 hour
Prj012 Payroll Green 323 A2 25 1/2000 13 hour
Dr. Magdi Amer 7
Second Normal Form• Each column is a function of the entire key, not part of the key.
Dr. Magdi Amer 8
Third Normal Form• Each column is directly a function of the key.• Third normal form is violated when a non-key field is a fact about another
non-key field
Dr. Magdi Amer 9
NormalizationWhat you need to remember:• Normalization is needed:
– To save space– To prevent data inconsistency (2 rows supposedly containing the same info but in reality
there is a difference in the information stored)– To facilitate update
Student_id Student_name Campus_name Campus_location
S101 Amal Female-campus Abedeya
S102 Noha Female-campus Abedeya
S103 Heba Female-campus Downtown
S104 Mona Female-campus Downtown
Example of inconsistent data due to lack of normalization
Dr. Magdi Amer 10
Introduction to SQL
Dr. Magdi Amer 11
Introduction to SQL
Dr. Magdi Amer 12
Introduction to SQL
Dr. Magdi Amer 13
Getting data from normalized tables
Select Employee.Employee_number, Employee.Employee_name, Grade_data.Grade, Grade_data.Cost_per_hourFrom Employee inner join Grade_data on Grade_data.Grade = Employee.Grade
Employee
Grade_Data
This is done by rebuilding the original table before normalization
Dr. Magdi Amer 14
Accessing Oracle Express
Dr. Magdi Amer 15
Accessing Oracle Express
Dr. Magdi Amer 16
Dr. Magdi Amer 17
SQL Dev
Dr. Magdi Amer 18
SQL Dev
Dr. Magdi Amer 19
SQL Dev
Dr. Magdi Amer 20
SQL Dev
Dr. Magdi Amer 21
SQL Dev
Dr. Magdi Amer 22
Creating NetBeans App
Dr. Magdi Amer 23
Making a Connection
Dr. Magdi Amer 24
Accessing the data from Java
Dr. Magdi Amer 25
Accessing the data from Java
Dr. Magdi Amer 26
Making a queryimport java.io.*;
import java.sql.*;
public class DatabaseTest{
public static void main(String[] args){
Connection con= null;
Statement s = null;
try { con = DatabaseManager.getConnection();
s = con.createStatement(); String query = " SELECT firstName, lastName, sin FROM Employee" ; System.out.println(query); ResultSet result = s.executeQuery(query);String firstName, lastName, sin;
Dr. Magdi Amer 27
Making a querywhile(result.next())
{ firstName = result.getString("firstName"); lastName = result.getString("lastName"); sin = result.getString("sin"); System.out.println("first Name = "+firstName+"last Name="+lastName+ "sin ="+sin); }//end while}//end trycatch(Exception ex){ System.out.println(ex); } finally { if(con != null) try { con.close(); } catch(Exception ex) { ex.printStackTrace(); } }} // end main} // end class
Dr. Magdi Amer 28
Writing in a table
Dr. Magdi Amer 29
Writing in a table
Dr. Magdi Amer 30
Writing in a table
Dr. Magdi Amer 31
Writing in a table
Dr. Magdi Amer 32
Writing in a tabletry {
con = DatabaseManager.getConnection();
s = con.createStatement();
String sql = "create table Data (name varchar (32), id integer);";
int result = s.executeUpdate(sql);
sql = "insert into Data (name, id) values ('Tom', 123 );";
result = s.executeUpdate(sql);
sql = "insert into Data (name, id) values ('Mike', 123 );";
result = s.executeUpdate(sql);
sql = "UPDATE Data SET Data.id = 121 WHERE (Data.name='Mike');";
result = s.executeUpdate(sql); }
Dr. Magdi Amer 33
Writing in a tablecatch(Exception ex)
{ System.out.println(ex); }
finally
{ try { s.close(); con.close(); }
catch(Exception e) { System.out.println(e);}
} } }
Dr. Magdi Amer 34
SQL Injection• Consider the following code
• Normally this code will return the information if the password is correct• What will happen if the user enters ' or '1'='1• The executed query will be
SELECT firstName, lastName, sin FROM Employee where password = ' ' or '1'='1‘
• The previous query result will always be true hacker can access any record
………
String pass = // read from GUI or web
String query = " SELECT firstName, lastName, sin FROM Employee where password = ' "+pass+ " ' ";
ResultSet result = s.executeQuery(query);
……………
Dr. Magdi Amer 35
public void Save() {
String query = "INSERT INTO LANGUAGE ( ID, NAME) VALUES (?, ?)";
PreparedStatement s = null;
Connection con = null;
String url=”…”;
try {
Connection con = DatabaseManager.getConnection();
s = con.prepareStatement(query);
s.setString(2, ""+getName()); //reads it from GUI or web
s.setString(1, ""+getId()); // reads it from GUI or web
int result = s.executeUpdate(); }
catch (SQLException e) { System.err.println(e); }
finally {
try{ if(s !=null) s.close(); if(con != null) con.close(); }
catch(Exception e1)
{ System.err.println(e1); }
} }
Prepared Statement
Dr. Magdi Amer 36
Example
Dr. Magdi Amer 37
From Java to DB
Dr. Magdi Amer 38
Saving: Tire
Dr. Magdi Amer 39
Saving : Motor
Dr. Magdi Amer 40
Saving : Motor
Dr. Magdi Amer 41
Saving : Car
Dr. Magdi Amer 42
Saving : Car
Dr. Magdi Amer 43
Example: Saving
Dr. Magdi Amer 44
Loading: Motor
Dr. Magdi Amer 45
Loading: Tire
Dr. Magdi Amer 46
Loading: Car
Dr. Magdi Amer 47
Example: Loading