By Drew Lopreiato
"Why did you choose to talk about databases?"
"Yo this shit looks fly as fuck."
"God, when is this over?"
A good interface for structured data
Finds data you want quickly
Built to work over networks
In essence, a database is a file with different interface.
class AcmMember {
string Name;
Date GraduationDate;
int MeetingsAttended;
BihemisphericDecaoctant BroomballPosition;
}
enum BihemisphereicDecaoctant {OffenseRight, OffenseLeft, OffensePost,
AlphaOuterRight, AlphaInnerRight, AlphaInnerLeft, AlphaOuterLeft,
AlphaNuetralLeft, AlphaNuetralRight, BetaNuetralRight,
BetaNuetralLeft, BetaOuterLeft, BetaInnerLeft, BetaInnerRight,
BetaOuterRight, DefenseGoal, DefenseLeft, DefenseRight};
Game plan available after today's talk
{
"Name" : "Nick",
"GraduationDate" : "5/6/16",
"MeetingsAttended" : 30,
"BihemisphericDecaoctant"
: "AlphaOuterRight"
}
+-----+--------+----+----------------+ |Name |GradDate|M.A.| BhmsphrcDcctnt | +-----+--------+----+----------------+ |Nick | 5/6/16 | 30 | AlphaOuterRight| +-----+--------+----+----------------+
{
"Name" : "Nick",
"GraduationDate" : "5/6/16",
"MeetingsAttended" : 30,
"BihemisphericDecaoctant"
: "AlphaOuterRight"
},
{
"Name" : "Alice",
"GraduationDate" : "5/6/16",
"MeetingsAttended" : 2,
"BihemisphericDecaoctant"
: "DefenseGoal"
}
+-----+--------+----+----------------+ |Name |GradDate|M.A.| BhmsphrcDcctnt | +-----+--------+----+----------------+ |Nick | 5/6/16 | 30 | AlphaOuterRight| +-----+--------+----+----------------+ |Alice| 5/6/18 | 15 | DefenseGoal | +-----+--------+----+----------------+
$databaseObject = new mysqli('lopreiato.us', 'drew',
'pa$$w0rd', 'acm_presentation');
Connection conn = DriverManager.getConnection(
"jdbc:mysql://lopreiato.us/acm_presentation", "drew", "pa$$w0rd");
MySQL.Data.MySqlClient.MySqlConnection conn;
conn = new MySql.Data.MySqlClient.MySqlConnection(
"server=lopreiato.us;uid=drew;pwd=pa$$w0rd;database=acm_presentation;";
MYSQL *con = mysql_init(NULL);
mysql_real_connect(con, "lopreiato.us", "drew", "pa$$w0rd",
NULL, 0, NULL, 0);
Create | INSERT |
Read | SELECT |
Update | UPDATE |
Delete | DELETE |
name | graduation | meetingsAttended | bhmsphrcDcctnt |
---|---|---|---|
Nick | 2016-05-06 | 30 | AlphaOuterRight |
Alice | 2018-05-06 | 15 | DefenseGoal |
INSERT INTO acm_members (name, graduation, meetingsAttended, bhmsphrcDcctnt)
VALUES ('John', '2017-05-06', 0, 'BetaNuetralRight');
name | graduation | meetingsAttended | bhmsphrcDcctnt |
---|---|---|---|
Nick | 2016-05-06 | 30 | AlphaOuterRight |
Alice | 2018-05-06 | 15 | DefenseGoal |
John | 2017-05-06 | 0 | BetaNuetralRight |
DELETE FROM acm_members
WHERE name='John';
name | graduation | meetingsAttended | bhmsphrcDcctnt |
---|---|---|---|
Nick | 2016-05-06 | 30 | AlphaOuterRight |
Alice | 2018-05-06 | 15 | DefenseGoal |
UPDATE acm_members
SET meetingsAttended=meetingsAttended-1
WHERE name='Nick';
name | graduation | meetingsAttended | bhmsphrcDcctnt |
---|---|---|---|
Nick | 2016-05-06 | 29 | AlphaOuterRight |
Alice | 2018-05-06 | 15 | DefenseGoal |
SELECT name, graduation
FROM acm_members
WHERE meetingsAttended > 0;
RETURN VALUE
name | graduation |
---|---|
Nick | 2016-05-06 |
Alice | 2018-05-06 |
class User { string Name; int Score; }
class Question { string Question; string Answer; }
class Game { ArrayList<User> Users; ArrayList<Question> Questions; }
Name | Score |
---|---|
varchar(32) | int(10) |
Question | Answer |
---|---|
varchar(128) | varchar(32) |
Has to be Unique
Data is Clustered Based on this Value
"Wow! This app is fun, but how am I am supposed to know about all this random stuff? I only got 3." "Jeez, I wish I could at least have a chance at some of these questions." "GG2EZ SCRUBLORDS. GET REKT M8! LOLOLOLOL"
For storing data in the...
class CategoryScore { int Category; // the primary key of the category int Score; // the score the user earned }
class Person { int ID; string name; ArrayList<CategoryScore> Scores; }
class Game { ArrayList<Person> Users; }
1.) Username should be unique
function Register(string Username, string Password) {
string HashValue = hash(Password);
string registerUserQuery = "INSERT INTO users (username, password)" +
"VALUES ('" + Username + "', '" + HashValue + "');";
SqlConnection.query(registerUserQuery);
}
INSERT INTO users (username, hashed_password)
VALUES ('Seth', 'aa21e1e64b5ca4f6e7bd20ed945b8b79');
function boolean Authenticate(string Username, string Password) {
string HashValue = hash(Password);
string authQuery = "SELECT * FROM trivia_users WHERE username='" + username
+ "' AND hashed_password='" + HashValue + "'";
SqlResult userSelect = SqlConnection.query(authQuery);
return userSelect.num_rows > 0;
}
SELECT * FROM trivia_users
WHERE username='Seth' AND hashed_password='aa21e1e64b5ca4f6e7bd20ed945b8b79';
How?
A SQL Injection
Why?
Someone wanted to break your project
Who?
Arun.
function Register(string Username, string Password) {
string HashValue = hash(Password);
string registerUserQuery = "INSERT INTO users (username, password)" +
"VALUES ('" + Username + "', '" + "HashValue');";
SqlConnection.query(registerUserQuery);
}
Register("Seth", "PurpleMonkeyDishwasher");
INSERT INTO users (username, hashed_password) VALUES ('Seth', 'aa21e1e64b5ca4f6e7bd20ed945b8b79');
void Register("Seth', ''); DROP TABLE trivia_questions; --", "LOLHAX");
INSERT INTO users (username, hashed_password) VALUES ('Seth', ''); DROP TABLE trivia_questions; --', '6978ab23a8f309433addd76793a55ddf');
Determine What's Valid
What is you're name? | What is you\'re name? |
Who's dog is this? | Who\'s dog is this? |
All my corgi's are brown. | All my corgi\'s are brown. |
void Register(string Username, string Password) {
// ...
Username.replace("'", "\'");
// ...
}
void Register("Seth', ''); DROP TABLE trivia_questions; --", "LOLHAX");
INSERT INTO users (username, hashed_password) VALUES ('Seth\', \'\'); DROP TABLE trivia_questions; --', '6978ab23a8f309433addd76793a55ddf');
But our story doesn't end here.
ArrayList<Triple<String, Category, int>> GetHighScoreTable(int UserScore, int Radius) {
ArrayList<Triple<String, Category, int>> highScoreTable =
new ArrayList<Triple<String, Category, int>>();
int UpperBound = UserScore + Radius;
int LowerBound = UserScore - Radius;
String selectScoresQuery = "SELECT * FROM trivia_scores WHERE score<=" + UpperBound
+ " AND score>=" + LowerBound + ";";
SqlResult nearbyScores = SqlConnection.query(selectScoresQuery);
String selectCategoriesQuery = "SELECT * FROM trivia_categories;";
SqlResult categories = SqlConnection.query(selectCategoriesQuery);
foreach (Score in nearbyScores) {
String getUserNameQuery = "SELECT first_name FROM triva_users WHERE id=" + Score.user_id + ";";
SqlResult userName = SqlConnection.query(getUserNameQuery);
String category = categories[Score.category_id];
highScoreTable.add(new Triple(userName.first_name, category, Score.score));
}
return highScoreTable;
}
Excludes any non-matched data
Guarantees the existance of every row from the left
Anything unmatched will be given value NULL
Guarantees the existance of every row from the right
Anything unmatched will be given value NULL
Guarantees the existance of every row
Anything unmatched will be given value NULL
int GetRank(int UserScore, int Category) {
String selectUsersQuery = "SELECT user_id FROM trivia_scores WHERE score <= "
+ UserScore + " AND category_id=" + Category + ";";
SqlResult betterUsers = SqlConnection.query(selectUsersQuery);
int count = 0;
foreach (User in BetterUsers) {
count++;
}
return count;
}
SELECT count(*)
FROM trivia_scores
WHERE category_id=5;
Returns 1 Row
Visit my Github for the source where I left more comments.
http://github.com/dLopreiato
Made with reveal.js
Character Design by Emma