introduction to sqlite in adobe air
DESCRIPTION
updated presentation on using local SQLite database support in Adobe AIR 1.5 for Flash at the Lake in Zurich - Switzerland (June 26th 2009)TRANSCRIPT
Introduction to SQLitein Adobe AIRPeter Elst - Flash Platform Consultant
■ Embedded SQL Database Engine
■ Implements most of SQL92
■ Light-weight, cross-platform, open source
■ No setup, configuration or server required
■ Each database is contained within a single file
Why SQLite in Adobe AIR?
1. Create a File reference
2. Create an instance of flash.data.SQLConnection and flash.data.SQLStatement
3. Open the database connection
4. Specify the connection and SQL query to run
5. Run SQLStatement.execute()
How do you use it?
import flash.filesystem.File;import flash.data.*;
var dbFile:File = File.applicationStorageDirectory.resolvePath("contacts.db");
var sqlConn:SQLConnection = new SQLConnection();var sqlStatement:SQLStatement = new SQLStatement();
sqlConn.open(dbFile);
sqlStatement.sqlConnection = sqlConn;sqlStatement.text = "SELECT * FROM contacts";sqlStatement.execute();
var result:Array = sqlStatement.getResult().data;
How do you use it?
Synchronous versus Asynchronous
■ Synchronous - blocks application until result is available
var sqlConn:SQLConnection = new SQLConnection();sqlConn.open(dbFile);
var result:SQLResult = sqlConn.getResult().result;
■ Asynchronous - uses events and event listeners
var sqlConn:SQLConnection = new SQLConnection();
sqlConn.addEventListener(SQLResultEvent.RESULT, onSQLResult);sqlConn.addEventListener(SQLResultEvent.ERROR, onSQLError);
sqlConn.openAsync(dbFile);
■ Connects to the database file
■ Provides events for asynchronous use
■ Schema access
flash.data.SQLConnection
■ Executes a SQL query on the specified database connection
■ Provides events for asynchronous use
■ Supports result paging
flash.data.SQLStatement
■ SQLMode.CREATE (default)
■ open connection and create database if it doesn’t exist
■ SQLMode.READ
■ open connection as read only
■ SQLMode.UPDATE
■ open connection, don’t create database if it doesn’t exist
flash.data.SQLMode
■ NULL - NULL value (null)
■ INTEGER - signed integer (int)
■ REAL - floating point (Number)
■ TEXT - UTF16 text string (String)
■ BLOB - blob of data (ByteArray)
Storage types
■ String - String value (equivalent to TEXT)
■ Number - floating point number (equivalent to REAL)
■ Boolean - Boolean class
■ Date - Date class
■ XML - XML class
■ XMLList - XMLList class
■ Object - Object class
AIR specific column affinities
■ The parameters feature protects your SQL statements from SQL injection
var sqlStatement:SQLStatement = new SQLStatement();sqlStatement.sqlConnection = sqlConn;sqlStatement.text = "SELECT * FROM contacts WHERE id = @ID";sqlStatement.parameters["@ID"] = someVariable;sqlStatement.execute();
■ You can use the @ or : symbol to denote a parameter to be replaced, works both string based as index based
sqlStatement.parameters[0] = someVariable;
SQLStatement Parameters
■ Paging allows you to limit the amount of rows you get returned when doing a select operation
var sqlStatement:SQLStatement = new SQLStatement();sqlStatement.sqlConnection = sqlConn;sqlStatement.text = "SELECT * FROM contacts";sqlStatement.execute(10);
■ You can get the next batch of rows returned by calling the next method on the SQLStatement instance
sqlStatement.next();
Result Paging
■ SQLResult.data - array of objects for each row of the result
■ SQLResult.complete - returns a boolean indicating whether or not the full result was shown
■ SQLResult.lastInsertRowID - return id for the last row that was inserted
■ SQLResult.rowsAffected - number of rows affected by an insert, update or delete operation
flash.data.SQLResult
■ Transactions allow multiple SQL statements to run within one write operation to the database
■ Much more optimized way of handling large insert operations, allows rollback of the complete transaction if an error occurs
var sqlStatement:SQLStatement = new SQLStatement();sqlStatement.sqlConnection = sqlConn;sqlStatement.text = "INSERT into contacts VALUES (@NAME, @EMAIL)";
sqlConn.begin();for(var i:uint=0; i<contacts.length; i++) { sqlStatement.parameters["@NAME"] = contacts[i].name; sqlStatement.parameters["@EMAIL"] = contacts[i].email; sqlStatement.execute();}sqlConn.commit();
Transactions
■ Allows you to introspect tables, views, columns, indices, triggers
var sqlConn:SQLConnection = new SQLConnection();sqlConn.open(dbFile);
sqlConn.loadSchema();var result:SQLSchemaResult = sqlConn.getSchemaResult();
var table:SQLTableSchema = result.tables[0];var column:SQLColumnSchema = table.columns[0];
trace(column.name);// returns name of the first column in the first table
Database Schema
Schema demo
■ New feature in AIR 1.5
■ Password protect database files
var encryptionKey:ByteArray = new ByteArray(); encryptionKey.writeUTFBytes("notverysecretpassword");
var sqlConn:SQLConnection = new SQLConnection(); sqlConn.open(dbFile,SQLMode.READ,null,false,1024,encryptionKey);
Database encryption
■ Do not embed passwords in your application!
■ com.adobe.air.crypto.EncryptionKeyGenerator
■ Secure solution: creates random salt and stores in the EncryptedLocalStore (linked to user and machine)
■ Prevents dictionary attack
■ com.dehats.air.sqlite.SimpleEncryptionKeyGenerator
■ Less secure but allows access by other users and other applications, doesn’t generate a random salt value.
http://bit.ly/SimpleEncryptionKeyGenerator
Encryption best practices
■ Synchronize database between server and client(s)
■ Some different strategies
■ overwrite (server overwrites client)
■ check what to synchronize
■ timestamp field
■ field by field comparison
■ dirty flag
■ LiveCycle Data Services has built-in SQLite synchronization support including offline caching and conflict management.
Database synchronization
SQLite Tools
Mac OSX Terminal
Lita - SQLite database administration
DAO-Ext - value object generator
■ Data Access Objects - abstract interface to a database
■ implements common features (select, update, delete, ...)
■ Uses value objects (VO)
What is DAO?
■ Data Access Objects - abstract interface to a database
■ implements common features (select, update, delete, ...)
■ Uses value objects (VO)
■ Value Objects (also known as Data Transfer Objects)
■ don’t implement any behavior
■ encapsulates properties through getter/setter methods
■ represent an entry in a database table
What is DAO?
public class contactsVO {
private var _name:String;
public function get name():String {
return _name;
}
public function set name(value:String):void {
_name = value;
}
...
}
Example VO
public class contactsDAO {
public function insertRow(rowItem:contactsVO):void {
...
}
public function updateRow(rowItem:contactsVO):void {
...
}
public function deleteRow(rowItem:contactsVO):void { ... }
}
Example DAO
DAO demo
■ Simple way to use SQLite features in your application
■ ActionScript 3.0 classes, primarily for use as tags in MXML
<sql:SQLite id="myDB" file="contacts.db" open="myQuery.execute()" />
<sql:Query id="myQuery" connection="{myDB.connection}" sql="SELECT * FROM contacts" />
<mx:DataGrid id="myDataGrid" dataProvider="{myQuery.data}" /><mx:Button label="Refresh data" click="myQuery.execute()" />
SQLite wrapper classes
■ Properties
■ file - name of database file
■ connection - returns SQLConnection instance
■ Methods
■ open - create database connection
■ close - close database connection
■ Events
■ open - database connection is opened
■ close - database connection is closed
■ error - error connecting to database
SQLite wrapper - SQLite class
■ Properties
■ connection - reference to SQLConnection
■ sql - String value of SQL statement
■ parameters - parameters for SQL statement
■ data - result returned from query
■ Methods
■ execute - run query on database
■ Events
■ result - result received from query
■ error - error executing query
SQLite wrapper - Query class
SQLite wrapper demo
■ Lita - SQLite Administration Tool by David Deraedtwww.dehats.com/drupal/?q=node/58
■ DAO-Ext by Comtastecode.google.com/p/dao-ext/
■ Adobe AIR Developer Centerwww.adobe.com/devnet/air/
■ Adobe AIR Marketplacewww.adobe.com/go/airmarketplace
Resources
Any questions or feedback - feel free to get in touch!
Thanks for your time
Enjoy the rest of the conference!
blog www.peterelst.com
email [email protected]
twitter @peterelst