ppt

545 views

Published on

  • Be the first to comment

  • Be the first to like this

ppt

  1. 1. Databases and the Web By David Drake ITC-RCSC (Research Computing Support Center) 244 Wilson Hall October 17, 2001
  2. 2. Databases and the Web <ul><li>Databases in Abstract </li></ul><ul><li>Creating Databases using Relational DataBase Management Systems (RDBMSs) </li></ul><ul><li>Databases and Web Interfaces </li></ul>
  3. 3. <ul><li>Databases in Abstract </li></ul><ul><li>Definition: </li></ul><ul><ul><li>A database is an organized collection of data whose content must be quickly and easily </li></ul></ul><ul><ul><ul><li>Accessed </li></ul></ul></ul><ul><ul><ul><li>Managed </li></ul></ul></ul><ul><ul><ul><li>Updated </li></ul></ul></ul><ul><ul><li>A relational database is one whose data are split up into tables , sometimes called relations </li></ul></ul>
  4. 4. <ul><li>First Normal Form ( 1NF ) </li></ul><ul><ul><li>All attributes are single valued & non-repeating </li></ul></ul><ul><li>2NF </li></ul><ul><ul><li>Must be 1NF & must have primary key </li></ul></ul><ul><ul><li>Each non-primary key attribute must be functionally dependent on primary key </li></ul></ul><ul><li>3NF </li></ul><ul><ul><li>Must be 2NF </li></ul></ul><ul><ul><li>Each non-primary key attribute must be dependent only on primary key </li></ul></ul>Normalization
  5. 5. Tables <ul><li>Each column constitutes an attribute </li></ul><ul><li>Each row constitutes a record or tuple </li></ul>Attribute 2 (column 2) Record 2 (tuple 2) Record 1 (tuple 1) Attribute 1 (column 1)
  6. 6. <ul><li>Primary </li></ul><ul><ul><li>An attribute or group of attributes which uniquely identifies each record in a table </li></ul></ul><ul><ul><li>May not be a Null value </li></ul></ul><ul><li>Foreign </li></ul><ul><ul><li>used primarily for enforcing referential integrity, but also for establishing relationships between the two tables </li></ul></ul>Keys
  7. 7. <ul><li>One-to-one (1-to-1) </li></ul><ul><li>One-to-many (1-to-M or 1-to-  ) </li></ul><ul><li>Many-to-Many (M-to-M or  -to-  ) </li></ul>Relationships
  8. 8. Structured Query Language (SQL) <ul><li>Pronounce “Sequel” or “Ess Que Ell” </li></ul><ul><li>Industry standard language of (Relational) Databases </li></ul><ul><li>Allows for complete </li></ul><ul><ul><li>Table Creation, Deletion, Editing </li></ul></ul><ul><ul><li>Data extraction (Queries) </li></ul></ul><ul><ul><li>Database management & administration </li></ul></ul>
  9. 9. <ul><li>Creating Databases using RDBMSs </li></ul><ul><li>Microsoft Access </li></ul><ul><ul><li>Creating Tables </li></ul></ul><ul><ul><li>Entering, Importing, Editing, & Viewing Data </li></ul></ul><ul><ul><li>Defining Relationships </li></ul></ul><ul><ul><li>Constructing Queries </li></ul></ul><ul><li>MySQL … ( Documentation ) </li></ul><ul><ul><li>Where to put it (servers at UVa) </li></ul></ul><ul><ul><li>Ditto MS Access </li></ul></ul><ul><li>Others </li></ul><ul><ul><li>mSQL, PostGreSQL, Oracle, DB2, Informix, Sybase, Empress, Adabas… </li></ul></ul>
  10. 10. <ul><li>Databases and Web Interfaces </li></ul><ul><li>What a Web-Interface for a Database involves </li></ul><ul><ul><li>Your database (Access, MySQL) </li></ul></ul><ul><ul><li>A Web server (html) </li></ul></ul><ul><ul><li>A way of connecting the two (CGI scripts and SQL) </li></ul></ul><ul><ul><li>Security concerns </li></ul></ul>
  11. 11. Where to put your Database and Scripts <ul><li>Academic side of UVa </li></ul><ul><ul><li>Access </li></ul></ul><ul><ul><ul><li>ESERVICES es-web1 (web.virginia.edu) </li></ul></ul></ul><ul><ul><li>MySQL </li></ul></ul><ul><ul><ul><li>MySQL server (dbm1.itc.virginia.edu) </li></ul></ul></ul><ul><ul><ul><li>Home directory (blue.unix, faculty, curry, avery, minerva – www.virginia.edu, jm.acs – www.itc.virginia.edu) </li></ul></ul></ul><ul><li>Medical side of UVa </li></ul><ul><ul><li>See the UVa Health System’s Web Development Center </li></ul></ul>
  12. 12. Active Server Pages (ASP) <ul><li>When a browser calls an ASP document, the ASP Server reads the .asp document and </li></ul><ul><ul><li>Substitutes appropriate files for the (server-side) include statements </li></ul></ul><ul><ul><li>Runs the ASP code (Visual Basic Script – see the Tutorial and Language Reference , …) </li></ul></ul><ul><ul><li>Returns the resulting HTML code to the browser </li></ul></ul><ul><li>Example </li></ul>
  13. 13. ASP Key Points (1) <ul><li>ASP code enclosed in: <% ASP code %> </li></ul><ul><li>Everything outside is HTML </li></ul><ul><li>The result of the combined HTML and ASP code must be a “standard” HTML document, e.g.: </li></ul><ul><ul><li><!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.0 Final//EN&quot;> <html> <head> <title>Miracle Drug Study</title> <meta name=&quot;Description&quot; content=&quot;&quot;> <meta name=&quot;Keywords&quot; content=&quot;&quot;> <link rel=STYLESHEET type=&quot;text/css&quot; href=&quot;&quot;> </head> <body> </body> </html> </li></ul></ul>
  14. 14. ASP Key Points (2) <ul><li>Connect with database: </li></ul><ul><ul><li>Create connection object: </li></ul></ul><ul><ul><ul><li>set conn = Server.CreateObject(&quot;ADODB.Connection&quot;) </li></ul></ul></ul><ul><ul><li>Open connection: </li></ul></ul><ul><ul><ul><li>conn.open(&quot;Provider=Microsoft.Jet.OLEDB.4.0;Data Source=f:webdatabase escompstudy.mdb&quot;) </li></ul></ul></ul><ul><li>Submit Query: </li></ul><ul><ul><li>Generate SQL statement: </li></ul></ul><ul><ul><ul><li>SQL = &quot;SELECT FirstName, LastName, DOB, Gender FROM Patients WHERE Gender = '&quot; & Gender & &quot;' ORDER BY FirstName DESC&quot; </li></ul></ul></ul><ul><ul><li>set Patients = conn.execute(SQL) </li></ul></ul>
  15. 15. ASP Key Points (3) <ul><li>Add to or edit table: </li></ul><ul><ul><li>Create and open Record Set object: </li></ul></ul><ul><ul><ul><li>set RS = Server.CreateObject(&quot;ADODB.Recordset&quot;) RS.Open &quot;Treatment&quot;, conn, , adLockOptimistic, adCmdTable </li></ul></ul></ul><ul><ul><li>Create new record, Edit, & Update: </li></ul></ul><ul><ul><ul><li>RS.AddNew RS(“Dosage”) = 200 RS.Update </li></ul></ul></ul>
  16. 16. ASP Key Points (4) <ul><li>Add to or edit table (continued): </li></ul><ul><ul><li>Or Find desired record, Edit, & Update : </li></ul></ul><ul><ul><ul><li>do while NOT RS.eof if RS(“ID”) = 7 then RS(“Dosage”) = 200 RS.Update else RS.MoveNext end if loop </li></ul></ul></ul>
  17. 17. ASP Key Points (5) <ul><li>Clean up (free server resources) when done: </li></ul><ul><ul><li>Queries: </li></ul></ul><ul><ul><ul><li>Patients.Close set Patients = nothing </li></ul></ul></ul><ul><ul><li>Record Sets: </li></ul></ul><ul><ul><ul><li>RS.Close set RS = nothing </li></ul></ul></ul><ul><ul><li>The Connection: </li></ul></ul><ul><ul><ul><li>conn.close set conn = nothing </li></ul></ul></ul>
  18. 18. ASP Security <ul><li>Apart from various Internet Information Services (IIS – Window’s Web service) security holes (for viruses and worms), security is quite good. </li></ul><ul><li>Use http s :// if you want to protect content over the Web – provides Secure Socket Layer (SSL) security </li></ul>
  19. 19. PHP: Hypertext Preprocessor ( PHP ) <ul><li>Server-side </li></ul><ul><li>Cross-platform </li></ul><ul><li>HTML embedding scripting language (see the PHP online manual </li></ul><ul><li>Example 1 , Example 2 </li></ul>
  20. 20. PHP Key Points (1) <ul><li>PHP code enclosed in <?php PHP code ?> or <? PHP code ?> </li></ul><ul><li>Everything outside is HTML </li></ul><ul><li>Output is (generally) to a browser requiring standard HTML </li></ul>
  21. 21. PHP Key Points (2) <ul><li>Connecting with RDBMS and editing, adding, and deleting databases therein are all done through PHP functions </li></ul><ul><li>Connect with MySQL RDBMS </li></ul><ul><ul><li>mysql_connect($hostName, $userName, $password) or die(&quot;Unable to connect to host $hostName&quot;); </li></ul></ul><ul><li>Connect with database </li></ul><ul><ul><li>mysql_select_db($dbName) or die(&quot;Unable to select database $dbName&quot;); </li></ul></ul>
  22. 22. PHP Key Points (2) <ul><li>Queries: Nearly all table interaction and management is done through queries: </li></ul><ul><li>Basic information searches </li></ul><ul><ul><li>$SQL = &quot;SELECT FirstName, LastName, DOB, Gender FROM Patients WHERE Gender = '$Gender‘ ORDER BY FirstName DESC&quot;; $Patients = mysql_query($SQL); </li></ul></ul><ul><li>Editing, adding, and deleting records and tables </li></ul><ul><ul><li>$SQL = &quot;INSERT INTO Patients (FirstName, LastName) VALUES('$firstName', '$lastName')&quot;; $Patients = mysql_query($SQL); </li></ul></ul>
  23. 23. PHP Key Points (3) <ul><li>Cleaning up: close the database connection </li></ul><ul><ul><li>mysql_close(); </li></ul></ul>
  24. 24. PHP/MySQL Security <ul><li>PHP/MySQL can be made secure apart from one serious flaw as implemented at UVa: </li></ul><ul><ul><li>Because web files must be readable by the world (unix permissions), anyone with an account on the server where you run the php code can see the code, including your MySQL $password. </li></ul></ul><ul><ul><li>A couple of exceptions to this flaw are as follows: </li></ul></ul><ul><ul><ul><li>If you secure your server so that there are no other users on it </li></ul></ul></ul><ul><ul><ul><li>If you use Perl instead, compile it, and then hide or remove your source code containing the MySQL password </li></ul></ul></ul><ul><ul><ul><li>One other possible poor to fair workaround: use .htaccess to password protect your php directory </li></ul></ul></ul><ul><ul><li>See the passwords link </li></ul></ul>
  25. 25. Practical Extraction and Report Language ( Perl ) a.k.a Pathologically Eclectic Rubbish Lister <ul><li>Ubiquitous </li></ul><ul><ul><li>Originally designed to be a better general purpose tool than a Unix shell, it has grown and spread to be support from Windows to Macintosh to VMS. </li></ul></ul><ul><li>Cryptic </li></ul>
  26. 26. Perl Key Points (1) <ul><li>First Line must specify the location of the Perl engine (The DBI module will not work for “#!/usr/local/bin /perl” – see below): </li></ul><ul><ul><li>#!/usr/local/bin/perl5 -w </li></ul></ul><ul><li>First printed line must be the following if you want it to respond to go to a browser: </li></ul><ul><ul><li>print &quot;Content-type: text/html &quot;; </li></ul></ul>
  27. 27. Perl Key Points (2) <ul><li>Modules </li></ul><ul><li>You *must* use the DBI module which allows you to interface with the database (see DBI link 1 & DBI link 2 ) </li></ul><ul><ul><li>use DBI; </li></ul></ul><ul><li>You should also make use of the CGI module </li></ul><ul><ul><li>use CGI; </li></ul></ul>
  28. 28. Perl Key Points (3) <ul><li>Set the usual parameters: </li></ul><ul><ul><li>my $hostname = &quot;dbm1.itc.virginia.edu&quot;; my $username = &quot;dld5s&quot;; # &quot;my&quot; defines a local variable my $username = &quot;dld5s&quot;; my $password = &quot;ias!&quot;; my $database = $username . &quot;_study&quot;; # = dld5s_study my $data_source = &quot;DBI:mysql:$database:$hostname&quot;; </li></ul></ul><ul><li>Connect to the database: </li></ul><ul><ul><li>my $dbh = DBI->connect($data_source, $username, $password) or die &quot;Can't connect to $data_source: $DBI::errstr &quot;; </li></ul></ul>
  29. 29. Perl Key Points (4) <ul><li>Define the SQL statement and execute </li></ul><ul><ul><li>my $SQL = &quot;SELECT FirstName, LastName, DOB, Gender FROM Patients WHERE Gender = '$Gender‘ ORDER BY FirstName DESC&quot;; my $sth = $dbh->prepare($SQL) or die &quot;Unable to prepare $SQL: dbh->errstr &quot;; $sth->execute or die &quot;Unable to execute query: $dbh->errstr &quot;; </li></ul></ul><ul><li>Clean up </li></ul><ul><ul><li>$sth->finish; $dbh->disconnect; </li></ul></ul>
  30. 30. Other Resources <ul><li>MySQL by DuBois (New Riders) </li></ul><ul><li>MySQL & mSQL byYarger, Reese, & King </li></ul><ul><li>Beginning PHP4 by Blan, Choi, et. al (Wrox) </li></ul><ul><li>Learning Perl by Schwartz & Christiansen (O’Reilly) </li></ul><ul><li>{ Active Server Pages 3.0 by Mitchell & Atkinson (Sams)} </li></ul><ul><li>ITC Desktop Web pages </li></ul>

×