l07: sql: advanced & practice - northeastern university255 announcements! • please pick up...

254

L07:SQL:Advanced&Practice

CS3200 Databasedesign(sp18 s2)1/11/2018

255

Announcements!

• Pleasepickupyournamecard- alwaysbringit- moveclosertothefront

• HW3 willbeagainSQL- individualsubmission,butdiscussioninteams

• Examonlaptopinclass- practiceexaminclassnextweekThursday

• Polls

• Outlinetoday:- HW1 together- outerjoins,nulls

260

More on WITH

261

Recall:Witnesses:withaggregatespergroup(8/8)

Product Price QuantityBagel 3 20Bagel 2 20Banana 1 50Banana 2 10Banana 4 10

SELECT product, sum(quantity) as salesFROM Purchase GROUP BY productHAVING sum(quantity) =

(SELECT max (Q)FROM (SELECT sum(quantity) Q

FROM Purchase GROUP BY product) X )

Product salesBanana 70

(SELECT sum(quantity) QFROM Purchase GROUP BY product) X

308Purchase

Second: How to get the product that is sold with max sales?

262

WITHclause 308

WITH X AS(SELECT product, SUM(quantity) salesFROM PurchaseGROUP BY product)





263

WITHclause 308


SELECT *FROM XWHERE





264

WITHclause 308


SELECT *FROM XWHERE sales =

(SELECT MAX (sales) FROM X)





265

WITHclause





308


Y AS(SELECT MAX (sales) maxsFROM X)

SELECT *FROM XWHERE sales = (SELECT maxs FROM Y))

266

Inner Joinsvs. Outer Joins

267

etext eid fid ftextOne 1 1 UnThree 3 3 TroisFour 4 4 QuatreFive 5 5 CinqSix 6 6 Siz

Illustrationfid fText1 Un3 Trois4 Quatre5 Cinq6 Siz7 Sept8 Huit

EnglisheText eidOne 1Two 2Three 3Four 4Five 5Six 6

French

SELECT *FROM English, FrenchWHERE eid = fid

361

SELECT *FROM English JOIN FrenchON eid = fid

Sameas:

An"innerjoin":

"JOIN"sameas

"INNERJOIN"

268

etext eid fid ftextOne 1 1 UnTwo 2 NULL NULLThree 3 3 TroisFour 4 4 QuatreFive 5 5 CinqSix 6 6 SizNULL NULL 7 SeptNULL NULL 8 Huit



French

SELECT *FROM English FULL JOIN FrenchON English.eid = French.fid

SQLitedoesnotsupport"FULLOUTERJOIN"sL (but"LEFTJOIN")

361

SELECT *FROM English JOIN FrenchON eid = fid

"FULLJOIN"sameas

"FULLOUTERJOIN"

269

2 7,81,3,4-6



French 361

Source:Fig.7-2,Hofferetal.,ModernDatabaseManagement,10eded,2011.

= FULL (OUTER) JOIN

= (INNER) JOIN

270

Source: http://www.codeproject.com/Articles/33052/Visual-Representation-of-SQL-Joins

Check this web page for illustrating examples

DetailedIllustrationwithExamples(followthelink)

271

Source: http://www.codeproject.com/Articles/33052/Visual-Representation-of-SQL-Joins

Let'spractice

SELECT <select_list>FROM A LEFT JOIN B ON A.key = B.keyWHERE B.key IS NULL

fid fText1 Un3 Trois4 Quatre5 Cinq6 Siz7 Sept8 Huit


French

361

SELECT *FROM English WHERE eid NOT IN

(SELECT fidFROM French)

SELECT eText, eidFROM EnglishLEFT JOIN French ON eid = fid WHERE fid IS NULL

272

Missingsales

SELECT Item.name, Purchase2.storeFROM Item JOIN Purchase2 ON

Item.name = Purchase2.iName

SELECT Item.name, Purchase2.storeFROM Item, Purchase2WHERE Item.name = Purchase2.iNameSameas:

An"innerjoin":

Name CategoryGizmo GadgetCamera PhotoOneClick Photo

ItemName StoreGizmo WizCamera RitzCamera Wiz

ResultiName Store MonthGizmo Wiz 8Camera Ritz 8Camera Wiz 9

Purchase2

Item(name,category)Purchase2(iName,store,month)

334

273

Missingsales

SELECT Item.name, Purchase2.storeFROM Item INNER JOIN Purchase2 ON


SELECT Item.name, Purchase2.storeFROM Item, Purchase2WHERE Item.name = Purchase2.iNameSameas:

ProductsthatneversoldwillbelostL

An"innerjoin":


ItemName StoreGizmo WizCamera RitzCamera Wiz

ResultiName Store MonthGizmo Wiz 8Camera Ritz 8Camera Wiz 9

Purchase2


334

"INNERJOIN"sameas"JOIN"

274

SELECT Item.name, Purchase2.storeFROM Item INNER JOIN Purchase2 ON


OuterJoins

Ifwewanttoincludethenever-soldproducts,thenweneedan"outerjoin":


ItemName StoreGizmo WizCamera RitzCamera WizOneClick NULL

Result

NowweincludethoseproductsJ


iName Store MonthGizmo Wiz 8Camera Ritz 8Camera Wiz 9

Purchase2

334

SELECT Item.name, Purchase2.storeFROM Item LEFT OUTER JOIN Purchase2 ON


"LEFTOUTERJOIN"sameas

"LEFTJOIN"

275

OuterJoins


Item.name = Purchase2.iNameWHERE month = 9

Samequestion,butnowonlyforthosesoldinmonth=9:


ItemName StoreCamera Wiz

Result

Theproductsdisappeared*despite*outerjoinL



Purchase2

334

Explanation:thefilter("month=9")appliesoftheresultoftheouterjoin.AnytuplethathasNULLasmonth,doesnotpassthefilter

276


Item.name = Purchase2.iNameWHERE month = 9

OuterJoins


(Item.name = Purchase2.iNameAND month = 9)


ItemName StoreCamera WizGizmo NULLOneClick NULL

Result

NowtheyarebackagainJ



Purchase2

334

parenthesisnotrequired,andjustforillustration

Samequestion,butnowonlyforthosesoldinmonth=9:

Explanation:nowthefilter("month=9")appliestotherightsideoftheleftjoin*before*joining.NULLsareappendedonlyafterfilter,duringjoin

277

EmptyGroupProblem

What’s wrong?

SELECT name, count(*)FROM Item, Purchase2WHERE name = iName

and month = 9GROUP BY name


334

Compute,foreachproduct,thetotalnumberofsalesinSept(=month9)

278

SELECT name, count(store)FROM Item LEFT JOIN Purchase2 ON

name = iNameand month = 9

GROUP BY name

EmptyGroupProblem

Now we also get the products with 0 sales

Weneedtouseanattributefrom"Purchase2"togetthecorrect0count.Try"name"from"Item".



334

279

SELECT x.name, count(y.store)FROM Item x LEFT OUTER JOIN Purchase2 y ON

x.name = y.iNameand y.month = 9

GROUP BY x.name

EmptyGroupProblem

Now we also get the products with 0 sales

Weneedtouseanattributefrom"Purchase2"togetthecorrect0count.Try"name"from"Item".



334

280

OuterJoins:summary

• Left(outer)join:- Includethelefttupleevenifthere’snomatch

• Right(outer)join:- Includetherighttupleevenifthere’snomatch

• Full(outer)join:- Includebothleftandrighttuplesevenifthere’snomatch

• (inner)join:- Includeonlythematches

281

ProcessingMultipleTables–Joins

• Join:arelationaloperationthatcausestwoormoretableswithacommondomaintobecombinedintoasingletableorview

• Equi-join:ajoininwhichthejoiningconditionisbasedonequalitybetweenvaluesinthecommoncolumns;commoncolumnsappearredundantlyintheresulttable

• ATheta-join allowsforarbitrarycomparisonrelationships(e.g.,≥).Anequijoinisathetajoinusingtheequalityoperator.

• Naturaljoin:anequi-joininwhichoneoftheduplicatecolumnsiseliminatedintheresulttable

Thecommoncolumnsinjoinedtablesareusuallytheprimarykeyofthedominanttableandtheforeignkeyofthedependenttablein1:M relationships

282

ProcessingMultipleTables–Joins

• LeftOuterjoin:ajoininwhichrowsfromthelefttablethatdonothavematchingvaluesincommoncolumnsarenonethelessincludedintheresulttable(asopposedtoinnerjoin,inwhichrowsmusthavematchingvaluesinordertoappearintheresulttable)

• Unionjoin("Fullouterjoin"):includesallcolumnsfromeachtableinthejoin,andaninstanceforeachrowofeachtable

283

More Practice

284

SELECT movie.nameFROM movie, casts, actor WHERE casts.aid = actor.id AND movie.id = casts.mid AND actor.id NOT IN

(SELECT a2.idFROM actor a2 WHERE a2.gender = 'm')

id name gender1 Alice f2 Bob m

1.Whatdoesthisqueryreturn?Actor

aid mid role1 1 role 12 1 role 22 1 role 3

Castsid name1 Kill Bill2 Kill Bill

Movie

?

285

SELECT movie.nameFROM movie, casts, actor WHERE casts.aid = actor.id AND movie.id = casts.mid AND actor.id NOT IN

(SELECT a2.idFROM actor a2 WHERE a2.gender = 'm')

id name gender1 Alice f2 Bob m

1.Whatdoesthisqueryreturn?Actor



Movie

nameKill Bill

286

id name gender1 Alice f2 Bob m2 Bob m

1.The"UniversalRelation"Select *


id name1 Kill Bill1 Kill Bill1 Kill Bill

id2

SELECT *FROM movie, casts, actor WHERE casts.aid = actor.id AND movie.id = casts.mid

Moreinformationaboutthe"universalrelation":https://en.wikipedia.org/wiki/Universal_relation_assumption

SELECT a2.idFROM actor a2 WHERE a2.gender = 'm'

287

SELECT m.name FROMWHEREGROUP BY

2.Howtogetthenumberofcastsforeachmovie?

id name gender1 Alice f2 Bob m3 Charly m

Actoraid mid role1 1 role 12 1 role 22 1 role 33 2 role 4


Movie

?

288

SELECT m.name, count(c.aid)FROM movie m, casts cWHERE m.id = c.midGROUP BY m.name

2.Howtogetthenumberofcastsforeachmovie?Actor

aid mid role1 1 role 12 1 role 22 1 role 33 2 role 4


Movie

name (no name)Kill Bill 4


289

SELECT m.name, count(c.aid)FROM movie m, casts cWHERE m.id = c.midGROUP BY m.id




Movie

?


290





Movie

Erroronsomedatabases!(E.g.MicrosoftSQLserver)

?


291




Movie

name (no name)Kill Bill 3Kill Bill 1

?



292

SELECT m.name, count(c.aid)FROM movie m, casts cWHERE m.id = c.midGROUP BY m.id, m.name



Casts Movieid name1 Kill Bill2 Kill Bill



293

SELECT m.name, count(distinct c.aid)FROM movie m, casts cWHERE m.id = c.midGROUP BY m.id, m.name




Movie



294

SELECT m.name, count(distinct c.aid)FROM movie m, casts cWHERE m.id = c.mid

GROUP BY m.id, m.name

3.Howtogetthenumberofcastsfor'%Bill%'?Actor



Movie

?


295

SELECT m.name, count(distinct c.aid)FROM movie m, casts cWHERE m.id = c.mid

AND m.name like '%Bill%'GROUP BY m.id, m.name

3.Howtogetthenumberofcastsfor'%Bill%'?Actor



Movieid name gender1 Alice f2 Bob m3 Charly m

296

4.Howtogetthenumberofcastsforeachactor?Actor



Movie

name (no name)Alice 1Bob 2Charly 1?

SELECTFROMWHEREGROUP BY


297

SELECT a.name, count(*)FROM actor a, casts cWHERE a.id = c.aidGROUP BY a.id, a.name




Movie

name (no name)Alice 1Bob 2Charly 1


298

SELECT a.name, count(distinct c.aid)FROM actor a, casts cWHERE a.id = c.aidGROUP BY a.id, a.name




Movie

?


299

SELECT a.name, count(distinct c.aid)FROM actor a, casts cWHERE a.id = c.aidGROUP BY a.id, a.name




Movie



Willalwaysshow1(sincethereisonlyonedistinctaidpergroupgroupedbyaid*bydef.*)

300

4.Howtogetthenumberofmoviesforeachactor?Actor



Movie

name (no name)Alice 1Bob 1Charly 1?

SELECTFROMWHEREGROUP BY


301

SELECT a.name, count(distinct c.mid)FROM actor a, casts cWHERE a.id = c.aidGROUP BY a.id, a.name

4.Howtogetthenumberofmoviesforeachactor?Actor



Movie



302

4.Howtogetthenumberofcastsforeachmaleactor?Actor



Movie

name (no name)Bob 2Charly 1

SELECTFROMWHERE

ANDGROUP BY

?


303

SELECT a.name, count(distinct a.id)FROM actor a, casts cWHERE a.id = c.aid

AND a.gender = 'm'GROUP BY a.id, a.name

4.Howtogetthenumberofcastsforeachmaleactor?Actor



Movie

name (no name)Bob 2Charly 1


304

5.Howtogetmaleactorswithnumberofcasts>1Actor



Movie

name (no name)Bob 2

SELECTFROMWHERE

ANDGROUP BY

?


305

SELECT a.name, count(*)FROM actor a, casts cWHERE a.id = c.aid

AND a.gender = 'm'GROUP BY a.id, a.nameHAVING count(*) > 1

5.Howtogetmaleactorswithnumberofcasts>1Actor



Movie

name (no name)Bob 2


306

SQLinjection

307

SimpleSQLQuery

PName Price Category ManufacturerGizmo $19.99 Gadgets GizmoWorksPowergizmo $29.99 Gadgets GizmoWorksSingleTouch $149.99 Photography CanonMultiTouch $203.99 Household Hitachi

Product

PNameGizmoPowergizmo

SELECT PNameFROM ProductWHERE category='Gadgets'

308

ParameterizedSQLQuery

PName Price Category ManufacturerGizmo $19.99 Gadgets GizmoWorksPowergizmo $29.99 Gadgets GizmoWorksSingleTouch $149.99 Photography CanonMultiTouch $203.99 Household Hitachi

DECLARE @num VARCHAR(50)SET @num = 'Gadgets'

SELECT PNameFROM ProductWHERE category=@num

Product

PNameGizmoPowergizmo

VariesbetweenDBMSs.ThefollowingisthesemanticsforSQLserver.Youdonotneedtoknowthatforexams

309

Whathappenedhere?

Source:http://xkcd.com/327/,http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain

310

It'scalledSQLinjection:Version1


311

It'scalledSQLinjection:Version2


312

SQLinjection

Source:http://en.wikipedia.org/wiki/SQL_injection

313

TJXCreditCardNumbersTheft

• In2006,a$17.5billionFortune500firm• Unauthorizedintrusionresultinginlostofcredit/debitcardinformation- FromMay2006toJanuary2007?- FromJuly2005toDecember2006?

• TJX’soveralllosses:$1.35billion– $4.5billion

l07: sql: advanced & practice - northeastern university255 announcements! • please pick up...

Documents