MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013

889 views

Published on

It is the slides of the talk, "MoSQL: More than SQL, but Less than ORM", at PyCon APAC 2013. It introduces MoSQL after v0.6.

About MoSQL:

MoSQL is a Python library which lets you use common Python’s data structures to build SQLs.

http://mosql.mosky.tw/

Published in: Software, Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
889
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
7
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013

  1. 1. More than SQL, but Less than ORM MoSQL (after v0.6)
  2. 2. Mosky 2
  3. 3. Mosky I'm working at Pinkoi 2
  4. 4. Mosky I'm working at Pinkoi COSCUP staff 2
  5. 5. Mosky I'm working at Pinkoi COSCUP staff Python trainer 2
  6. 6. Mosky I'm working at Pinkoi COSCUP staff Python trainer Speaker at COSCUP 2013, PyCon TW 2013, PyCon JP 2012, PyCon TW 2012 ... 2
  7. 7. Mosky I'm working at Pinkoi COSCUP staff Python trainer Speaker at COSCUP 2013, PyCon TW 2013, PyCon JP 2012, PyCon TW 2012 ... http://mosky.tw/ 2
  8. 8. Pinkoi.com   Builds  Design  Ecosystem for  people  to  BUY  /  SELL  /  SHARE  designs  and  to  be  INSPIRED.
  9. 9. Pinkoi.com   Builds  Design  Ecosystem Pinkoi  はアジアで最も大きいデザインショッピングウェブ サイトです。優秀なデザイナー達がお客さんのためにいつ もPinkoiで一番新しいデザインを提供しています。早めに あなた達に会いたいですね。お楽しみ!
  10. 10. Outline 5
  11. 11. Outline Why not SQL? But ... 5
  12. 12. Outline Why not SQL? But ... Why ORM? But ... 5
  13. 13. Outline Why not SQL? But ... Why ORM? But ... MoSQL 5
  14. 14. Outline Why not SQL? But ... Why ORM? But ... MoSQL The Usage, Performance, and Security 5
  15. 15. Outline Why not SQL? But ... Why ORM? But ... MoSQL The Usage, Performance, and Security Demo 5
  16. 16. Doc: http://mosql.mosky.tw
  17. 17. Why not SQL?
  18. 18. Hard to Use 8
  19. 19. Hard to Use SELECT * FROM article LIMIT 1; 8
  20. 20. Hard to Use SELECT * FROM article LIMIT 1; add ORDER BY created? 8
  21. 21. Hard to Use SELECT * FROM article LIMIT 1; add ORDER BY created? add OFFSET 10? 8
  22. 22. Hard to Use SELECT * FROM article LIMIT 1; add ORDER BY created? add OFFSET 10? add GROUP BY author? 8
  23. 23. Hard to Use SELECT * FROM article LIMIT 1; add ORDER BY created? add OFFSET 10? add GROUP BY author? UPDATE article WHERE title='SQL' SET title='ORM'? 8
  24. 24. Hard to Use 9
  25. 25. Hard to Use Programming Error 9
  26. 26. Hard to Use Programming Error Programming Error 9
  27. 27. Hard to Use Programming Error Programming Error Programming Error 9
  28. 28. Hard to Use Programming Error Programming Error Programming Error !@#$ 9
  29. 29. May Be Injected 10
  30. 30. May Be Injected 'WHERE ' + ' AND '.join( "%s = '%s'" for k, v in inputs ) 10
  31. 31. May Be Injected 'WHERE ' + ' AND '.join( "%s = '%s'" for k, v in inputs ) Cracker can inject from value 10
  32. 32. May Be Injected 'WHERE ' + ' AND '.join( "%s = '%s'" for k, v in inputs ) Cracker can inject from value or identifier, actually. 10
  33. 33. May Be Injected 'WHERE ' + ' AND '.join( "%s = '%s'" for k, v in inputs ) Cracker can inject from value or identifier, actually. DON'T copy the code here! 10
  34. 34. It seems bad! But ...
  35. 35. SQL ... 12
  36. 36. SQL ... is fastest way to communicate with db, 12
  37. 37. SQL ... is fastest way to communicate with db, and everyone understands or learned it. 12
  38. 38. Why ORM?
  39. 39. Easy to Use 14
  40. 40. Easy to Use class Person(Base): __tablename__ = 'person' person_id = Column(String, primary_key=True) name = Column(String) ... 14
  41. 41. Easy to Use 15
  42. 42. Easy to Use mosky = Person('mosky', 'Mosky Liu') session.add(mosky) 15
  43. 43. Easy to Use mosky = Person('mosky', 'Mosky Liu') session.add(mosky) for person in session.query(Person).all(): print person.name, person.person_id 15
  44. 44. Easy to Use mosky = Person('mosky', 'Mosky Liu') session.add(mosky) for person in session.query(Person).all(): print person.name, person.person_id Let you forget the ugly SQL so far. 15
  45. 45. SQL Injection Free 16
  46. 46. SQL Injection Free Usually ORM guarantees it. 16
  47. 47. It seems good! But ...
  48. 48. ORM ... 18
  49. 49. ORM ... is slower, 18
  50. 50. ORM ... is slower, and you need to learn it from scratch. 18
  51. 51. ORM ... is slower, and you need to learn it from scratch. Sometimes it is just a black box. 18
  52. 52. SQL vs. ORM SQL ORM Easy-to-Use V Secure V Easy-to-Learn V Fast V
  53. 53. So ... MoSQL
  54. 54. The First Glance 21
  55. 55. The First Glance from mosql.query import select print select('person') 21
  56. 56. The First Glance from mosql.query import select print select('person') -> SELECT * FROM "person" 21
  57. 57. Map is just condition 22
  58. 58. Map is just condition select('person', { 'person_id': 'mosky' }) 22
  59. 59. Map is just condition select('person', { 'person_id': 'mosky' }) -> SELECT * FROM "person" WHERE "person_id" = 'mosky' 22
  60. 60. Sequence is just a list 23
  61. 61. Sequence is just a list select('person', select=('name', ) ) 23
  62. 62. Sequence is just a list select('person', select=('name', ) ) -> SELECT "name" FROM "person" 23
  63. 63. Map is also a set-list 24
  64. 64. Map is also a set-list insert('person', { 'person_id': 'mosky', 'name' : 'Mosky Liu' }) 24
  65. 65. Map is also a set-list insert('person', { 'person_id': 'mosky', 'name' : 'Mosky Liu' }) -> INSERT INTO "person" ("person_id", "name") VALUES ('mosky', 'Mosky Liu') 24
  66. 66. Order doesn't matter 25
  67. 67. Order doesn't matter update('person', where={'person_id': 'mosky'}, set ={'name' : 'Mosky Liu'}, }) 25
  68. 68. Order doesn't matter update('person', where={'person_id': 'mosky'}, set ={'name' : 'Mosky Liu'}, }) -> UPDATE "person" SET "name" = 'Mosky Liu' WHERE "person_id" = 'mosky' 25
  69. 69. Operator also works! 26
  70. 70. Operator also works! select('person', { 'age >=': 20 }) 26
  71. 71. Operator also works! select('person', { 'age >=': 20 }) -> SELECT * FROM "person" WHERE "age" >= 20 26
  72. 72. All from the native data structures!
  73. 73. The Overview 28
  74. 74. The Overview insert(table, set, ...) 28
  75. 75. The Overview insert(table, set, ...) select(table, where, ...) 28
  76. 76. The Overview insert(table, set, ...) select(table, where, ...) update(table, where, set, ...) 28
  77. 77. The Overview insert(table, set, ...) select(table, where, ...) update(table, where, set, ...) delete(table, where, ...) 28
  78. 78. The Overview insert(table, set, ...) select(table, where, ...) update(table, where, set, ...) delete(table, where, ...) ... 28
  79. 79. If you like it,
  80. 80. sudo pip install mosql
  81. 81. Join is also available 31
  82. 82. Join is also available select(     'person',     {'person_id': 'mosky'},     joins=left_join('detail',using=('person_id',)) ) 31
  83. 83. Join is also available select(     'person',     {'person_id': 'mosky'},     joins=left_join('detail',using=('person_id',)) ) -> SELECT * FROM "person" LEFT JOIN "detail" USING ("person_id") WHERE "person_id" = 'mosky' 31
  84. 84. A Partial Query 32
  85. 85. A Partial Query fixed_args = {'table': 'person'} person_select = select.breed(fixed_args) person_select() 32
  86. 86. A Partial Query fixed_args = {'table': 'person'} person_select = select.breed(fixed_args) person_select() -> SELECT * FROM "person" 32
  87. 87. A Partial Query fixed_args = {'table': 'person'} person_select = select.breed(fixed_args) person_select() -> SELECT * FROM "person" select('person') 32
  88. 88. A Partial Query fixed_args = {'table': 'person'} person_select = select.breed(fixed_args) person_select() -> SELECT * FROM "person" select('person') -> SELECT * FROM "person" 32
  89. 89. Performance 33
  90. 90. Performance About 4x faster than SQLAlchemy. 33
  91. 91. Performance About 4x faster than SQLAlchemy. Just a little bit slower than pure SQL. 33
  92. 92. Security 34
  93. 93. Security Security by default. 34
  94. 94. Security Security by default. Use escaping technique. 34
  95. 95. Security Security by default. Use escaping technique. Prevent SQL injection from both value and identifier. 34
  96. 96. Security Security by default. Use escaping technique. Prevent SQL injection from both value and identifier. Passed the tests from sqlmap at level=5 and risk=3. 34
  97. 97. SQL vs. ORM SQL ORM Easy-to-Use V Secure V Easy-to-Learn V Fast V
  98. 98. SQL < ______ < ORM SQL ORM Easy-to-Use V Secure V Easy-to-Learn V Fast V
  99. 99. SQL < MoSQL < ORM SQL MoSQL ORM Easy-to-Use V V Secure V V Easy-to-Learn V V Fast V V
  100. 100. Demo
  101. 101. Demo 39
  102. 102. Demo Arbitrary Query with Web 39
  103. 103. Demo Arbitrary Query with Web Serious Usage using Class 39
  104. 104. Demo Arbitrary Query with Web Serious Usage using Class All the code are in the Github! 39
  105. 105. The End
  106. 106. The End 41
  107. 107. The End MoSQL is ... 41
  108. 108. The End MoSQL is ... Easy-to-Use 41
  109. 109. The End MoSQL is ... Easy-to-Use Easy-to-Learn 41
  110. 110. The End MoSQL is ... Easy-to-Use Easy-to-Learn Secure 41
  111. 111. The End MoSQL is ... Easy-to-Use Easy-to-Learn Secure Fast 41
  112. 112. The End MoSQL is ... Easy-to-Use Easy-to-Learn Secure Fast sudo pip install mosql 41
  113. 113. The End MoSQL is ... Easy-to-Use Easy-to-Learn Secure Fast sudo pip install mosql http://mosql.mosky.tw/ 41

×