Software Engineering for Internet Applications - Student Community

More documents

Recommendations

Info

You can solve all of these problems by separating SQL code andvariable data. Here's a pseudo-code example of how it has beendone using standard libraries going back to the late 1970s:// associate the name "event_query" with// a string of SQLPrepareStatement("event_query","select * from events where event_id = :event_id");// associate the bind variable :event_id with// the particular value for this pageBindVar("event_query",":event_id",3722);// ask the RDBMS to execute the completed queryExecuteStatement("event_query");... fetch results ...Note that the structure of the SQL seen by the RDBMS is fixed as"select * from events where event_id = :event_id",regardless of what input is received in the form. Only the value of:event_id changes.This is an example of using bind variables, which is standard practicein most software that talks to an RDBMS.4.7 Bind Variables in C#using System;using System.Configuration;using System.Data;using System.Data.SqlClient;namespace ExecuteScalar{////// An example of how to use named parameters/// in ADO.NET.///class Class1{////// The main entry point for the application.///[STAThread]static void Main(string[] args)68This is a seemingly perverse way to use SQL but in fact is fairlyconventional because there are no IF statements in standard SQL.Suppose, however, that two copies of this INSERT startsimultaneously. Recall that a transaction processing system providesthe ACID guarantees: Atomicity, Consistency, Isolation, andDurability. Oracle's implementation of isolation, "the results of atransaction are invisible to other transactions until the transaction iscomplete", works by giving each user a virtual version of thedatabase as it was when the transaction started.Session ASends INSERT to Oracle atsystem change number ("SCN", apseudo-time internal to Oracle)30561.Oracle counts the rows inkm_object_views and finds 0.Oracle inserts a row intokm_object_views at SCN30567 (took a while for theCOUNT(*) to complete;meanwhile other users have beeninserting and updates rows inother tables).Session BSends INSERT to Oracle atsystem change number 30562,a tick after Session A startedits transaction but several ticksbefore Session Aaccomplished its insertion.Oracle, busy with other users,doesn't start counting rows inkm_object_views until SCN30568, after the insert fromSession A. The database,however, will return 0 blocksbecause it is presentingSession B with a view of thedatabase as it was at SCN30562, when the transactionstarted.Having found 0 rows in thecount, the INSERT proceedsto insert one row, thus creatinga duplicate log entry.More: See the "Data Concurrency and Consistency" chapter ofOracle9i Database Concepts one of the books included in Oracledocumentation.Now consider the same query running in SQL Server:insert into km_object_views (user_id, object_id,table_name, view_time)281
create table km_object_views (object_view_id integer primary key,-- which useruser_idnot null references users,-- two columns to specify which objectobject_id integer not null,table_name varchar(21) not null,view_time timestamp(0) not null,reuse_pchar(1) default 'f'check(reuse_p in ('t','f')));Modify object-view-one so that it will insert a row into thekm_object_views table if and only if there isn't already a log rowfor this user/object pair within 24 hours. You can do this with thefollowing procedure:2801. open a transaction2. lock the table3. count the number of matching rows within the last 24 hours4. compare the result to 0 and insert if necessary5. close the transactionThis appears to be an awfully big hammer for a seemingly simpleproblem. Is it possible to do this in one statement?Let's start with Oracle. Here's an example of an INSERT statementthat only has an effect if there isn't already a row in the table:insert into km_object_views (object_view_id,user_id, object_id, table_name, view_time)select km_object_view_id.nextval, 227, 891,'algorithm', current_timestamp(0)from dualwhere 0 = (select count(*)from km_object_viewswhere user_id = 227and object_id = 891and view_time > current_timestamp -interval '1' day);The structure of this statement is "insert into KM_OBJECT_VIEWSthe result of querying the 1-row system table DUAL". We're notpulling any data from the DUAL table, only including constants in theSELECT list. Nor is the WHERE clause restricting results based oninformation in the DUAL table; it is querying KM_OBJECT_VIEWS.{object objResult = null;string strResult = null;string strEmployeeID = "PMA42628M";//Initialize the database connection,// command and parameter objects.SqlConnection conn = new SqlConnection(ConfigurationSettings.AppSettings["connStr"]);SqlCommand cmd = new SqlCommand("select fname from employee where emp_id =@emp_id");SqlParameter param = newSqlParameter("@emp_id",strEmployeeID);//Associate the connection with the command.cmd.Connection = conn;//Bind the parameter value to the command.cmd.Parameters.Add(param);//Connect to the database and// run the command.try{conn.Open();objResult = cmd.ExecuteScalar();}catch (Exception e){Console.WriteLine("Database error: {0}",e.ToString());}finally{//Clean up.if(!conn.State.Equals(ConnectionState.Closed)){conn.Close();}}//Convert the query result to a string.if (objResult == null)69
Page 1 and 2:
SoftwareEngineering forInternetAppl
Page 3 and 4:
Signature: ________________________
Page 5 and 6:
end-users. We use every opportunity
Page 7 and 8:
• availability of magnet content
Page 9 and 10:
• we want to see if a student is
Page 11 and 12:
you supply English-language queries
Page 13 and 14:
What to do during lecturesWe try to
Page 15 and 16:
The one-term cram courseWhen teachi
Page 17 and 18: 332• spend a term learning how to
Page 19 and 20: Once we've taught students how to b
Page 21 and 22: has permission to perform each task
Page 23 and 24: UDDIUnixcustomer's credit card. If
Page 25 and 26: thousands of concurrent users. This
Page 27 and 28: OraclePerlnamed XYZ" without the pr
Page 29 and 30: LDAPLinuxbits per color, a vastly s
Page 31 and 32: FilterFirewallFlat-fileGIF318functi
Page 33 and 34: when there is an educational dimens
Page 35 and 36: system. The authors of the core pro
Page 37 and 38: Sign-OffsTry to schedule comprehens
Page 39 and 40: scheduling goals that both you and
Page 41 and 42: Client Tenure In Job (new, mid-term
Page 43 and 44: ReferencesEngagement ManagementSQL*
Page 45 and 46: Decision-makers often bring senior
Page 47 and 48: presentation to a panel of outsider
Page 49 and 50: 300always been written by programme
Page 51 and 52: 17.3 Professionalism in the Softwar
Page 53 and 54: Try to make sure that your audience
Page 55 and 56: Chapter 17WriteupIf I am not for my
Page 57 and 58: Suppose that an RDBMS failure were
Page 59 and 60: analysis programs analyzing standar
Page 61 and 62: at 9 hours 11 minutes 59 seconds pa
Page 63 and 64: found" will result in an access log
Page 65 and 66: 15.18 Time and MotionThe team shoul
Page 67: select 227, 891, 'algorithm', curre
Page 71 and 72: • object-create• object-display
Page 73 and 74: The trees chapter of SQL for Web Ne
Page 75 and 76: );274-- ordering within a form, low
Page 77 and 78: and start the high-level document f
Page 79 and 80: Example Ontology 2: FlyingWe want a
Page 81 and 82: systems. What would a knowledge man
Page 83 and 84: spreadsheet". Other users can comme
Page 85 and 86: Chapter 15Metadata (and Automatic C
Page 87 and 88: {site url}{site description}en-usCo
Page 89 and 90: drawing on the intermodule API that
Page 91 and 92: At this point you have something of
Page 93 and 94: • description• URL for a photo
Page 95 and 96: Here's a raw SOAP request/response
Page 97 and 98: Chapter 14Distributed Computing wit
Page 99 and 100: conduct programmer job interviews h
Page 101 and 102: Most admin pages can be excluded fr
Page 103 and 104: content that should distinguish one
Page 105 and 106: Chapter 13Planning ReduxA lot has c
Page 107 and 108: the Internet-specific problem of no
Page 109 and 110: wouldn't see these dirty tricks unl
Page 111 and 112: 12.8 Exercise 4: Big BrotherGeneral
Page 113 and 114: than one call to contains in the sa
Page 115 and 116: A third argument against the split
Page 117 and 118: way 1 1/16One might argue that this
Page 119 and 120:
absquatulate 612bedizen 36, 9211cry
Page 121 and 122:
What if the user typed multiple wor
Page 123 and 124:
Chapter 12S E A R C HRecall from th
Page 125 and 126:
long as it is much easier to remove
Page 127 and 128:
features that are helpful? What fea
Page 129 and 130:
made it in 1938)? Upon reflection,
Page 131 and 132:
environment, we identify users by t
Page 133 and 134:
those updates by no more than 1 min
Page 135 and 136:
Balancer and mod_backhand, a load b
Page 137 and 138:
translation had elapsed--the site w
Page 139 and 140:
It seems reasonable to expect that
Page 141 and 142:
11.1.5 Transport-Layer EncryptionWh
Page 143 and 144:
such as ticket bookings would colla
Page 145 and 146:
give their site a unique look and f
Page 147 and 148:
It isn't challenging to throw hardw
Page 149 and 150:
Chapter 11Scaling GracefullyLet's l
Page 151 and 152:
10.15 Beyond VoiceXML: Conversation
Page 153 and 154:
Consider that if you're authenticat
Page 155 and 156:
In this example, we:194• ask the
Page 157 and 158:
As in any XML document, every openi
Page 159 and 160:
(http://www.voicegenie.com). These
Page 161 and 162:
Chapter 10Voice (VoiceXML)questions
Page 163 and 164:
9.15 MoreStandards information:•
Page 165 and 166:
9.14 The FutureIn most countries th
Page 167 and 168:
9.10 Exercise 7: Build a Pulse Page
Page 169 and 170:
9.6 Keypad HyperlinksLet's look at
Page 171 and 172:
text/xml,application/xml,applicatio
Page 173 and 174:
Protocol (IP) routing, a standard H
show all

Software Engineering for Internet Applications - Student Community

Create successful ePaper yourself

Delete template?

Save as template?