1MoSQLMoSQLMoskyMosky
2More than SQL, but Less than ORMMore than SQL, but Less than ORMMoSQLMoSQL
3OutlineOutline● Why not SQL?Why not SQL?● Why ORM?Why ORM?● MoSQLMoSQL– SQL BuildersSQL Builders– Model of Result SetMode...
4Why not SQL?Why not SQL?
5SQL SyntaxSQL Syntax● SELECT * FROM article;SELECT * FROM article;● SELECT * FROM article LIMIT 1;SELECT * FROM article L...
6!@#$%!@#$%
7SQL InjectionSQL Injection● ) or 1=1) or 1=1●  or true; -- or true; --●  or 1=1; -- or 1=1; --●  or 2=2; -- or 2=2; --●  ...
8It may be hacker friendly.It may be hacker friendly.
9SQL seems ancient, but ...SQL seems ancient, but ...
10using SQL is theusing SQL is the FASTESTFASTEST way.way.
11Why ORM?Why ORM?
12ORM SyntaxORM Syntaxclass User(Base):class User(Base):__tablename__ = users__tablename__ = usersname = Column(String)nam...
13ORM Syntax (cont.)ORM Syntax (cont.)>>> fake_user = User(fakeuser, Invalid,>>> fake_user = User(fakeuser, Invalid,12345)...
14hmmm …hmmm …
15SQL InjectionSQL Injection●  or true; -- or true; --●  or 1=1; -- or 1=1; --●  or 1=1; # or 1=1; #●  or 1=1; /* or 1=1; ...
16Its good!Its good!
17ORM seems modern, but ...ORM seems modern, but ...
18the most of ORMs are SLOW.the most of ORMs are SLOW.
19SQL < ______ < ORMSQL < ______ < ORM
20SQL < MoSQL < ORMSQL < MoSQL < ORM
21SQL BuildersSQL Builders
22SQL Builders (cont.)SQL Builders (cont.)>>> from mosql.build import *>>> from mosql.build import *>>>>>> select(pycon)se...
23SQL Builders (cont.)SQL Builders (cont.)>>> insert(pycon,>>> insert(pycon, {yr: 2013, id: masky}{yr: 2013, id: masky}))I...
24SQL Builders (cont.)SQL Builders (cont.)● insert(table,insert(table, setset, …), …)● select(table,select(table, wherewhe...
25If you like it,If you like it,
26sudo pip install mosqlsudo pip install mosql
27Model of Result SetModel of Result Set
28Model: Configure ConnectionModel: Configure Connectionimport psycopg2.poolimport psycopg2.poolfrom mosql.result import M...
29Model: Set the Name of TableModel: Set the Name of Tableclass Person(PostgreSQL):class Person(PostgreSQL):table = person...
30Model: Make QueriesModel: Make QueriesPerson.Person.selectselect({person_id: mosky})({person_id: mosky})Person.Person.in...
31Model: Squash ColumnsModel: Squash Columnsclass Person(PostgreSQL):class Person(PostgreSQL):table = persontable = person...
32Model: ArrangeModel: Arrangeclass Person(PostgreSQL):class Person(PostgreSQL):......arrange_by = (person_id, )arrange_by...
33Model: Arrange (cont.)Model: Arrange (cont.)>>> for detail in>>> for detail in DetailDetail.arrange({person_id:.arrange(...
34Model: FindModel: Findclass Person(PostgreSQL):class Person(PostgreSQL):......arrange_by = (person_id, )arrange_by = (pe...
35Model: Identify a RowModel: Identify a Rowclass Person(PostgreSQL):class Person(PostgreSQL):......ident_by = (person_id,...
36Model: ModificationModel: Modification>>> p = Person.where(person_id=mosky)>>> p = Person.where(person_id=mosky)>>>>>> p...
37Model: Pop and AppendModel: Pop and Append>>> d = Detail.where(>>> d = Detail.where(person_id=mosky, key=emailperson_id=...
38Model: Default ClausesModel: Default Clausesclass Person(PostgreSQL):class Person(PostgreSQL):......clauses = dict(claus...
39PerformancePerformance●AboutAbout 4x4x faster than SQLAlchemy.faster than SQLAlchemy.● Just a little bit slower than pur...
40SecuritySecurity● Security by default.Security by default.● Use escaping technique.Use escaping technique.● Prevent SQL ...
41ConclusionConclusion● Easy-to-LearnEasy-to-Learn● ConvenientConvenient● FasterFaster● SecureSecure● sudo pip install mos...
Upcoming SlideShare
Loading in …5
×

MoSQL: More than SQL, but less than ORM

1,192 views

Published on

** Please visit https://speakerdeck.com/mosky/mosql-more-than-sql-but-less-than-orm-at-pycon-apac-2013 for the newer slide. :)

It is the slides of the talk, "MoSQL: More than SQL, but Less than ORM", at PyCon TW 2013.

About MoSQL:

MoSQL is a Python library which lets you use common Python’s data structures to build SQLs, and provides a convenient model of result set.

http://mosql.mosky.tw/

Published in: Software, Business
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,192
On SlideShare
0
From Embeds
0
Number of Embeds
31
Actions
Shares
0
Downloads
12
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

MoSQL: More than SQL, but less than ORM

  1. 1. 1MoSQLMoSQLMoskyMosky
  2. 2. 2More than SQL, but Less than ORMMore than SQL, but Less than ORMMoSQLMoSQL
  3. 3. 3OutlineOutline● Why not SQL?Why not SQL?● Why ORM?Why ORM?● MoSQLMoSQL– SQL BuildersSQL Builders– Model of Result SetModel of Result Set● ConclusionConclusion
  4. 4. 4Why not SQL?Why not SQL?
  5. 5. 5SQL SyntaxSQL Syntax● SELECT * FROM article;SELECT * FROM article;● SELECT * FROM article LIMIT 1;SELECT * FROM article LIMIT 1;● add “ ORDER BY created ”?add “ ORDER BY created ”?● add “ OFFSET 10 ”?add “ OFFSET 10 ”?● add “ GROUP BY author ”?add “ GROUP BY author ”?● Is “ UPDATE article WHERE title=SQL SETIs “ UPDATE article WHERE title=SQL SETtitle=ORM ” correct?title=ORM ” correct?
  6. 6. 6!@#$%!@#$%
  7. 7. 7SQL InjectionSQL Injection● ) or 1=1) or 1=1● or true; -- or true; --● or 1=1; -- or 1=1; --● or 2=2; -- or 2=2; --● or str=str; -- or str=str; --● ……
  8. 8. 8It may be hacker friendly.It may be hacker friendly.
  9. 9. 9SQL seems ancient, but ...SQL seems ancient, but ...
  10. 10. 10using SQL is theusing SQL is the FASTESTFASTEST way.way.
  11. 11. 11Why ORM?Why ORM?
  12. 12. 12ORM SyntaxORM Syntaxclass User(Base):class User(Base):__tablename__ = users__tablename__ = usersname = Column(String)name = Column(String)fullname = Column(String)fullname = Column(String)password = Column(String)password = Column(String)
  13. 13. 13ORM Syntax (cont.)ORM Syntax (cont.)>>> fake_user = User(fakeuser, Invalid,>>> fake_user = User(fakeuser, Invalid,12345)12345)>>> session.add(fake_user)>>> session.add(fake_user)>>> for row in session.query(User,>>> for row in session.query(User,User.name).all():User.name).all():... print row.User, row.name... print row.User, row.name
  14. 14. 14hmmm …hmmm …
  15. 15. 15SQL InjectionSQL Injection● or true; -- or true; --● or 1=1; -- or 1=1; --● or 1=1; # or 1=1; #● or 1=1; /* or 1=1; /*● ) or 1=1) or 1=1● ……● SaferSafer
  16. 16. 16Its good!Its good!
  17. 17. 17ORM seems modern, but ...ORM seems modern, but ...
  18. 18. 18the most of ORMs are SLOW.the most of ORMs are SLOW.
  19. 19. 19SQL < ______ < ORMSQL < ______ < ORM
  20. 20. 20SQL < MoSQL < ORMSQL < MoSQL < ORM
  21. 21. 21SQL BuildersSQL Builders
  22. 22. 22SQL Builders (cont.)SQL Builders (cont.)>>> from mosql.build import *>>> from mosql.build import *>>>>>> select(pycon)select(pycon)SELECT * FROM "pycon"SELECT * FROM "pycon">>> select(pycon,>>> select(pycon, {id: mosky}{id: mosky}))SELECT * FROM "pycon" WHERE "id" = moskySELECT * FROM "pycon" WHERE "id" = mosky
  23. 23. 23SQL Builders (cont.)SQL Builders (cont.)>>> insert(pycon,>>> insert(pycon, {yr: 2013, id: masky}{yr: 2013, id: masky}))INSERT INTO "pycon" ("id", "yr") VALUES (masky, 2013)INSERT INTO "pycon" ("id", "yr") VALUES (masky, 2013)>>> update(pycon,>>> update(pycon,...... where={id: masky}where={id: masky},,...... set ={id: mosky}set ={id: mosky}... )... )UPDATE "pycon" SET "id"=mosky WHERE "id" = maskyUPDATE "pycon" SET "id"=mosky WHERE "id" = masky
  24. 24. 24SQL Builders (cont.)SQL Builders (cont.)● insert(table,insert(table, setset, …), …)● select(table,select(table, wherewhere, …), …)● update(table,update(table, wherewhere,, setset, …), …)● delete(table,delete(table, wherewhere, …), …)● ......
  25. 25. 25If you like it,If you like it,
  26. 26. 26sudo pip install mosqlsudo pip install mosql
  27. 27. 27Model of Result SetModel of Result Set
  28. 28. 28Model: Configure ConnectionModel: Configure Connectionimport psycopg2.poolimport psycopg2.poolfrom mosql.result import Modelfrom mosql.result import Modelpool = psycopg2.pool.SimpleConnectionPool(1, 5,pool = psycopg2.pool.SimpleConnectionPool(1, 5,database=mosky)database=mosky)class PostgreSQL(Model):class PostgreSQL(Model):getconn = pool.getconngetconn = pool.getconnputconn = pool.putconnputconn = pool.putconn
  29. 29. 29Model: Set the Name of TableModel: Set the Name of Tableclass Person(PostgreSQL):class Person(PostgreSQL):table = persontable = person>>> Person.select(>>> Person.select({person_id: mosky}{person_id: mosky})){name: [Mosky Liu], person_id: [mosky]}{name: [Mosky Liu], person_id: [mosky]}>>> Person.where(person_id=>>> Person.where(person_id=(andy, mosky)(andy, mosky))){name: [Andy Warhol, Mosky Liu], person_id:{name: [Andy Warhol, Mosky Liu], person_id:[andy, mosky]}[andy, mosky]}
  30. 30. 30Model: Make QueriesModel: Make QueriesPerson.Person.selectselect({person_id: mosky})({person_id: mosky})Person.Person.insertinsert({person_id: tina})({person_id: tina})Person.Person.updateupdate((where={person_id: mosky},where={person_id: mosky},set ={name : Yiyu Liu}set ={name : Yiyu Liu}))Person.Person.deletedelete({person_id: tina})({person_id: tina})
  31. 31. 31Model: Squash ColumnsModel: Squash Columnsclass Person(PostgreSQL):class Person(PostgreSQL):table = persontable = personsquashed = set([person_id, name])squashed = set([person_id, name])>>> Person.select({person_id: mosky})>>> Person.select({person_id: mosky}){name:{name: Mosky LiuMosky Liu, person_id:, person_id: moskymosky}}>>> Person.where(person_id=(andy, mosky))>>> Person.where(person_id=(andy, mosky)){name:{name: Andy WarholAndy Warhol, person_id:, person_id: andyandy}}
  32. 32. 32Model: ArrangeModel: Arrangeclass Person(PostgreSQL):class Person(PostgreSQL):......arrange_by = (person_id, )arrange_by = (person_id, )>>> for person in Person.arrange(>>> for person in Person.arrange({person_id:{person_id:(andy, mosky)}(andy, mosky)}):):... print person... print person{name: Andy Warhol, person_id: andy}{name: Andy Warhol, person_id: andy}{name: Mosky Liu, person_id: mosky}{name: Mosky Liu, person_id: mosky}
  33. 33. 33Model: Arrange (cont.)Model: Arrange (cont.)>>> for detail in>>> for detail in DetailDetail.arrange({person_id:.arrange({person_id:(mosky, andy)}):(mosky, andy)}):... print detail... print detail......{detail_id: [5],{detail_id: [5],key: email,key: email,person_id: andy,person_id: andy,val: [andy@gmail.com]}val: [andy@gmail.com]}......
  34. 34. 34Model: FindModel: Findclass Person(PostgreSQL):class Person(PostgreSQL):......arrange_by = (person_id, )arrange_by = (person_id, )>>> for person in Person.>>> for person in Person.findfind((person_id=(andy,person_id=(andy,mosky)mosky)):):... print person... print person{name: Andy Warhol, person_id: andy}{name: Andy Warhol, person_id: andy}{name: Mosky Liu, person_id: mosky}{name: Mosky Liu, person_id: mosky}
  35. 35. 35Model: Identify a RowModel: Identify a Rowclass Person(PostgreSQL):class Person(PostgreSQL):......ident_by = (person_id, )ident_by = (person_id, )
  36. 36. 36Model: ModificationModel: Modification>>> p = Person.where(person_id=mosky)>>> p = Person.where(person_id=mosky)>>>>>> p[name] = Yiyu Liup[name] = Yiyu Liu>>>>>> p.name = Yiyu Liup.name = Yiyu Liu>>> p.save()>>> p.save()>>> d =>>> d = DetailDetail.where(.where(person_id=mosky, key=emailperson_id=mosky, key=email))>>>>>> p[val][0] = <modified email>p[val][0] = <modified email>>>>>>> p.val[0] = <modified email>p.val[0] = <modified email>>>> p.save()>>> p.save()
  37. 37. 37Model: Pop and AppendModel: Pop and Append>>> d = Detail.where(>>> d = Detail.where(person_id=mosky, key=emailperson_id=mosky, key=email))>>>>>> p.pop(-1)p.pop(-1)>>>>>> p.append({val: <new mail>})p.append({val: <new mail>})>>> p.save()>>> p.save()
  38. 38. 38Model: Default ClausesModel: Default Clausesclass Person(PostgreSQL):class Person(PostgreSQL):......clauses = dict(clauses = dict(order_by=(person_id, )order_by=(person_id, )))
  39. 39. 39PerformancePerformance●AboutAbout 4x4x faster than SQLAlchemy.faster than SQLAlchemy.● Just a little bit slower than pure SQL.Just a little bit slower than pure SQL.
  40. 40. 40SecuritySecurity● Security by default.Security by default.● Use escaping technique.Use escaping technique.● Prevent SQL injection from both valuePrevent SQL injection from both valueand identifier.and identifier.● Passed the tests fromPassed the tests from sqlmapsqlmap at level=5at level=5and risk=3.and risk=3.
  41. 41. 41ConclusionConclusion● Easy-to-LearnEasy-to-Learn● ConvenientConvenient● FasterFaster● SecureSecure● sudo pip install mosqlsudo pip install mosql● http://mosql.mosky.tw/http://mosql.mosky.tw/● Welcome to fork!Welcome to fork!

×