C20.

0046: Database
Management Systems
Lecture #22
M.P. Johnson
Stern School of Business, NYU
Spring, 2005

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 1

Homework
 Project part 5
 Topic: web interface + any remaining loose ends
 Up now
 Due: end of semester

 Will return proj3 today

 Remind me!

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 2

Agenda
 Programming for SQL:
 DB-conn from web scripting languages
 DBI/DBDs in Perl, PHP

 Transactions

 Next: Security
 Secrecy
 Integrity
 Availability
 Web issues

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 3

Goals: after this week
 After Today:
 Have all the tools for building a DB-backed
website in Perl or PHP
 (but will it be secure?)

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 4

Review: PHP
Client
Program
HTTP
Request
Data for
program

HTML Generated
HTML

Server
Image from http://www.scit.wlv.ac.uk/~jphb/cp3024/
M.P. Johnson, DBMS, Stern/NYU, Spring 2005 5
Form example
<form
<formmethod="get"
method="get"action="">
action="">
Enter
Enteraanumber:
number:
<input
<inputtype="Text“
type="Text“name="number"><br>
name="number"><br>
<input
<inputtype="Submit"
type="Submit"name="submit"
name="submit"value="OK">
value="OK">
</form>
</form>

On clicking Send, we go to the same page, but with

“name=99&sumbit=OK”
http://pages.stern.nyu.edu/~mjohnson/dbms/perl/input.cgi
M.P. Johnson, DBMS, Stern/NYU, Spring 2005 6
Review: dynamic webpages
 First option: for each request: run program,
produce whole page, send back
 CGI & some host language, Java Servlets, etc.
 Second option: create html page with missing
parts; for each response, fill in the wholes
and send back
 Embedded scripting
 PHP and others
 PHP = Personal Home Page or
= PHP Hypertext Processor

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 7

hello.php
 http://pages.stern.nyu.edu/~mjohnson/dbms/php/hello.php

<html>
<html>
<head><title>Hello
<head><title>Hello from
from PHP</title>
PHP</title>
</head>
</head>
<body>
<body>
Here
Here is
is the
the PHP
PHP part:<BR><BR>
part:<BR><BR>
<?php
<?php print
print "Hello,
"Hello, World!<br>\n";
World!<br>\n"; ?>
?>
<br>That's
<br>That's it!
it!
</body></html>
</body></html>

 Q: What the difference between <br> and \n?

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 8

hello2.php
 Script errors, w/ and w/o display_errors on:
 http://pages.stern.nyu.edu/~mjohnson/dbms/perl/hello2.php
 http://pages.stern.nyu.edu/~mjohnson/dbms/php/hello2.php

 Local dir must contain .htaccess:

php_flag
php_flag display_errors
display_errors on
on
php_flag
php_flag register_globals
register_globals on
on
 Automatically load GET/POST params as vars
 http://pages.stern.nyu.edu/~mjohnson/dbms/php/.htaccess

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 9

More on PHP
 Somewhat C-like, somewhat Perl-like
 Case-sensitive
 Strings:
 Concatenation op: .
 Single, double quotes similar to Perl
 Comments:
 # Unix shell-style
 /* */ C-style
 // C++-style
 Output:
 echo(“hi there”);
 print(“hi there”);
 C’s printf
M.P. Johnson, DBMS, Stern/NYU, Spring 2005 10
PHP vars
 Similar to those of Perl, except no “my”
 http://pages.stern.nyu.edu/~mjohnson/dbms/php/math.php

<?
<?
$num1
$num1 == 58;
58;
$num2
$num2 == 67;
67;
print
print "First
"First number
number "" .. $num1
$num1 .. "<br>";
"<br>";
print
print "Second
"Second number
number "" .. $num2
$num2 .. "<br>";
"<br>";
$total
$total == $num1
$num1 ++ $num2;
$num2;
print
print "The
"The sum
sum is
is "" .. $total
$total .. "<br>";
"<br>";
?>
?>

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 11

Combining PHP and HTML
 http://pages.stern.nyu.edu/~mjohnson/dbms/php/combine.php

<?php
<?php
for($z=0;$z<=5;$z++)
for($z=0;$z<=5;$z++) {{
?>
?>
Iteration
Iteration number
number <?
<? == $z
$z ?><br>
?><br>
<?
<?
}}
?>
?>

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 12

PHP info
 PHP does not have both string and number
ops like Perl
 Number ops treat (number) strings as
numbers, regular strings as strings
 http://pages.stern.nyu.edu/~mjohnson/dbms/php/test.php

 Info function displays lots of server info:

 http://pages.stern.nyu.edu/~mjohnson/dbms/php/info.php

<?
<? phpinfo();
phpinfo(); ?>
?>

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 13

PHP & MySQL
 PHP 5 has a DBI/JDBC-like interface
 Our version/setup uses a proprietary lib:

1. Open a connection and open our DB:

$db
$db == mysql_connect("mysql2.stern.nyu.edu:3306",
mysql_connect("mysql2.stern.nyu.edu:3306",
user,
user, pass);
pass);
mysql_select_db("test",
mysql_select_db("test", $db);
$db);

2. Run query:
$result
$result == mysql_query($query,$db);
mysql_query($query,$db);
M.P. Johnson, DBMS, Stern/NYU, Spring 2005 14
PHP & MySQL
3. Extract next row of data from statement, if
available:
$myrow
$myrow == mysql_fetch_row($result)
mysql_fetch_row($result)
 What this means: myrow is an array that can
then be accessed
 Other options, but this should suffice
 In general, to scroll through results, do:
while
while ($myrow
($myrow == mysql_fetch_row($result))
mysql_fetch_row($result))
## print
print row’s
row’s data
data

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 15

Limit: PHP webpages that do
something
 Semi-interesting Perl script:
 http://pages.stern.nyu.edu/~mjohnson/dbms/php/lookup.php
 Non-trivial but not huge: ~60 lines, but much of it’s
plain html
 Works with two-column (a,b) table
 Takes input from user
 Returns rows whose a field contains value
 If no/empty input, returns all rows
 Bad idea in general!

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 16

lookup.php: port of lookup.cgi
 Two possible situations for running script:
1. Page opened for the first time
2. User entered parameter and pressed button
 Structure of file:
1. Print input box and button for next search
 On button click, parameter is sent to this page’s url
2. (Try to) read input parameter
3. Open MySQL connection
4. Run query
5. Print results in a table
6. Disconnect from MySQL

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 17

Insert/delete Perl/PHP example
 Similar to search example

 NB: form has two buttons

 http://pages.stern.nyu.edu/~mjohnson/dbms/perl/update.cgi
 http://pages.stern.nyu.edu/~mjohnson/dbms/perl/updatecgi.txt

 http://pages.stern.nyu.edu/~mjohnson/dbms/php/update.php
 http://pages.stern.nyu.edu/~mjohnson/dbms/php/updatephp.txt

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 18

Master-detail Perl/PHP example
 Idea: display list of regions;
 When region clicked on, display its countries

 Mechanism: pass GET param in link, not with a

FORM

 http://pages.stern.nyu.edu/~mjohnson/dbms/php/cia.php?id=
 http://pages.stern.nyu.edu/~mjohnson/dbms/php/ciaphp.txt

 http://pages.stern.nyu.edu/~mjohnson/dbms/perl/cia.cgi
 http://pages.stern.nyu.edu/~mjohnson/dbms/perl/cia.pl

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 19

Tutorials on PHP
 Some material drawn from the following good tutorials:
 http://php.net

 PHP introduction and examples:

 http://www.scit.wlv.ac.uk/~jphb/sst/php/
 Interactive PHP with database access:
 http://www.scit.wlv.ac.uk/~jphb/sst/php/gazdb.html
 Longer PHP/MySQL Tutorial from webmonkey:
 http://hotwired.lycos.com/webmonkey/99/21/index2a.html

 Nice insert/update/delete example from webmonkey:

 http://hotwired.lycos.com/webmonkey/99/21/index3a.html
 MySQL/Perl/PHP page from U-Wash:
 http://www.washington.edu/computing/web/publishing/mysql-script.html

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 20

Pros & cons
 PHP v. Perl v. Java servlets v. …:
 http://www.developerspot.com/tutorials/php/server
-side-scripting-language/

 PHP is fast
 Perl has JDBC-like DBI/DBD interface
 PHP is fast
 Perl is good for much more than web dev

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 21

Advice for use of novel languages
1. Rerun often
 Don’t write the whole thing and then try to run

2. Use frequent prints to be sure of var vals

 (While debugging)

3. When stuck, picture continuum from your current

program to some other program
 other prog. works but doesn’t do what you want
 change either/both, step by step, until they meet in the
middle

4. Google is your friend

 Search for error messages, situations
M.P. Johnson, DBMS, Stern/NYU, Spring 2005 22
That’s really all, folks!
 Q: Is this enough to get a job coding PHP?
 A: Again, probably not.
 But: most jobs are just programming-in-PHP or
administering-Oracle
 Being able to acquire new skills when needed is a good thing

 But: again pretty easy to produce a semi-interested site

with a few copies of lookup.php and cia.php.

 Don’t like PHP either?

 Lots of other choices, but again, you’re strongly
discouraged from using something else for your project
unless you know what you’re doing.
M.P. Johnson, DBMS, Stern/NYU, Spring 2005 23
New-old topic: Transactions
 So far, have simply issued commands
 Ignored xacts

 Recall, though: an xact is an operation/set of

ops executed atomically
 In one instant
 ACID test:
 Xacts are atomic
 Each xact (not each statement) must leave the DB
consistent
M.P. Johnson, DBMS, Stern/NYU, Spring 2005 24
Default xact behavior
 An xact begins upon login
 By default, xact lasts until logoff
 Except for DDL statements
 They automatically commit

 Examples with two views of emp…

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 25

Direct xact instructions
 At any point, may explicitly COMMIT:
 SQL> COMMIT;
 Saves all statements entered up to now
 Begins new xact

 Conversely, can ROLLBACK

 SQL> ROLLBACK;
 Cancels all statements entered since start of xact

 Example: delete from emp; or delete junk;

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 26

Direct xact instructions
 Remember, DDL statements are auto-
committed
  They cannot be rollbacked

drop
drop table
table junk;
junk;
 Examples: rollback;
rollback;
truncate
truncate table
table junk;
junk;
rollback;
rollback;

 Q: Why doesn’t rollback “work”?

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 27
Savepoints
 Xacts are atomic
 Can rollback to beginning of current xact

 But might want to rollback only part way

 Make 10 changes, make one bad change

 Want to: roll back to before last change

 Don’t have Word-like multiple undo

 But do have savepoints

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 28

Savepoints
 Create a savepoint: SAVEPOINT
SAVEPOINT savept_name;
savept_name;

--changes
--changes
 emp example: SAVEPOINT
SAVEPOINT sp1;
sp1;
--changes
--changes
 Can skip savepoints SAVEPOINT
SAVEPOINT sp2;
sp2;
 But can ROLLBACK --changes
--changes
only backwards SAVEPOINT
SAVEPOINT sp3
sp3
--changes
--changes
 Can ROLLBACK
ROLLBACK
ROLLBACK TO
TO sp2;
sp2;
only to last COMMIT ROLLBACK TO sp1;
ROLLBACK TO sp1;

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 29

AUTOCOMMIT
 Finally, can turn AUTOCOMMIT on:
 SQL> SET AUTOCOMMIT ON;
 Can put this in your config file
 Can specify through JDBC, etc.

 Then each statement is auto-committed as its

own xact
 Not just DDL statements

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 30

For next time
 Read chapter 21
 Lots of interesting security topics

 Start proj5!

M.P. Johnson, DBMS, Stern/NYU, Spring 2005 31