skiphp -- database basics for php
TRANSCRIPT
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.1
Insert Picture Here
Database Basicsfor PHP ProgrammersDave StokesMySQL Community Manager
[email protected]@stokerSlideshare.net/davidmstokes
Insert Picture Here
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.2
Safe Harbor
The following is intended to outline our general product direction. It
is intended for information purposes only, and may not be
incorporated into any contract. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in
making purchasing decision. The development, release, and timing
of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.3
MySQL
Most popular database on the web Ubiquitous 16+ million instances Feeds 80% of Hadoop installs 20 Years Old
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.4
PHP
Most popular language on the web Ubiquitous Millions instances 20 Years Old
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.5
But what have you
done for us lately??
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.6
http://www.thecompletelistoffeatures.com/
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.7
PHP 7 http://php.net/manual/en/migration70.new-features.php
● Scalar type declarations
● Return type declarations
● Null coalesce operator
● Spaceship operator
● And many more
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.8
Relational Data
● Based on relational calculus, set theory
● Been heavily used for decades
● Many vendors
● Goal: Store data efficiently
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.9
PHP SQL● 80%+ of website
● Rich, vibrant, & supportive community
● Object Orientated/Procedural
● Still main data store
● 'Standards' based
● Declarative
➔ OO/Procedural & Declarative Languages do not mix easily
➔Impedance mismatch
➔Www.cd.utexas.edu~/Drafts/2005/PLDBProblem.pdf
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.10
Don't Panic!Don't Panic!
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.11
Mechanical Basics
● Application makes connection to database
● User is authenticated
– Query sent to myqld server● Permissions checked● Query syntax checked● Query plan produced/executed● Results returned to application
● Connection torn down
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.12
Mechanical Basics
Application mysqld
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.13
Example<?php$db = new mysqli('host', 'user', 'password', 'demo');
if($db->connect_errno > 0){ die('Unable to connect to database [' . $db->connect_error . ']');}
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.14
Example continues// Performing SQL query$my_query=
”SELECT name, show_size FROM `users` WHERE `active` = 1”;
$if(!$result = $db->query($my_query)){ die('There was an error running the query [' . $db->error . ']');}
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.15
Examples continued// Free result set$result→free;
// Closing connection$db→close();?>
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.16
PHP Syntax● The Syntax for PHP working with MySQL is very well documented.
● Stackoverflow and Quora do not count as documentation!!
● Two APIs – both procedural or OO
– (Do not use old mysql API)● PDO – General database neutral
● Mysqli – MySQL Specific
● Millions of lines of examples
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.17
So if it is so simple ...
Why are there so many application with bad queries?!?!?
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.18
Problem 1 – SQL Itself
● SQL - Structured Query Language
● Is not taught widely
● Is a descriptive language (NOT procedural or object orientated)
– Describe what you WANT not how to make it● Built on set theory (Also not taught widely)
● You can not tell a bad query from a good one just by looking!!!!!
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.19
Problem 2 – Coders!!!
● Thinking of data as an object or a single line
● Not letting the database do the heavy work
● Lack of normalizing or architecting data
● De normalize at your own risk
● Schemaless at your own risk
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.20
Quick SQL● Descriptive language
● Data Description Language
– Schema design, describes data● INT, CHAR, BLOB, etc.● Default vales, character sets, etc.
● Data Manipulation Language
– Use data● SELECT, UPDATE, INSERT, DELETE
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.21
Example QuerySELECT ID, Name, Population
FROM City
WHERE Population > 1000000
ORDER BY Name
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.22
Example QuerySELECT ID, Name, Population
FROM City
WHERE Population > 1000000
ORDER BY Name
Data Desired
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.23
Example QuerySELECT ID, Name, Population
FROM City
WHERE Population > 1000000
ORDER BY Name
Table where data is stored
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.24
Example QuerySELECT ID, Name, Population
FROM City
WHERE Population > 1000000
ORDER BY Name
Qualifiers
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.25
JOINs or connecting two tables
SELECT City.Name, Country.name, City.Population
FROM City
JOIN Country ON (Country.code=City.CountryCode)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.26
JOINs or connecting two tables
SELECT City.Name, Country.name, City.Population
FROM City
JOIN Country ON (Country.code=City.CountryCode)
First or LEFT table
Key or Index common to both tables
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.27
Please Google SQL Venn Diagram and print one out please!!!
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.28
But is this a good query???????
● Is the following a good query?
SELECT City.Name, Country.name, City.PopulationFROM CityJOIN Country ON (Country.code=City.CountryCode)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.29
But is this a good query???????
● Is the following a good query?
SELECT City.Name, Country.name, City.PopulationFROM CityJOIN Country ON (Country.code=City.CountryCode)
Can Not Tell from the AVAILABLE INFORMATION!!!!
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.30
A More Realistic QuerySELECT CONCAT(customer.last_name, ', ', customer.first_name) AS customer, address.phone, film.title FROM rental INNER JOIN cust INNER JOIN address ON customer.address_id = address.address_id INNER JOIN inventory ON rental.inventory_id = inventory.inventory_id INNER JOIN film ON inventory.film_id = film.film_id WHERE rental.return_date IS NULL AND rental_date + INTERVAL film.rental_duration DAY < CURRENT_DATE() LIMIT 5;
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.31
Getting to Good
● Do you have right column names, right table names?
● Are the keys correct?
● Units correct? Was that prior Population in ones, millions?
● Can use use indexes to speed query?
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.32
What Does the Server Do With a Query?
● Does user have permissions to talk to server?
● Is query syntax correct?
● Does user have permissions for requested data?
● What is the most efficient way to get that data? (Query Plan)
● Execute
● Return data
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.33
Remember this?SELECT City.Name, Country.name, City.Population
FROM City
JOIN Country ON (Country.code=City.CountryCode)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.34
It generates a 63 line Optimizer Trace{ "query_block": { "select_id": 1, "cost_info": { "query_cost": "5132.14" }, "nested_loop": [ { "table": { "table_name": "Country", "access_type": "ALL", "possible_keys": [ "PRIMARY" ], "rows_examined_per_scan": 239, "rows_produced_per_join": 239, "filtered": "100.00", "cost_info": { "read_cost": "6.00", "eval_cost": "47.80", "prefix_cost": "53.80", "data_read_per_join": "61K" }, "used_columns": [ "Code", "Name" ] } }, { "table": { "table_name": "City", "access_type": "ref", "possible_keys": [ "CountryCode" ],
key": "CountryCode", "used_key_parts": [ "CountryCode" ], "key_length": "3", "ref": [ "world.Country.Code" ], "rows_examined_per_scan": 17, "rows_produced_per_join": 4231, "filtered": "100.00", "cost_info": { "read_cost": "4231.95", "eval_cost": "846.39", "prefix_cost": "5132.14", "data_read_per_join": "727K" }, "used_columns": [ "Name", "CountryCode", "Population" ] } } ] }}
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.35
EXPLAIN
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.36
Visual Explain
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.37
More Complex Query
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.38
Each Column In a SQL Statement ...
● Adds an additional factorial to the complexity of the query plan
● So a SELECT with five columns has 120 combinations
● 5! = 5 x 4 x 3 x 2 x 1 = 120
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.39
Iteration versus Sets#include <iostream>#include <math.h>using namespace standard;int main() { for (int i=0;i<=5;i++) {
for (int j=-;j<=i;j++) { cout<< “ “<<j<<” “; }cout<< “\n\n\n”;
return 0;}
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.40
N+1 Problem● N+1 Example
● You want a list of co-workers who live near you and have a car.
● SELECT EMPLOYEES
– Find those near you● Then SELECT w/CAR
● Set Example
● Select employee near you and have car
● One dive into data versus three!
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.41
Dump truck versus Pickup Truck Problem
● Database should do heavy lifting
● Sort
● Statistical functions
● Your application should be a scalpel not a machete
● - Select ONLY the columns you need not all columns
● No SELECT *
● Think Data not Line
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.42
Heavy Liftingfor (Employee e in db.employees() )
if (e.department = “sales”)e.salary = e.salary * 1.2
UPDATE EmployeesSET salary = salary * 1.2FROM Employees e INNER JOIN Department d ON (d.ID = e.Department)WHERE d.name = 'sales'
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.43
Heavy Liftingfor (Employee e in db.employees() )
if (e.department = “sales”)e.salary = e.salary * 1.2
START TRANSACTION;UPDATE EmployeesSET salary = salary * 1.2FROM Employees e INNER JOIN Department d ON (d.ID = e.Department)WHERE d.name = 'sales'COMMIT;
Which do you thinks un-rolls easier???
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.44
Data Architecture● Normalize your data
● General rule of thumb – demoralization will get cost later
– Time, $, sanity
● Use good naming conventions CONSISTENTLY
● Use smallest practical data type
● You will not have 18 trillion customers so do not make customer_id a BIGINT
● Worst case data moves off disk, into memory, onto net, cross net, off net, into memory
– Pack efficiently
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.45
Indexes● Index columns
● Found on right side of WHERE clause
● InnoDB will assign an index if you do not chose one
– And it may not choose the one your would really want!!● Compound Index for common combinations
– Year-Month-Day works for searches on YMD, YM and Y● But not D or MD
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.46
Books You Need NOW!!!Effective MySQL: OptimizingSQL StatementRonald Bradford
SQL AntipatternsBill Karwin
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.47
Heck with all this ..● I will just use an ORM!!!
● Extra layer of complexity & overhead
● Need to make sure it is explicitly prefetching data
– N + 1 issues● Often easier to just code good SQL
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.48
Code Example<?php$servername = "localhost";$username = "username";$password = "password";
// Create connection$conn = new mysqli($servername, $username, $password);
// Check connectionif ($conn->connect_error) { die("Connection failed: " . $conn->connect_error);} echo "Connected successfully";?>
Copyright © 2016, Oracle and/or its affiliates. All rights reserved.49
Code Example<?php$servername = "localhost";$username = "username";$password = "secret";
// Create connection$conn = new mysqli($servername, $username, $password);
// Check connectionif ($conn->connect_error) { die("Connection failed: " . $conn->connect_error);} echo "Connected successfully";?>
Possible Security Issue
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.50
Code Example<?php$servername = "localhost";$username = "username";$password = "password";
// Create connection$conn = new mysqli($servername, $username, $password);
// Check connectionif ($conn->connect_error) { die("Connection failed: " . $conn->connect_error);} echo "Connected successfully";?>
Who needsTo see this error.Could end user EXPLOIT?!?!
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.51
Example in PDO<?php$servername = "localhost";$username = "username";$password = "secret";
try { $conn = new PDO("mysql:host=$servername;dbname=mycorp", $username, $password); // set the PDO error mode to exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); echo "Connected successfully"; }catch(PDOException $e) { echo "Connection failed: " . $e->getMessage(); }?>
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.52
<?php$servername = "localhost";$username = "username";$password = "secret";$dbname = "mydata";
// Create connection$conn = new mysqli($servername, $username, $password, $dbname);// Check connectionif ($conn->connect_error) { die("Connection failed: " . $conn->connect_error);}
$sql = "INSERT INTO customers (firstname, lastname, email)VALUES ('John', 'Doe', '[email protected]')";
if ($conn->query($sql) === TRUE) { echo "New record created successfully";} else { echo "Error: " . $sql . "<br>" . $conn->error;}
$conn->close();?>
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.53
Prepared Statements<?php$servername = "localhost";$username = "username";$password = "secret";$dbname = "mydata";
// Create connection$conn = new mysqli($servername, $username, $password, $dbname);
// Check connectionif ($conn->connect_error) { die("Connection failed: " . $conn->connect_error);}
// prepare and bind$stmt = $conn->prepare("INSERT INTO customers (firstname, lastname, email) VALUES (?, ?, ?)");$stmt->bind_param("sss", $firstname, $lastname, $email);
// set parameters and execute$firstname = "John";$lastname = "Doe";$email = "[email protected]";$stmt->execute();
$firstname = "Mary";$lastname = "Moe";$email = "[email protected]";$stmt->execute();
$firstname = "Julie";$lastname = "Dooley";$email = "[email protected]";$stmt->execute();
echo "New records created successfully";
$stmt->close();$conn->close();?>
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.54
Why Prepared Statements?● Efficiency
● Less parsing overhead
● Avoiding SQL Injection Attacks
– ALWAYS scrub user inputted data! Always!!!!Always!!!!
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.55
Example<?php...
$sql = "SELECT id, firstname, lastname FROM customers";$result = $conn->query($sql);
if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["lastname"]. "<br>"; }} else { echo "0 results";}$conn->close();?>
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.56
Q/AQ/A● Slides at slideshare.net/davidmstokes
● @Stoker
● Opensourcedba.wordpress.com