Database Stored Procedures

8/14/2019 Database Stored Procedures

1/63

Copyright Sammamish SoftwareServices 2003. All rights reserved. 1

Mary R. Sweeney

[email protected]


2/63


3/63


4/63


5/63

What are stored procedures? Why do developers use them?

Performance optimization by the DBMS

Security: access can be limited Robustness against hacks

Why test stored procedures?

Arent there test tools out there that canhandle this?



6/63


App source codeC++, Java, etc.

Routines for

accessingdata

Data access routines reside within theapplication source


7/63


App source code

C++, Java, etc.

Routines foraccessing

data

Data access routines aremoved to the databasebackend


8/63


A. Debugging StoredProcedures

White box access to code.(Largely a developmenteffort.)

B. Testing an appsStored Procedures in theDB Backend

White box (Unit Test).

C. Creating and usingStored Procedures forTesting

Black or white box.


9/63


10/63


Create procedure uspValidateUser

(@userName varchar(50),

@userPass varchar(20))

as

select * from userswhere userName = @userName anduserPass=@userPass;


11/63


12/63

Create Procedure procedurename as

Begin

SQL-Statements

End;



13/63

SELECT text FROMUSER_SOURCEWHERE name = 'INPUTCOMMERCIAL2';

You can also check the status of the stored

procedure, such as whether or not it compiledproperly and is runnable by using this statement:

SELECT object_name, object_type,

statusFROMuser_objects

WHERE object_name ='INPUTCOMMERCIAL2';



14/63

T-SQL:

EXEC SP_HELPTEXT INPUTCOMMERCIAL;



15/63

CREATE Procedure procedurename

(parametername datatype, )

as

Begin

SQL-Statements

End;



16/63

SQL> execute inputCommercial2(&propid, &propname, &propdesc,

&loan);

Enter value for propid: 99Enter value for propname: 'prop1'

Enter value for propdesc: 'desc'

Enter value for loan: 50000



17/63

declarecursor get_prop_data is

SELECT id, name, description

from COMMERCIAL_PROPERTY;

for cl_rec in get_prop_data loop

/* code goes here */

end loop



18/63

Demo 1: Creating and testing a Simple Stored

Procedure



19/63


Testing storedprocedures using

SQL


20/63

Set up a test harness/ test bed which bypasses

the front End


GUI or Web

Front End

SQL Harness/

Test Bed


21/63

You can set up your tests for database values and

objects using Structured Query Language within theSQL*Plus and/or Query Analyzer environments.

To do this you create independent SQL statements.

In PL/SQL these are called anonymous, or unnamed, blocks.


Creating Test harnesses forAd hoc testing


22/63


Using nocount:

Set nocount on|off

Stops the message indicating thenumber of rows affected by aTransact-SQL statement from being

returned as part of the results.


23/63

set nocount on

select 'Starting Tests: ',current_timestamp;

delete commercial_property;

exec inputCommercial2 10, TestProp1',Test Description1', 22;

select * from Commercial_Property;

select 'Ending Tests: ',

current_timestamp;set nocount off



24/63

Using the declare statement: In PL/SQL variables are declared like this:

Declare

e_empno NUMBER := &Empnum;

e_exists varchar2(3) := 'NO ';

T-SQL:

declare @e_expected char(3),

@e_exists char(3) ;

set @e_expected = 'YES';

set @e_exists = 'NO ';



25/63

Declare

/* variable declarations */Begin

/* code */

End;



26/63

if exists(select * from COMMERCIAL_PROPERTY

where ID = 192)

select 'Test Pass: Property exists ';else

select 'Test Fail: Property doesnt exist ';



27/63

SQL 2000s T-SQL does not include exception

handling however you can check for system errorsusing the @@Error global variable.

If a system error is generated during a test, the@@Error variable is automatically loaded with theerror number.

You can check this value and take appropriate actionsuch as roll back a transaction, if necessary.

For testers this allows you to check for certainexpected kinds of errors.



28/63


29/63

Declare

Begin

/* code */

Exception

when NO_DATA_FOUND then

/* code */

End;



30/63


31/63

Demo 2: Testing stored procedures using a SQL

script



32/63


33/63

Can be stored within the target database orwithin a linked database

Can use test data stored within the databasefor a data driven test


Stored

Procedure

tests


34/63


35/63

SQL cursors:

DECLARE tnames_cursor CURSORFOR

SELECT au_lname FROM authors

OPEN tnames_cursorDECLARE @authname varchar(40)

FETCH NEXT FROM tnames_cursor INTO

@authname



36/63

/*testing using testdata tablevalues: */

for test_rec in get_test_data

loopinputCommercial2

(test_rec.id, test_rec.name,test_rec.description,test_rec.primary_loan_id);

end loop;



37/63

Demo 3:

Testing a stored procedure witha stored procedure



38/63

Basic functionality: Test input and output parameters using

standard techniques (boundary analysis, parametervalidation, etc.)

Should have error-handling and existence checks

Triggered stored procedure functionality Stored procedures which include queries that cover the

entire table i.e., table scans (performance)

SPs which return nothing (performance)

System/application errors returned to the user (Incompleteor ineffective or no error-handling)

Corrupt data resultsCopyright Sammamish Software

Services 2003. All rights reserved. 38


39/63


No use of transactions

Excess use of temp tables and cursors No data validation for required

parameters

No return of status Parameters:

Precision mismatches;

lack of default values Susceptibility to deliberate, destructive

attacks, such as SQL Injection attacks

Testers checklist:What to look for (cont)


40/63

DevPartner by CompuWare (DB2, Oracle,SQL Server)

Visual Studio .Net (for SQL Server)

SQL Navigator by Quest (for Oracle)

Quest Code Tester (Steven Feuerstein)

NUnit(Windows) JUnit (Unix) csUnit DbUnit



41/63

Scripting languages can be effectively utilized

to exercise stored procedures. VBScript

Perl

Ruby Javascript/Jscript

Data access languages: PHP or ADO



42/63

they typically have a light footprint, i.e., are easyon the test system.

they can directly and quickly emulate the callsbeing used by the application, especially if you

use the same scripting language as theapplication! (Be careful to avoid replicatingapplication development.)

test scripts are smaller, more focused and areable to isolate bugs better than using theapplication to do the test.



43/63

Dim conn, rsTestData, i, strMsg

Set conn = CreateObject("ADODB.Connection")

conn.Open

"Provider=MSDAORA.1;Password=tiger;User

ID=scott"Set rsTestData =

CreateObject("ADODB.Recordset")

rsTestData.CursorType = 1

rsTestData.Open "select * from EMP", conn

rsTestData.MoveFirst



44/63

my $conn =

$Wscript->CreateObject('ADODB.Connection');

$conn->Open('NWDsn');

if($conn->{State} == 1) {

$WScript->Echo("Connection Successful!")}

else {$WScript->Echo("Connection Failed");}my $adOpenKeySet_CursorType = 1;

my $rst = $WScript->CreateObject('ADODB.Recordset');

my $rst2 = $WScript->CreateObject('ADODB.Recordset')

$rst->Open('SELECT * FROM TestData', $conn,

$adOpenKeySet_CursorType);$WScript->Echo("There are ".$rst->{RecordCount}."records in the Recordset");



45/63

Php/Perl:

Open source software

Can run on Linux,Windows, Unix

systems Widely used; lots of

documentation

Perl Oracle modulehas issues

ADO/VBScript

Runs only on allWindows OS

Freely downloadable;

pre-installed onWindows

Widely used; lots ofdocumentation

My best choice forWindows



46/63


Introduction to databaseTriggers


47/63

Triggers are a special type of stored procedurethat is applied to tables.

Complex procedural data integrity methods andbusiness logic can be added to a database using

triggers. A trigger is a set of actions that execute

automatically whenever a specified event occurs

to a specified table. Events can be an insert, update, delete, or read operation.

The trigger can run before or after the event.



48/63

Referential Integrity Constraints should beused before Triggers

Complex procedural data integrity methodsand business logic can be added to a databaseusing triggers.

A single trigger can run multiple actions, and itcan be fired by more than one event. Forexample, you can create a single trigger that

runs when any valid event, INSERT, UPDATE,or DELETE occurs.



49/63

Triggers cannot be fired manually.

An important feature of triggers is thatunsuccessful transactions are automatically

rolled back.



50/63

CREATE TRIGGER reminderON Orders

FOR UPDATE

AS

select 'A row was just modified in the Orderstable';



51/63


CREATE TRIGGER trigger_name

ON table_name or v

FOR trigger_class and trigger_type(s)

AS SQL statements

The main clauses in a CREATE TRIGGER statement can besummarized as follows:


52/63

Triggers are an important way that business

logic is implemented in a database Triggers have automatic behavior that can be

complex and can cause significant damage if

incorrect Triggers are expensive and should be used

judiciously



53/63

Graph trigger effects Trigger effect graph

Design Test cases for each trigger effect Customer table test cases:

TC1: Add record to cust; Check custlog

TC2: Update cust record; Check custlog; check Orderstable TC3?


Table Trigger Events Affected Affected

Customers trgOrdUpd U Orders

trgCustLog U, D, I CustLogtbl

Orders trgOrdLog U, D, I OrdLogtbl


54/63

Map out trigger effects

Trigger effect map


Customerstable Orders

TableTrgOrdUpdTrgCustLog

Customer

log

table

Orderslog

table

TrgOrdLog


55/63

Sweeney:

Sweeney:


56/63

A trigger for logging table changes:

Create Trigger trgCustLog

on Customers

after update

as

begin

insert into custlogtbl

select current_timestamp, 'Updated', customerid fromdeleted;

end;


Sweeney:

Demotriggerlogexample.sql

Sweeney:

Demo

triggerlogexample.sql


57/63


58/63


Database Security: Testingfor database hacks


59/63


or 1=1; drop table user; --Username:

Password:

ABC Corp. Login Form:

Turns this query:

Select username from user where username = someuser

and pass = somepassInto this query:

Select username from user where username = or 1 = 1;

drop table user; -- and pass =


60/63


61/63


ReviewWhere do we go from here?


62/63


Module 1: Creating and testing basic stored

procedures

Module 2: Testing stored procedures usingSQL

Module 3: Using stored procedures fortesting

Module 4 : Introduction to Triggers

Module 5 : Testing for database hacks: theSQL Injection attack


63/63

Course on scripting language

Advanced RDBMS courses Resources in Appendix A

STQE www.sqe.com

QA forums Yahoo group: Agile databases


Date post:	30-May-2018
Category:	Documents
Upload:	neovik82
View:	223 times
Download:	0 times

Database Stored Procedures

Documents