Views, triggers and stored procedures

Python operates MySQL

The origin of SQL:

MySQL itself is a C/S architecture, with a server and a client. It comes with a client: mysql.exe
The python language has become the client of MySQL (for a server, there can be many clients)

Steps:

1. Connect to MySQL first
host, port, username, password, charset, library, etc.

2. Write SQL statements in Python

3. Start executing the SQL statement and get the result

4. Processing in Python (further processing of data)

# Need to use a third-party module: pymysql mysqldb mysqlclient
pip install pymysql
importpymysql

# 1. Connect to MySQL first
conn=pymysql.connect(
    host='127.0.0.1',
    port=3306,
    user='root',
    password='1234',
    db='db10',
    charset='utf8',
    autocommit=True
)

# 2. Get the cursor
cur=conn.cursor(cursor=pymysql.cursors.DictCursor)

# 3. Write SQL statements
# sql='select * from student'
sql='insert into teacher(tid, tname) values (7, "ly1")'

# 4. Start executing the SQL statement
affect_rows=cur.execute(sql) # 16 is the number of affected rows

### Need to perform a second confirmation: In addition to the query, a second confirmation is required to submit.
# conn.commit()
print(affect_rows)

# 5. Want to get the results:
# res=cur.fetchone()
res=cur.fetchall()
# res=cur.fetchmany(5)
# {'sid': 1, 'gender': 'male', 'class_id': 1, 'sname': 'understanding'}
print(res) # (1, 'male', 1, 'understanding') Tuple type

# for i in res:
# print(i.get("sid"))

SQL injection problem

import pymysql


# Connect to MySQL server
conn = pymysql.connect(
    host='127.0.0.1',
    port=3306,
    user='root',
    password='123',
    database='db8_3',
    charset='utf8',
    autocommit=True # Automatic secondary confirmation for additions, modifications and deletions
)
# Generate a cursor object
cursor = conn.cursor(cursor=pymysql.cursors.DictCursor)
#Write SQL statements
username = input('username>>>:').strip()
password = input('password>>>:').strip()
# sql = "select * from userinfo where name='%s' and pwd='%s'" % (name,pwd)
sql = "select * from userinfo where name=%s and pwd=%s"
cursor.execute(sql,(username,password))
data = cursor.fetchall()
if data:
    print(data)
    print('Login successful')
else:
    print('Username or password is incorrect')

Causes of SQL injection:

Because the combination of special symbols will produce special effects

In real life, especially when registering a username, you will be very clearly reminded that many special symbols cannot be used.
The reason is the same

Conclusion: When it comes to designing sensitive data, don’t splice it yourself. Just leave it to ready-made methods.

When using code to perform data operations, the levels of different operations are different.

Doesn’t matter to Cha
Additions, modifications, and deletions require a second confirmation.

conn.commit()

View

A view is a virtual table (not a real one). Its essence is to [acquire a dynamic data set based on SQL statements and name it]. When using it, users only need to use [name] to obtain the result set. The result set can be Use it as a table.

Using views, we can extract the temporary table during the query process and use views to implement it. In this way, when we want to operate the data of the temporary table in the future, we do not need to rewrite complex SQL. We can directly search in the view, but the view has There is an obvious efficiency problem, and the view is stored in the database. If the SQL used in our program relies too much on the view in the database, that is, strong coupling, it means that it is extremely inconvenient to extend SQL, so it is not recommended.

Temporary table application examples

# Two related tables
mysql> select * from course;
 + ----- + -------- + ------------ +
| cid | cname | teacher_id |
 + ----- + -------- + ------------ +
| 1 | Bio | 1 |
| 2 | Physics | 2 |
| 3 | Sports | 3 |
| 4 | Fine Arts | 2 |
 + ----- + -------- + ------------ +
4 rows in set (0.00 sec)

mysql> select * from teacher;
 + ----- + ----------------- +
| tid | tname |
 + ----- + ----------------- +
| 1 | Teacher Zhang Lei |
| 2 | Teacher Li Ping |
| 3 | Teacher Liu Haiyan |
| 4 | Teacher Zhu Yunhai |
| 5 | Teacher Li Jie |
 + ----- + ----------------- +
5 rows in set (0.00 sec)

# Query the course name taught by Mr. Li Ping
mysql> select cname from course where teacher_id = (select tid from teacher where tname='Teacher Li Ping');
 +--------+
| cname |
 +--------+
| Physics |
| Fine Art |
 +--------+
2 rows in set (0.00 sec)

# Subquery out the temporary table as the basis for judgment such as teacher_id
select tid from teacher where tname='Teacher Li Ping'

1. Create a view

# Syntax: CREATE VIEW view name AS SQL statement
create view teacher_view as select tid from teacher where tname='Teacher Li Ping';

# So the sql for querying the course name taught by Li Ping can be rewritten as
mysql> select cname from course where teacher_id = (select tid from teacher_view);
 +--------+
| cname |
 +--------+
| Physics |
| Fine Art |
 +--------+
2 rows in set (0.00 sec)

#! ! ! Note note note:
#1. After using the view, there is no need to rewrite the sql of the subquery every time, but this is not very efficient and is not as efficient as writing subqueries.

#2. And there is a fatal problem: the view is stored in the database. If the SQL in our program relies too much on the view stored in the database, it means that once the SQL needs to be modified and involves the view, it must Go to the database to make modifications, and usually there is a dedicated DBA responsible for the database in the company. If you want to complete the modification, you must pay a lot of communication costs before the DBA can help you complete the modification, which is extremely inconvenient

2. Use views

#Modify the view, and the original table will also be modified.
mysql> select * from course;
 + ----- + -------- + ------------ +
| cid | cname | teacher_id |
 + ----- + -------- + ------------ +
| 1 | Bio | 1 |
| 2 | Physics | 2 |
| 3 | Sports | 3 |
| 4 | Fine Arts | 2 |
 + ----- + -------- + ------------ +
4 rows in set (0.00 sec)

mysql> create view course_view as select * from course; #Create a view of the table course
Query OK, 0 rows affected (0.52 sec)

mysql> select * from course_view;
 + ----- + -------- + ------------ +
| cid | cname | teacher_id |
 + ----- + -------- + ------------ +
| 1 | Bio | 1 |
| 2 | Physics | 2 |
| 3 | Sports | 3 |
| 4 | Fine Arts | 2 |
 + ----- + -------- + ------------ +
4 rows in set (0.00 sec)

mysql> update course_view set cname='xxx'; #Update the data in the view
Query OK, 4 rows affected (0.04 sec)
Rows matched: 4 Changed: 4 Warnings: 0

mysql> insert into course_view values(5,'yyy',2); #Insert data into the view
Query OK, 1 row affected (0.03 sec)

mysql> select * from course; #It is found that the records of the original table have also been modified.
 + ----- + ------- + ------------ +
| cid | cname | teacher_id |
 + ----- + ------- + ------------ +
| 1 | xxx | 1 |
| 2 | xxx | 2 |
| 3 | xxx | 3 |
| 4 | xxx | 2 |
| 5 | yyy | 2 |
 + ----- + ------- + ------------ +
5 rows in set (0.00 sec)

We should not modify the records in the view, and it is impossible to modify the records in the view when multiple tables are involved, as shown below

3. Modify the view

Syntax: ALTER VIEW view name AS SQL statement
mysql> alter view teacher_view as select * from course where cid>3;
Query OK, 0 rows affected (0.04 sec)

mysql> select * from teacher_view;
 + ----- + ------- + ------------ +
| cid | cname | teacher_id |
 + ----- + ------- + ------------ +
| 4 | xxx | 2 |
| 5 | yyy | 2 |
 + ----- + ------- + ------------ +
2 rows in set (0.00 sec)

4. Delete view

Syntax: DROP VIEW view name

DROP VIEW teacher_view

Trigger

Triggers can be used to customize the behavior before and after the user performs [add, delete, modify] operations on the table. Note: There is no query.

1. Create a trigger

# Before inserting
CREATE TRIGGER tri_before_insert_tb1 BEFORE INSERT ON tb1 FOR EACH ROW
BEGIN
    ...
END

# After inserting
CREATE TRIGGER tri_after_insert_tb1 AFTER INSERT ON tb1 FOR EACH ROW
BEGIN
    ...
END

# Before deletion
CREATE TRIGGER tri_before_delete_tb1 BEFORE DELETE ON tb1 FOR EACH ROW
BEGIN
    ...
END

# After deletion
CREATE TRIGGER tri_after_delete_tb1 AFTER DELETE ON tb1 FOR EACH ROW
BEGIN
    ...
END

# Before update
CREATE TRIGGER tri_before_update_tb1 BEFORE UPDATE ON tb1 FOR EACH ROW
BEGIN
    ...
END

# Updated
CREATE TRIGGER tri_after_update_tb1 AFTER UPDATE ON tb1 FOR EACH ROW
BEGIN
    ...
END
Fire trigger after insertion
#preparation table
CREATE TABLE cmd (
    id INT PRIMARY KEY auto_increment,
    USER CHAR (32),
    priv CHAR (10),
    cmd CHAR (64),
    sub_time datetime, #Submission time
    success enum ('yes', 'no') #0 represents execution failure
);

CREATE TABLE errlog (
    id INT PRIMARY KEY auto_increment,
    err_cmd CHAR (64),
    err_time datetime
);

#Create trigger
delimiter //
CREATE TRIGGER tri_after_insert_cmd AFTER INSERT ON cmd FOR EACH ROW
BEGIN
    IF NEW.success = 'no' THEN #Equality judgment only has one equal sign
            INSERT INTO errlog(err_cmd, err_time) VALUES(NEW.cmd, NEW.sub_time); #Must add semicolon
      END IF; #must add semicolon
END//
delimiter;


#Insert records into table cmd, trigger triggers, and decide whether to insert error logs based on IF conditions
INSERT INTO cmd (
    USER,
    private,
    cmd,
    sub_time,
    success
)
VALUES
    ('ly','0755','ls -l /etc',NOW(),'yes'),
    ('ly','0755','cat /etc/passwd',NOW(),'no'),
    ('ly','0755','useradd xxx',NOW(),'no'),
    ('ly','0755','ps aux',NOW(),'yes');


#Query the error log and found two
mysql> select * from errlog;
 + ---- + ------------------ + -------------------------- +
| id | err_cmd | err_time |
 + ---- + ------------------ + -------------------------- +
| 1 | cat /etc/passwd | 2017-09-14 22:18:48 |
| 2 | useradd xxx | 2017-09-14 22:18:48 |
 + ---- + ------------------ + -------------------------- +
2 rows in set (0.00 sec)

Special: NEW represents the data row to be inserted, and OLD represents the data row to be deleted.

2. Use triggers

Triggers cannot be called directly by users, but are passively triggered by the [add/delete/modify] operations on the table.

3. Delete trigger

drop trigger tri_after_insert_cmd;

Transactions

1. What is a transaction

Opening a transaction can contain some sql statements, and these sql statements will either succeed at the same time
Either none of them can succeed, call it atomicity of transactions

2. The role of transactions

Guaranteed data security for data operations

Case: Use a Bank of Communications card to operate a CCB ATM machine to transfer money to an industrial and commercial account

Transactions should have 4 attributes: Atomicity, consistency, isolation, and durability. These four properties are often called ACID properties.

Atomicity. A transaction is an indivisible unit of work. All operations included in the transaction are either done or none.

Consistency. A transaction must change the database from one consistency state to another. Consistency and atomicity are closely related.

Isolation. The execution of a transaction cannot be interfered with by other transactions. That is, the operations and data used within a transaction are isolated from other concurrent transactions, and transactions executed concurrently cannot interfere with each other.

Durability. Durability, also known as permanence, means that once a transaction is committed, its changes to the data in the database should be permanent. Subsequent operations or failures should not have any impact on it.

3. How to use

# First introduce the three keywords of the transaction, and then use the table to actually show the effect.
start transaction;
commit;
rollback;

create table user(
id int primary key auto_increment,
name char(32),
balance int
);

insert into user(name,balance)
values
('jason',1000),
('egon',1000),
('tank',1000);

# Enable transaction operations before modifying data
start transaction;

# Modification operation
update user set balance=900 where name='jason'; #Buy and pay 100 yuan
update user set balance=1010 where name='egon'; #The intermediary took away 10 yuan
update user set balance=1090 where name='tank'; #The seller gets 90 yuan

# Roll back to the previous state
rollback;

# After starting the transaction, as long as no commit operation is performed, the data is not actually refreshed to the hard disk.
commit;
"""Enable transaction detection to see if the operation is complete. If it is incomplete, it will automatically roll back to the previous state. If it is complete, the commit operation should be performed"""

# From the perspective of python code, the pseudo code logic that should be implemented,
try:
# Less open transactions...
    update user set balance=900 where name='jason'; #Buy and pay 100 yuan
    update user set balance=1010 where name='egon'; #The intermediary took away 10 yuan
    update user set balance=1090 where name='tank'; #The seller gets 90 yuan
except Exception:
    rollback;
else:
    commit;

Stored procedure

1. Introduction

The stored procedure contains a series of executable SQL statements. The stored procedure is stored in MySQL. By calling its name, a bunch of SQL inside it can be executed.

Advantages of using stored procedures:

1. Used to replace SQL statements written by programs to achieve decoupling of programs and SQL

2. Based on network transmission, the amount of data transferred by alias is small, but the amount of data transferred directly by SQL is large.

Disadvantages of using stored procedures:

1. It is inconvenient for programmers to expand functions

2. Basic use

delimiter $$
create procedure p1()
begin
select * from user;
end $$
delimiter;

# transfer
call p1()

3. Three development models

The first type

Application: Only the logic of the application needs to be developed

mysql: Write stored procedures to be called by applications

Advantages: high development efficiency and execution efficiency

Disadvantages: Considering human factors, cross-department communication and other issues, it will lead to poor scalability

Second type

Application: In addition to developing the logic of the application, you also need to write native sql

Advantages: higher scalability than method 1 (non-technical)

shortcoming:
1. Development efficiency and execution efficiency are not as good as method 1
2. Writing native sql is too complicated, and the optimization of sql statements needs to be considered.

The third type

Application: Develop the logic of the application without writing native sql. Process data based on a framework written by others, ORM

Advantages: There is no need to write pure SQL, which means that the development efficiency is higher than that of method 2, and it is also compatible with the high scalability of method 2.

Disadvantages: The execution efficiency is not even comparable to method 2.

4. Create stored procedures

# Introduce the characteristics of formal parameters and then write the specific functions

delimiter $$

create procedure p2(
    in m int, # in means that this parameter must only be passed in and cannot be returned.
    in n int,
    out res int # out means that this parameter can be returned
)
begin
    select tname from teacher where tid > m and tid < n;
    set res=0; # Used to mark whether the stored procedure is executed
end $$
delimiter;


#Res needs to be defined in advance
set @res=10; Definition
select @res; View
call p1(1,5,@res) call
select @res view

5. How to use stored procedures

# Major premise: The stored procedure is created under which library and can only be used under the corresponding library! ! !

# 1. Call directly in mysql
set @res=10 # The value of res is used to determine whether the stored procedure is executed successfully, so you need to first define a variable @res to store 10
call p1(2,4,10); # Report error
call p1(2,4,@res);

# View Results
select @res; # Execution is successful, @res variable value has changed

# 2. Call in python program
pymysql link mysql
The generated travel table cursor.callproc('p1',(2,4,10)) # Internal principle: @_p1_0=2,@_p1_1=4,@_p1_2=10;
cursor.execute('select @_p1_2;')


# 3. Examples of using stored procedures and transactions (understand)
delimiter //
create PROCEDURE p5(
    OUT p_return_code tinyint
)
BEGIN
    DECLARE exit handler for sqexception
    BEGIN
        --ERROR
        set p_return_code = 1;
        rollback;
    END;


  DECLARE exit handler for sqlwarning
  BEGIN
      -- WARNING
      set p_return_code = 2;
      rollback;
  END;

  START TRANSACTION;
      update user set balance=900 where id =1;
      update user123 set balance=1010 where id = 2;
      update user set balance=1090 where id =3;
  COMMIT;

  --SUCCESS
  set p_return_code = 0; #0 represents successful execution


END //
delimiter ;

Function

Note the difference from stored procedures. MySQL built-in functions can only be used in SQL statements!

CREATE TABLE blog (
    id INT PRIMARY KEY auto_increment,
    NAME CHAR (32),
    sub_time datetime
);

INSERT INTO blog (NAME, sub_time)
VALUES
    ('Part 1','2015-03-01 11:31:21'),
    ('Part 2','2015-03-11 16:31:21'),
    ('Part 3','2016-07-01 10:21:31'),
    ('Article 4','2016-07-22 09:23:21'),
    ('Part 5','2016-07-23 10:11:11'),
    ('Article 6','2016-07-25 11:21:31'),
    ('Article 7','2017-03-01 15:33:21'),
    ('Article 8','2017-03-01 17:32:21'),
    ('Article 9','2017-03-01 18:31:21');


 + ---- + -------------------------------------- + ----- ---------------- +
| id | NAME | sub_time | month
 + ---- + -------------------------------------- + ----- ---------------- +
| 1 | Article 1 | 2015-03-01 11:31:21 | 2015-03
| 2 | Article 2 | 2015-03-11 16:31:21 | 2015-03
| 3 | Article 3 | 2016-07-01 10:21:31 | 2016-07
| 4 | Article 4 | 2016-07-22 09:23:21 | 2016-07
| 5 | Article 5 | 2016-07-23 10:11:11 | 2016-07
| 6 | Article 6 | 2016-07-25 11:21:31 | 2016-07
| 7 | Chapter 7 | 2017-03-01 15:33:21 | 2017-03
| 8 | Article 8 | 2017-03-01 17:32:21 | 2017-03
| 9 | Article 9 | 2017-03-01 18:31:21 | 2017-03
 + ---- + -------------------------------------- + ----- ---------------- +

select count(*) from blog group by month;

select date_format(sub_time,'%Y-%m'),count(id) from blog group by date_format(sub_time,'%Y-%m');

Process control

if conditional statement

# if conditional statement
delimiter //
CREATE PROCEDURE proc_if ()
BEGIN
    
    declare i int default 0;
    if i = 1 THEN
        SELECT 1;
    ELSEIF i = 2 THEN
        SELECT 2;
    ELSE
        SELECT 7;
    END IF;

END //
delimiter ;

while loop

# while loop
delimiter //
CREATE PROCEDURE proc_while ()
BEGIN

    DECLARE num INT;
    SET num = 0;
    WHILE num < 10 DO
        SELECT
            num;
        SET num = num + 1;
    END WHILE ;

END //
delimiter ;

Index

Knowledge review: Data is stored on the hard disk, so querying data inevitably requires IO operations.

An index is a data structure, similar to the table of contents of a book. This means that when looking for data in the future, you should first look for the directory and then look for the data, rather than querying the data by turning pages.

Index, also called “key” in MySQL, is a data structure used by the storage engine to quickly find records.

primary key
unique key
index key

Note: In addition to the effect of accelerating queries, the first two of the above three keys also have additional constraints (primary key: non-empty and unique, unique key: unique), while the index key does not have any constraint function and will only help you speed up. Inquire

The essence is: filter out the final desired results by continuously narrowing the scope of the data you want to obtain, and at the same time turn random events into sequential events. In other words, with this indexing mechanism, we can Always use the same search method to lock data.

Impact of indexing:

If there is a large amount of data in the table, index creation will be very slow (when creating the table, if you obviously need an index, add it in advance)

# When actually adding indexes in the future, try to add them when the table is empty, and add indexes when creating the table. Adding indexes at this time is the fastest.
# If the data in the table already exists, you still need to add an index. This is OK, but the speed of creating the index will be very slow. This is not recommended.

After the index is created, the query performance of the table will be greatly improved, but the write performance will be reduced.

# However, the performance impact of writing is not great, because in practice, the frequency of writing is very small, and most operations are queries.
# How to add an index? Which fields should be indexed?
”’There is no fixed answer. Which field to index depends on your actual query conditions”’
select * from user where name=” and password=”;
# The use of index actually requires a lot of work experience to correctly judge
”’Don’t add indexes as soon as you create a table. In a table, there should be no more than 15 indexes at most. The more indexes, the performance will decrease”’
# How to reduce the amount of data and do not need to add indexes. Generally, there is no need to add indexes if the data is less than 10 million. Mysql is suitable for data of less than 10 million, and the performance will not drop too much.

b + tree

Tree——>Binary tree Balanced tree b-tree b + tree b-tree…

Only leaf nodes store real data, and root and branch nodes only store virtual data.

The number of queries is determined by the level of the tree. The lower the level, the fewer the times.

The size of a disk block is certain, which means that the amount of data that can be stored is certain. How to ensure that the level of the tree is the lowest? A disk block stores data items that occupy relatively small space.

# When adding indexes in the future, try to add columns that store numbers in the fields. We use the primary key to query quickly.
select * from user where name = ''
select * from user where id = '' # Primary key query is faster

Thinking about what fields in a table we should index can reduce the height of the tree >>> Primary key id field

Clustered index (primary key)

Clustered index actually refers to the primary key of the table. The InnoDB engine stipulates that a table must have a primary key. Let’s first review the storage engine.

When myisam creates a table, how many files (three) are corresponding to the hard disk?

When innodb creates a table, how many files (two) are there corresponding to the hard disk? The frm file only stores the table structure and cannot contain indexes, which means that the indexes and data of innodb are placed in the idb table data file.

Features: Complete records placed in leaf nodes

Auxiliary index (unique, index)

Auxiliary index: When querying data, it is not possible to use ID as a filtering condition, but also to use field information such as name, password, etc. Then at this time, the accelerated query effect of the clustered index cannot be used. You need to create indexes for other fields. These indexes are called auxiliary indexes.

Features: The leaf node stores the value of the primary key of the record corresponding to the auxiliary index field (for example, if you create an index based on the name field, then the leaf node stores: {the value corresponding to name: name The primary key value of the record where it is located})

select name from user where name='jack';

The above statement is called a covering index: all the data we want has been found only in the leaf nodes of the auxiliary index.

select age from user where name='jack';

The above statement is called a non-covering index. Although the index field name is hit during the query, the age field is being searched, so the primary key is still needed to search.