SlideShare a Scribd company logo

Mastering MySQL/Query

Tomoki Oyamatsu
Tomoki Oyamatsu

MySQLの基本的な書き方や設計について、簡単な勉強会を開いて欲しいと言われたのでまとめました

Technology
1 of 31
Download to read offline
Mastering MySQL/Query Tomoki Oyamatsu
 iret, inc.
Agenda Beautiful query MySQL settings and query Normalization and query building MySQL with PHP
Beautiful query
Building Beautiful queries If we build a beautiful query… Easy to read Easy to edit Easy to copy (reuse)
Which is easy to read? select id,name from users where admin = 1 and password is null and created_at >= '2016-01-01 00:00:00' order by id limit 0,10 SELECT id ,name FROM users WHERE admin = 1 AND password IS NULL AND created_at >= '2016-01-01 00:00:00' ORDER BY id ASC LIMIT 0, 10 ;
Uppercased reserved word select count(user_id) as cnt
 from users
 where user_name = ‘foo’ and del_flag = false SELECT COUNT(user_id) AS cnt
 FROM users
 WHERE user_name = ‘foo’ AND del_flag = FALSE
line break and spaces SELECT col_1, col_2, col_3, COUNT(*) 
 FROM  tbl_A 
 WHERE col_1 = 'a' 
 AND   col_2 = ( 
 SELECT MAX(col_2) 
 FROM   tbl_B 
 WHERE col_3 = 100 
 ) 
 GROUP BY col_1, col_2, col_3 SELECT
 col_1
 ,col_2
 ,col_3
 ,COUNT(*) 
 FROM
 tbl_A
 WHERE
 col_1 = 'a'
 AND col_2 = (
 SELECT
 MAX(col_2) 
 FROM
 tbl_B 
 WHERE
 col_3 = 100 
 )
 GROUP BY
 col_1,col_2,col_3
line break and spaces SELECT col_1, col_2, col_3, COUNT(*) SELECT
 col_1
 ,col_2
 ,col_3
 ,COUNT(*) 
 Align the vertical line using 4 spaces indention
 (PSR-2 coding guide)

Aligned ‘AND/OR’ conditions WHERE cc_id = 10
 AND playdate = 20161027
 AND code BETWEEN 200
 AND 300 WHERE cc_id = 10 AND playdate = 20161027 AND code BETWEEN 200 AND 300
 ( No line break) WHERE
 cc_id = 10
 AND playdate = 20161027
 AND code BETWEEN 200 AND 300 WHERE
 cc_id = 10
 AND playdate = 20161027
 AND code BETWEEN 200 AND 300 WHERE cc_id = 10
 AND playdate = 20161027
 AND code BETWEEN 200
 AND 300 WHERE cc_id = 10 AND playdate = 20161027 AND code BETWEEN 200 AND 300
 ( No line break)
“Write beautiful code”
MySQL settings and query
max_allowed_packet The maximum query length default=16MB When save image binary… BAD Tooooooooooooo long IN() SELECT
 *
 FROM
 users
 WHERE
 email IN(‘address1’,’address2’,’address3’…) GOOD One by one and loop SELECT
 *
 FROM
 users
 WHERE
 email = ‘address1’;
group_concat_max_len The maximum length of the result of group_concat default=1024 When use group_concat()… BAD challenging many results SELECT
 GROUP_CONCAT(user_id) AS user_ids
 FROM users WHERE … GOOD Join using Program SELECT
 user_id
 FROM users WHERE …
max_connections The maximum number of concurrent connections default=151 When run the queries at the same time… use transaction BAD sudden mass access ex)Campaign site,
 Sports news site
 News site GOOD Strict control system ex)Bank system
 Cash card system
And more query_cache_limit query_cache_size max_join_size max_length_for_sort_data delayed_insert_limit wait_timeout and so on…
“Check the my.cnf/VARIABLES” mysql> SHOW VARIABLES;
Normalization and query building
Normalization The database should be third normal form e.g. employee database
Non-Normalized form id name age sex salary qualification 2030 Tomoki Oyamatsu 28 male ¥200,000 driver licence,
 Fundamental information technology engineer,
 C Language Proficiency Level 2 3 columns employee
First normal form id name age sex salary qualification 2030 Tomoki Oyamatsu 28 male ¥200,000 driver licence 2030 Tomoki Oyamatsu 28 male ¥200,000 Fundamental information technology engineer 2030 Tomoki Oyamatsu 28 male ¥200,000 C Language Proficiency Level 2 same data employee
Second normal form id name age sex salary 2030 Tomoki Oyamatsu 28 male ¥200,000 employee id qualification_id qualification_name 2030 1 driver licence 2030 5 Fundamental information technology engineer 2030 7 C Language Proficiency Level 2 emp_qual Duplicate when another employee has
Third normal form id name age sex_id salary 2030 Tomoki Oyamatsu 28 1 ¥200,000 employee id qualification_id 2030 1 2030 5 2030 7 emp_qual qualification_id qualification_name 1 driver licence 2 IT passport 3 System Architect 4 Information security admin 5 Fundamental information technology engineer6 Network specialist 7 C Language Proficiency Level 2 sex_id sex 1 male 2 female sex_mst qualifications
Select age SELECT
 age
 FROM
 employee
 WHERE
 id=2030;
Select qualification list SELECT
 qualification_id,qualification_name
 FROM
 employee 
 LEFT JOIN emp_qual USING (id)
 LEFT JOIN qualifications USING (qualification_id)
 WHERE
 id=2030; When it becomes necessary
“Understand to the third normal form”
MySQL with PHP
Avoid SQL injection $sql = <<<SQL
 SELECT
 *
 FROM
 users
 WHERE
 name = ‘{$POST[“name”]}’
 ;
 SQL;
 $result = $pdo->exec($sql); If parameter is… $POST[“name”]
 = “Oyamatsu” WHERE
 name = 'Oyamatsu'; $POST[“name”]
 = “t' OR ’t’=’t” WHERE
 name = 't' OR 't' = 't'; PHP code true in any time
Use prepared statement $sql = <<<SQL
 SELECT
 *
 FROM
 users
 WHERE
 name = :name
 ;
 SQL;
 
 $sth->bindValue(‘:name’, $POST[“name”]);
 $sth->execute(); If parameter is… $POST[“name”]
 = “t' OR ’t’=’t” WHERE
 name= ’t' OR ’t’ = ’t’; PHP code escaped string
In the case of IN() Can’t use the prepared statement $sql = <<<SQL
 SELECT
 *
 FROM
 users
 WHERE
 user_id IN({$user_ids});
 SQL;
 $result = $pdo->exec($sql); Beforehand Make sure all data are numeric join numeric data
“Bear in mind
 secure programming”
“Thank you” –iret, inc. Oyamatsu

Recommended

Design Assignment ( Recreation of IRCTC Booking System in Andriod Platform)
Design Assignment ( Recreation of IRCTC Booking System in Andriod Platform)Design Assignment ( Recreation of IRCTC Booking System in Andriod Platform)
Design Assignment ( Recreation of IRCTC Booking System in Andriod Platform)Abhilash Mishra
 
Building High Performance MySql Query Systems And Analytic Applications
Building High Performance MySql Query Systems And Analytic ApplicationsBuilding High Performance MySql Query Systems And Analytic Applications
Building High Performance MySql Query Systems And Analytic Applicationsguest40cda0b
 
Zurich2007 MySQL Query Optimization
Zurich2007 MySQL Query OptimizationZurich2007 MySQL Query Optimization
Zurich2007 MySQL Query OptimizationHiệp Lê Tuấn
 
Advanced MySQL Query Tuning
Advanced MySQL Query TuningAdvanced MySQL Query Tuning
Advanced MySQL Query TuningAlexander Rubin
 
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014Dave Stokes
 
56 Query Optimization
56 Query Optimization56 Query Optimization
56 Query OptimizationMYXPLAIN
 
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxMYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxPythian
 
Mysql query optimization
Mysql query optimizationMysql query optimization
Mysql query optimizationBaohua Cai
 

Recommended

Design Assignment ( Recreation of IRCTC Booking System in Andriod Platform)
Design Assignment ( Recreation of IRCTC Booking System in Andriod Platform)Design Assignment ( Recreation of IRCTC Booking System in Andriod Platform)
Design Assignment ( Recreation of IRCTC Booking System in Andriod Platform)Abhilash Mishra
 
Building High Performance MySql Query Systems And Analytic Applications
Building High Performance MySql Query Systems And Analytic ApplicationsBuilding High Performance MySql Query Systems And Analytic Applications
Building High Performance MySql Query Systems And Analytic Applicationsguest40cda0b
 
Zurich2007 MySQL Query Optimization
Zurich2007 MySQL Query OptimizationZurich2007 MySQL Query Optimization
Zurich2007 MySQL Query OptimizationHiệp Lê Tuấn
 
Advanced MySQL Query Tuning
Advanced MySQL Query TuningAdvanced MySQL Query Tuning
Advanced MySQL Query TuningAlexander Rubin
 
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014Dave Stokes
 
56 Query Optimization
56 Query Optimization56 Query Optimization
56 Query OptimizationMYXPLAIN
 
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxMYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxPythian
 
Mysql query optimization
Mysql query optimizationMysql query optimization
Mysql query optimizationBaohua Cai
 
Query Optimization with MySQL 5.6: Old and New Tricks
Query Optimization with MySQL 5.6: Old and New TricksQuery Optimization with MySQL 5.6: Old and New Tricks
Query Optimization with MySQL 5.6: Old and New TricksMYXPLAIN
 
Tunning sql query
Tunning sql queryTunning sql query
Tunning sql queryvuhaininh88
 
MySQL Query tuning 101
MySQL Query tuning 101MySQL Query tuning 101
MySQL Query tuning 101Sveta Smirnova
 
Advanced MySQL Query and Schema Tuning
Advanced MySQL Query and Schema TuningAdvanced MySQL Query and Schema Tuning
Advanced MySQL Query and Schema TuningMYXPLAIN
 
MySQL Query Optimization
MySQL Query OptimizationMySQL Query Optimization
MySQL Query OptimizationMorgan Tocker
 
My sql optimization
My sql optimizationMy sql optimization
My sql optimizationPrelovacMedia
 
Webinar 2013 advanced_query_tuning
Webinar 2013 advanced_query_tuningWebinar 2013 advanced_query_tuning
Webinar 2013 advanced_query_tuning晓 周
 
MySQL Query Optimization.
MySQL Query Optimization.MySQL Query Optimization.
MySQL Query Optimization.Remote MySQL DBA
 
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Jaime Crespo
 
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksQuery Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksJaime Crespo
 
MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)Karthik .P.R
 
Sql query patterns, optimized
Sql query patterns, optimizedSql query patterns, optimized
Sql query patterns, optimizedKarwin Software Solutions LLC
 
MySQL Query And Index Tuning
MySQL Query And Index TuningMySQL Query And Index Tuning
MySQL Query And Index TuningManikanda kumar
 
Percona Live 2012PPT: MySQL Query optimization
Percona Live 2012PPT: MySQL Query optimizationPercona Live 2012PPT: MySQL Query optimization
Percona Live 2012PPT: MySQL Query optimizationmysqlops
 
How to Design Indexes, Really
How to Design Indexes, ReallyHow to Design Indexes, Really
How to Design Indexes, ReallyKarwin Software Solutions LLC
 
โครงงานคอ..
โครงงานคอ..โครงงานคอ..
โครงงานคอ..Noot Ting Tong
 
Week 9 proposal powerpoint
Week 9 proposal powerpointWeek 9 proposal powerpoint
Week 9 proposal powerpointtiffanymccook
 
MediaEval 2012 Placing Task Overview
MediaEval 2012 Placing Task OverviewMediaEval 2012 Placing Task Overview
MediaEval 2012 Placing Task OverviewAdam Rae
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Know your SQL Server - DMVs
Know your SQL Server - DMVsKnow your SQL Server - DMVs
Know your SQL Server - DMVsComunidade NetPonto
 
Class 8 - Database Programming
Class 8 - Database ProgrammingClass 8 - Database Programming
Class 8 - Database ProgrammingAhmed Swilam
 
Introduction to database & sql
Introduction to database & sqlIntroduction to database & sql
Introduction to database & sqlzahid6
 

More Related Content

Viewers also liked

Query Optimization with MySQL 5.6: Old and New Tricks
Query Optimization with MySQL 5.6: Old and New TricksQuery Optimization with MySQL 5.6: Old and New Tricks
Query Optimization with MySQL 5.6: Old and New TricksMYXPLAIN
 
Tunning sql query
Tunning sql queryTunning sql query
Tunning sql queryvuhaininh88
 
MySQL Query tuning 101
MySQL Query tuning 101MySQL Query tuning 101
MySQL Query tuning 101Sveta Smirnova
 
Advanced MySQL Query and Schema Tuning
Advanced MySQL Query and Schema TuningAdvanced MySQL Query and Schema Tuning
Advanced MySQL Query and Schema TuningMYXPLAIN
 
MySQL Query Optimization
MySQL Query OptimizationMySQL Query Optimization
MySQL Query OptimizationMorgan Tocker
 
Webinar 2013 advanced_query_tuning
Webinar 2013 advanced_query_tuningWebinar 2013 advanced_query_tuning
Webinar 2013 advanced_query_tuning晓 周
 
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Jaime Crespo
 
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksQuery Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksJaime Crespo
 
MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)Karthik .P.R
 
MySQL Query And Index Tuning
MySQL Query And Index TuningMySQL Query And Index Tuning
MySQL Query And Index TuningManikanda kumar
 
Percona Live 2012PPT: MySQL Query optimization
Percona Live 2012PPT: MySQL Query optimizationPercona Live 2012PPT: MySQL Query optimization
Percona Live 2012PPT: MySQL Query optimizationmysqlops
 
โครงงานคอ..
โครงงานคอ..โครงงานคอ..
โครงงานคอ..Noot Ting Tong
 
Week 9 proposal powerpoint
Week 9 proposal powerpointWeek 9 proposal powerpoint
Week 9 proposal powerpointtiffanymccook
 
MediaEval 2012 Placing Task Overview
MediaEval 2012 Placing Task OverviewMediaEval 2012 Placing Task Overview
MediaEval 2012 Placing Task OverviewAdam Rae
 

Viewers also liked (18)

Query Optimization with MySQL 5.6: Old and New Tricks
Query Optimization with MySQL 5.6: Old and New TricksQuery Optimization with MySQL 5.6: Old and New Tricks
Query Optimization with MySQL 5.6: Old and New Tricks
 
Tunning sql query
Tunning sql queryTunning sql query
Tunning sql query
 
MySQL Query tuning 101
MySQL Query tuning 101MySQL Query tuning 101
MySQL Query tuning 101
 
Advanced MySQL Query and Schema Tuning
Advanced MySQL Query and Schema TuningAdvanced MySQL Query and Schema Tuning
Advanced MySQL Query and Schema Tuning
 
MySQL Query Optimization
MySQL Query OptimizationMySQL Query Optimization
MySQL Query Optimization
 
My sql optimization
My sql optimizationMy sql optimization
My sql optimization
 
Webinar 2013 advanced_query_tuning
Webinar 2013 advanced_query_tuningWebinar 2013 advanced_query_tuning
Webinar 2013 advanced_query_tuning
 
MySQL Query Optimization.
MySQL Query Optimization.MySQL Query Optimization.
MySQL Query Optimization.
 
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
Query Optimization with MySQL 5.6: Old and New Tricks - Percona Live London 2013
 
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricksQuery Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
Query Optimization with MySQL 5.7 and MariaDB 10: Even newer tricks
 
MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)
 
Sql query patterns, optimized
Sql query patterns, optimizedSql query patterns, optimized
Sql query patterns, optimized
 
MySQL Query And Index Tuning
MySQL Query And Index TuningMySQL Query And Index Tuning
MySQL Query And Index Tuning
 
Percona Live 2012PPT: MySQL Query optimization
Percona Live 2012PPT: MySQL Query optimizationPercona Live 2012PPT: MySQL Query optimization
Percona Live 2012PPT: MySQL Query optimization
 
How to Design Indexes, Really
How to Design Indexes, ReallyHow to Design Indexes, Really
How to Design Indexes, Really
 
โครงงานคอ..
โครงงานคอ..โครงงานคอ..
โครงงานคอ..
 
Week 9 proposal powerpoint
Week 9 proposal powerpointWeek 9 proposal powerpoint
Week 9 proposal powerpoint
 
MediaEval 2012 Placing Task Overview
MediaEval 2012 Placing Task OverviewMediaEval 2012 Placing Task Overview
MediaEval 2012 Placing Task Overview
 

Similar to Mastering MySQL/Query

A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Class 8 - Database Programming
Class 8 - Database ProgrammingClass 8 - Database Programming
Class 8 - Database ProgrammingAhmed Swilam
 
Introduction to database & sql
Introduction to database & sqlIntroduction to database & sql
Introduction to database & sqlzahid6
 
MongoDB user group israel May
MongoDB user group israel MayMongoDB user group israel May
MongoDB user group israel MayAlon Horev
 
Database Modeling presentation
Database Modeling presentationDatabase Modeling presentation
Database Modeling presentationBhavishya Tyagi
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Beyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the codeBeyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the codeWim Godden
 
Aspect Oriented Programming :Sabarimala Web Portal
Aspect Oriented Programming :Sabarimala Web PortalAspect Oriented Programming :Sabarimala Web Portal
Aspect Oriented Programming :Sabarimala Web PortalSanjeev Kumar Jaiswal
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
Data Exploration with Apache Drill: Day 2
Data Exploration with Apache Drill: Day 2Data Exploration with Apache Drill: Day 2
Data Exploration with Apache Drill: Day 2Charles Givre
 
Beyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the codeBeyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the codeWim Godden
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Clientgrutz
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
Building an Analytic Extension to MySQL with ClickHouse and Open Source
Building an Analytic Extension to MySQL with ClickHouse and Open SourceBuilding an Analytic Extension to MySQL with ClickHouse and Open Source
Building an Analytic Extension to MySQL with ClickHouse and Open SourceAltinity Ltd
 
Building an Analytic Extension to MySQL with ClickHouse and Open Source.pptx
Building an Analytic Extension to MySQL with ClickHouse and Open Source.pptxBuilding an Analytic Extension to MySQL with ClickHouse and Open Source.pptx
Building an Analytic Extension to MySQL with ClickHouse and Open Source.pptxAltinity Ltd
 
From BLTI 1.0 To LTI 1.1
From BLTI 1.0 To LTI 1.1From BLTI 1.0 To LTI 1.1
From BLTI 1.0 To LTI 1.1Andrew Ko
 
Bangladesh Bank Data entry control operator Question Solution.
Bangladesh Bank Data entry control operator Question Solution.Bangladesh Bank Data entry control operator Question Solution.
Bangladesh Bank Data entry control operator Question Solution.Engr. Md. Jamal Uddin Rayhan
 

Similar to Mastering MySQL/Query (20)

A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Know your SQL Server - DMVs
Know your SQL Server - DMVsKnow your SQL Server - DMVs
Know your SQL Server - DMVs
 
Class 8 - Database Programming
Class 8 - Database ProgrammingClass 8 - Database Programming
Class 8 - Database Programming
 
Introduction to database & sql
Introduction to database & sqlIntroduction to database & sql
Introduction to database & sql
 
MongoDB user group israel May
MongoDB user group israel MayMongoDB user group israel May
MongoDB user group israel May
 
Database Modeling presentation
Database Modeling presentationDatabase Modeling presentation
Database Modeling presentation
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
Beyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the codeBeyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the code
 
Aspect Oriented Programming :Sabarimala Web Portal
Aspect Oriented Programming :Sabarimala Web PortalAspect Oriented Programming :Sabarimala Web Portal
Aspect Oriented Programming :Sabarimala Web Portal
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASP
 
Data Exploration with Apache Drill: Day 2
Data Exploration with Apache Drill: Day 2Data Exploration with Apache Drill: Day 2
Data Exploration with Apache Drill: Day 2
 
Beyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the codeBeyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the code
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Client
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
Cassandra
CassandraCassandra
Cassandra
 
Building an Analytic Extension to MySQL with ClickHouse and Open Source
Building an Analytic Extension to MySQL with ClickHouse and Open SourceBuilding an Analytic Extension to MySQL with ClickHouse and Open Source
Building an Analytic Extension to MySQL with ClickHouse and Open Source
 
Building an Analytic Extension to MySQL with ClickHouse and Open Source.pptx
Building an Analytic Extension to MySQL with ClickHouse and Open Source.pptxBuilding an Analytic Extension to MySQL with ClickHouse and Open Source.pptx
Building an Analytic Extension to MySQL with ClickHouse and Open Source.pptx
 
From BLTI 1.0 To LTI 1.1
From BLTI 1.0 To LTI 1.1From BLTI 1.0 To LTI 1.1
From BLTI 1.0 To LTI 1.1
 
PROJECT REPORT
PROJECT REPORTPROJECT REPORT
PROJECT REPORT
 
Bangladesh Bank Data entry control operator Question Solution.
Bangladesh Bank Data entry control operator Question Solution.Bangladesh Bank Data entry control operator Question Solution.
Bangladesh Bank Data entry control operator Question Solution.
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Mastering MySQL/Query

  • 2. Agenda Beautiful query MySQL settings and query Normalization and query building MySQL with PHP
  • 4. Building Beautiful queries If we build a beautiful query… Easy to read Easy to edit Easy to copy (reuse)
  • 5. Which is easy to read? select id,name from users where admin = 1 and password is null and created_at >= '2016-01-01 00:00:00' order by id limit 0,10 SELECT id ,name FROM users WHERE admin = 1 AND password IS NULL AND created_at >= '2016-01-01 00:00:00' ORDER BY id ASC LIMIT 0, 10 ;
  • 6. Uppercased reserved word select count(user_id) as cnt
 from users
 where user_name = ‘foo’ and del_flag = false SELECT COUNT(user_id) AS cnt
 FROM users
 WHERE user_name = ‘foo’ AND del_flag = FALSE
  • 7. line break and spaces SELECT col_1, col_2, col_3, COUNT(*) 
 FROM  tbl_A 
 WHERE col_1 = 'a' 
 AND   col_2 = ( 
 SELECT MAX(col_2) 
 FROM   tbl_B 
 WHERE col_3 = 100 
 ) 
 GROUP BY col_1, col_2, col_3 SELECT
 col_1
 ,col_2
 ,col_3
 ,COUNT(*) 
 FROM
 tbl_A
 WHERE
 col_1 = 'a'
 AND col_2 = (
 SELECT
 MAX(col_2) 
 FROM
 tbl_B 
 WHERE
 col_3 = 100 
 )
 GROUP BY
 col_1,col_2,col_3
  • 8. line break and spaces SELECT col_1, col_2, col_3, COUNT(*) SELECT
 col_1
 ,col_2
 ,col_3
 ,COUNT(*) 
 Align the vertical line using 4 spaces indention
 (PSR-2 coding guide)

  • 9. Aligned ‘AND/OR’ conditions WHERE cc_id = 10
 AND playdate = 20161027
 AND code BETWEEN 200
 AND 300 WHERE cc_id = 10 AND playdate = 20161027 AND code BETWEEN 200 AND 300
 ( No line break) WHERE
 cc_id = 10
 AND playdate = 20161027
 AND code BETWEEN 200 AND 300 WHERE
 cc_id = 10
 AND playdate = 20161027
 AND code BETWEEN 200 AND 300 WHERE cc_id = 10
 AND playdate = 20161027
 AND code BETWEEN 200
 AND 300 WHERE cc_id = 10 AND playdate = 20161027 AND code BETWEEN 200 AND 300
 ( No line break)
  • 12. max_allowed_packet The maximum query length default=16MB When save image binary… BAD Tooooooooooooo long IN() SELECT
 *
 FROM
 users
 WHERE
 email IN(‘address1’,’address2’,’address3’…) GOOD One by one and loop SELECT
 *
 FROM
 users
 WHERE
 email = ‘address1’;
  • 13. group_concat_max_len The maximum length of the result of group_concat default=1024 When use group_concat()… BAD challenging many results SELECT
 GROUP_CONCAT(user_id) AS user_ids
 FROM users WHERE … GOOD Join using Program SELECT
 user_id
 FROM users WHERE …
  • 14. max_connections The maximum number of concurrent connections default=151 When run the queries at the same time… use transaction BAD sudden mass access ex)Campaign site,
 Sports news site
 News site GOOD Strict control system ex)Bank system
 Cash card system
  • 18. Normalization The database should be third normal form e.g. employee database
  • 19. Non-Normalized form id name age sex salary qualification 2030 Tomoki Oyamatsu 28 male ¥200,000 driver licence,
 Fundamental information technology engineer,
 C Language Proficiency Level 2 3 columns employee
  • 20. First normal form id name age sex salary qualification 2030 Tomoki Oyamatsu 28 male ¥200,000 driver licence 2030 Tomoki Oyamatsu 28 male ¥200,000 Fundamental information technology engineer 2030 Tomoki Oyamatsu 28 male ¥200,000 C Language Proficiency Level 2 same data employee
  • 21. Second normal form id name age sex salary 2030 Tomoki Oyamatsu 28 male ¥200,000 employee id qualification_id qualification_name 2030 1 driver licence 2030 5 Fundamental information technology engineer 2030 7 C Language Proficiency Level 2 emp_qual Duplicate when another employee has
  • 22. Third normal form id name age sex_id salary 2030 Tomoki Oyamatsu 28 1 ¥200,000 employee id qualification_id 2030 1 2030 5 2030 7 emp_qual qualification_id qualification_name 1 driver licence 2 IT passport 3 System Architect 4 Information security admin 5 Fundamental information technology engineer6 Network specialist 7 C Language Proficiency Level 2 sex_id sex 1 male 2 female sex_mst qualifications
  • 24. Select qualification list SELECT
 qualification_id,qualification_name
 FROM
 employee 
 LEFT JOIN emp_qual USING (id)
 LEFT JOIN qualifications USING (qualification_id)
 WHERE
 id=2030; When it becomes necessary
  • 25. “Understand to the third normal form”
  • 27. Avoid SQL injection $sql = <<<SQL
 SELECT
 *
 FROM
 users
 WHERE
 name = ‘{$POST[“name”]}’
 ;
 SQL;
 $result = $pdo->exec($sql); If parameter is… $POST[“name”]
 = “Oyamatsu” WHERE
 name = 'Oyamatsu'; $POST[“name”]
 = “t' OR ’t’=’t” WHERE
 name = 't' OR 't' = 't'; PHP code true in any time
  • 28. Use prepared statement $sql = <<<SQL
 SELECT
 *
 FROM
 users
 WHERE
 name = :name
 ;
 SQL;
 
 $sth->bindValue(‘:name’, $POST[“name”]);
 $sth->execute(); If parameter is… $POST[“name”]
 = “t' OR ’t’=’t” WHERE
 name= ’t' OR ’t’ = ’t’; PHP code escaped string
  • 29. In the case of IN() Can’t use the prepared statement $sql = <<<SQL
 SELECT
 *
 FROM
 users
 WHERE
 user_id IN({$user_ids});
 SQL;
 $result = $pdo->exec($sql); Beforehand Make sure all data are numeric join numeric data
  • 30. “Bear in mind
 secure programming”