Sangam 19 - PLSQL still the coolest
0 likes230 views
The document discusses the benefits and misconceptions of PL/SQL in database development, emphasizing its role in achieving performance, security, and maintenance objectives. It highlights real-world applications, the importance of avoiding SQL injection vulnerabilities, and addresses common criticisms about PL/SQL's learning curve and use cases. Ultimately, it encourages a pragmatic approach to utilizing PL/SQL to improve database application success.
![72
C:src> type MyApp.java
...
...
PreparedStatement s =
con.prepareStatement("select any piece of old crap from dual");
...
...
C:src> javac SimplePKcache.java
[no errors]](https://image.slidesharecdn.com/sangamplsqltemplate-191211041942/85/Sangam-19-PLSQL-still-the-coolest-72-320.jpg)
Sangam 19 - PLSQL still the coolest
- 2. PL/SQL - still super cool Connor McDonald Database Advocate Copyright © 2019 Oracle and/or its affiliates.
- 3. 3 3
- 4. 4 4
- 5. 5
- 6. 6 Me youtube bit.ly/youtube-connor blog connor-mcdonald.com twitter @connor_mc_d 400+ posts mainly on database & development 250 technical videos, new uploads every week rants and raves on tech and the world :-)
- 7. 7 etc... facebook bit.ly/facebook-connor linkedin bit.ly/linkedin-connor instagram bit.ly/instagram-connor slideshare bit.ly/slideshare-connor
- 12. 12 this is not
- 15. 15 my definition of success
- 17. 17 meets performance objectives (really a business objective)
- 18. 18 meets development objectives (really a business objective)
- 19. 19 meets security objectives (really a business objective)
- 22. 22 make more, spend less
- 23. 23 PL/SQL should help achieve this for you
- 25. 25 let's look at real life ...
- 26. 26 "We'd never do that .... that's stupid"
- 27. 27 but everyone does ... :-(
- 28. 28 no matter what platform
- 29. 29
- 30. 30 no matter what direction
- 31. 31
- 32. 32
- 33. 33 which leads to ...
- 34. 34 "The database is slow"
- 36. 36 is PL/SQL the solution ?
- 37. 37 remember definition of success
- 40. 40 utopia
- 42. 42 SmartDB
- 44. 44 utopia, n: "an imagined a place or state of things in which everything is perfect."
- 45. 45 100% % people using any form of SmartDB
- 46. 46 #FAIL
- 47. 47 100% % closeness to full SmartDB
- 48. 48 #FAIL
- 49. 49 forget philosophy...focus on success
- 50. 50 can even small PL/SQL investment help ?
- 51. performance
- 52. 52 evolving to PL/SQL ...
- 53. 53 .. bit by bit
- 54. 54 my app = primary key lookup
- 55. 55
- 56. 56 SQL> create or replace 2 function simplepk(i int) return int is 3 res int; 4 begin 5 select pk 6 into res 7 from parse_demo 8 where pk = i; 9 return res; 10 end; SimplePK
- 57. 57 "PL/SQL is more expensive"
- 58. 58 irony
- 60. 60 60
- 61. 61 my app = a simple API
- 62. 62
- 63. 63 SQL> create or replace 2 procedure simpleapi(i1 int, i2 int, o1 out int, o2 out int, o3 out int) is 3 begin 4 select region_id into o1 from customer where id = i1; 5 6 for i in ( select order_id from cust_orders where cust_id = i2 ) 7 loop 8 o2 := i.order_id; 9 end loop; 10 11 select count(*) into o3 from order_items where order_id = o2; 12 end; SimpleAPI
- 64. 64 let's make it "real"
- 66. 66 the best java (et al) can do
- 67. 67 it is not just latency
- 68. 68 we'll come back to why shortly...
- 70. 70 benefit #1
- 71. 71 "Crash Early" "A dead program normally does a lot less damage than a crippled one."
- 72. 72 C:src> type MyApp.java ... ... PreparedStatement s = con.prepareStatement("select any piece of old crap from dual"); ... ... C:src> javac SimplePKcache.java [no errors]
- 73. 73 SQL> create or replace 2 procedure MY_PROC is 3 begin ... ... 24 select any piece of old crap from dual; ... ... 75 end; 76 / Warning: Procedure created with compilation errors.
- 74. 74 benefit #2
- 75. 75 the lazy way is the optimal way
- 76. 76 rs = stmt.executeQuery( "select ename from emp where empno = " + v_empno ); while(rs.next()) { v_ename = rs.getInt(1); } PreparedStatement pstmt = con.prepareStatement("select ename from emp where empno = ?"); pstmt.setInt(1, v_empno); rs = pstmt.executeQuery(); while(rs.next()) { v_ename = rs.getInt(1); }
- 77. 77 building SQL by concatenation
- 79. 79 select ename from emp where empno = 6543 select ename from emp where empno = 6543 and 1=0 union all select table_name from all_tables where table_name like '%SECURITY%' select ename from emp where empno = 6543 and 1=0 union all select username from app_security where ... rs = stmt.executeQuery( "select ename from emp where empno = " + v_empno );
- 80. 80 begin select ename into v_ename from emp where empno = v_empno; begin dbms_sql.parse( v_cur, 'select ename from emp where empno = '||v_empno, dbms_sql.native ); dbms_sql.define_column(v_cur, 1, v_ename, 30); l_status := dbms_sql.execute(v_cur); while ( dbms_sql.fetch_rows(v_cur) > 0 ) loop dbms_sql.column_value(v_cur, 1, v_ename); end loop;
- 81. 81 begin execute immediate 'select ename from emp where empno = '||v_empno into v_ename;
- 82. 82 "We're safe... we use an ORM"
- 84. 84 not just static versus dynamic
- 86. 86 procedure GET_EMPS_FOR_JOB(p_job varchar2) is begin for i in ( select ename from emp where job = p_job ) loop ... end loop; SQL> select ename from emp where job = 'SALES'
- 87. 87 SELECT ENAME FROM EMP WHERE JOB = :B1 call count cpu elapsed disk query current rows ------- ------ -------- ---------- ---------- ---------- ---------- ---------- Parse 1 0.00 0.00 0 0 0 0 Execute 10000 0.17 0.14 0 0 0 0 Fetch 10000 0.07 0.09 24 20000 0 40000 ------- ------ -------- ---------- ---------- ---------- ---------- ---------- total 20001 0.25 0.24 24 20000 0 40000
- 88. 88 SELECT ENAME FROM EMP WHERE JOB = :B1 call count cpu elapsed disk query current rows ------- ------ -------- ---------- ---------- ---------- ---------- ---------- Parse 1 0.00 0.00 0 0 0 0 Execute 10000 0.17 0.14 0 0 0 0 Fetch 10000 0.07 0.09 24 20000 0 40000 ------- ------ -------- ---------- ---------- ---------- ---------- ---------- total 20001 0.25 0.24 24 20000 0 40000
- 89. 89 PreparedStatement pstmt = con.prepareStatement("select ename from emp where empno = ?"); pstmt.setString(1,v_job); rs = pstmt.executeQuery(); while(rs.next()) { v_ename = rs.getInt(1); } pstmt.close(); SQL> select ename from emp where job = 'SALES'
- 90. 90 select ename from emp where job = :1 call count cpu elapsed disk query current rows ------- ------ -------- ---------- ---------- ---------- ---------- ---------- Parse 10000 0.06 0.10 0 0 0 0 Execute 10000 0.14 0.15 0 0 0 0 Fetch 40000 0.12 0.10 24 40000 0 40000 ------- ------ -------- ---------- ---------- ---------- ---------- ---------- total 50000 0.32 0.37 24 40000 0 40000
- 91. 91 select ename from emp where job = :1 call count cpu elapsed disk query current rows ------- ------ -------- ---------- ---------- ---------- ---------- ---------- Parse 10000 0.06 0.10 0 0 0 0 Execute 10000 0.14 0.15 0 0 0 0 Fetch 40000 0.12 0.10 24 40000 0 40000 ------- ------ -------- ---------- ---------- ---------- ---------- ---------- total 50000 0.32 0.37 24 40000 0 40000
- 92. 92 OracleDataSource ods = new OracleDataSource(); ods.setImplicitCachingEnabled( true ); Properties cacheProps = new Properties(); cacheProps.put( "MaxStatementsLimit", "50" ); ods.setConnectionCacheProperties( cacheProps ); PreparedStatement pstmt = con.prepareStatement("select ename from emp where empno = ?"); pstmt.setFetchSize(100); pstmt.setString(1,v_job); rs = pstmt.executeQuery(); while(rs.next()) { v_ename = rs.getInt(1); } pstmt.close(); SQL> select ename from emp where job = 'SALES'
- 93. 103 "It's good enough for me"
- 94. 104 totally fine but ...
- 96. 107 benefit #3
- 97. 108 no application is 100% complete
- 98. 109 data loading, data patching
- 100. 111 a common build criticism
- 102. 113 true ... in the past
- 103. 114
- 104. 115 115
- 107. 118 Oracle XE
- 108. 119 100% free
- 110. 121 benefits #1
- 112. 123 SQL> desc DBA_DEPENDENCIES Name Null? Type ----------------------------- -------- -------------------- OWNER NOT NULL VARCHAR2(128) NAME NOT NULL VARCHAR2(128) TYPE VARCHAR2(19) REFERENCED_OWNER VARCHAR2(128) REFERENCED_NAME VARCHAR2(128) REFERENCED_TYPE VARCHAR2(19) REFERENCED_LINK_NAME VARCHAR2(128) DEPENDENCY_TYPE VARCHAR2(4)
- 113. 124 SQL> create or replace 2 procedure MY_PROC is 3 v_ename scott.emp.ename%type; 4 begin 5 select ename 6 into v_ename 7 from scott.emp 8 where 1=0; 9 end; 10 / SQL> select name, referenced_name 2 from dba_dependencies 3 where name = 'MY_PROC'; NAME REFERENCED_NAME -------------------- ------------------------------------- MY_PROC STANDARD MY_PROC EMP
- 114. 125 a common maintenance criticism
- 115. 126 "Deployment means down time"
- 116. 127 packages
- 117. 128 break the invalidation chain
- 118. proc A proc B proc C proc D pack A pack B pack C pack D body A body B body C body D
- 119. 11g and beyond
- 120. pack A pack B pack C pack D body A body B body C body D
- 121. 132 12c and beyond
- 123. 134 procedure MY_PROC is begin ... ... "v1 code" ... end; procedure MY_PROC is begin ... ... "v2 code" ... end;
- 124. security
- 125. 136 benefit #1
- 126. 137 the opportunity of better security
- 127. 138 SQL> select username, program from v$session; USERNAME PROGRAM -------------------- ---------------------------- MY_SCHEMA JDBC Thin Client MY_SCHEMA JDBC Thin Client MY_SCHEMA JDBC Thin Client MY_SCHEMA JDBC Thin Client MY_SCHEMA JDBC Thin Client MY_SCHEMA JDBC Thin Client ... ...
- 128. 139 TABLES MY_SCHEMA
- 129. 140 there isn't a limit on schemas
- 130. 141 least privilege is the best privilege
- 131. 142 nothing connects to the data owner ... ever
- 135. 146 benefit #2 - corollary
- 137. 148 triggers
- 139. 150 putting theory into practice
- 140. 151 customer example
- 142. 153 development team C++ C# no Oracle experience no database experience !
- 143. 155 C#, C++ ESB Tuxedo Weblogic
- 144. 156 public static void RaceStarted(int race_id) { ... } public static void HorseScratched(int race_id, int horse_id) { ... } public static void NewCustomer(int cust_seq, ...) { ... } public static void DepositIntoAccount(int ...) { ... }
- 146. 158 PROCEDURE customer_bet( p_transaction_ts IN timestamp ,p_bet_type IN bet.bet_type%TYPE ,p_store IN bet.store%TYPE ,p_accountnum IN bet.bet_account_num%TYPE ,p_amount IN bet.amount%TYPE ... ); PROCEDURE pay_winner( p_transaction_ts IN timestamp ,p_bet_seq IN bet.bet_seq%TYPE ,p_bet_type IN bet.bet_type%TYPE ,p_store IN bet.store%TYPE ,p_accountnum IN bet.bet_account_num%TYPE ,p_amount_to_pay IN bet.paid_payout%TYPE ,p_amount_to_refund IN bet.paid_refunds%TYPE ... );
- 147. 159 that's it!
- 148. 160 the benefits can be addictive
- 149. 161 pl/sql c#
- 150. 162 "We added one procedure to solve one problem, then another procedure to solve another problem, and very quickly...now they want PLSQL everywhere" - Office Hours, June 2019
- 151. 163 addressing some common criticisms
- 152. 164 "PL/SQL is not object oriented"
- 153. 165 OO principles
- 154. 166
- 155. 167 PL/SQL
- 156. 168 "We don't have PL/SQL skills"
- 158. 170 if-then-else, loop, subroutines, parameters
- 159. 171 "We struggle with SQL"
- 160. 172 "We struggle with good PL/SQL"
- 161. 173 it ... doesn't ... matter
- 162. 174 utopia
- 163. 175 wrap up
- 164. 176 it doesn't have to be a war
- 165. 177 it doesn't have to be utopia
- 166. 178 PL/SQL is easy to learn, easy to write
- 167. 179 good wins for small effort
- 168. 180 kick starts the journey to big wins
- 169. 181
- 171. 183 Thank you youtube bit.ly/youtube-connor blog connor-mcdonald.com twitter @connor_mc_d