Communicating with Databases String based queries are prevalent: u JPA, Hibernate, TopLink Strings JAVA DB 1
Example: Using JPA to query DB Query in JPA Query Language: “SELECT w FROM Weblog w WHERE w.id = ?1 AND w.link.id = ?2” Java syntax in query String Mapping Java Classes to DB Tables: u Expressed in Object Relational Mapping (ORM) 2
Example: Using JPA to query DB String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 3
Example: Using JPA to query DB String getText(String id, Link link) { String qStr; Query q; 1. Build query string qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 4
Example: Using JPA to query DB String getText(String id, Link link) { String qStr; Query q; 1. Build query string qStr = “SELECT w FROM Weblog w ”; 2. Create query qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 5
Example: Using JPA to query DB String getText(String id, Link link) { String qStr; Query q; 1. Build query string qStr = “SELECT w FROM Weblog w ”; 2. Create query qStr += “WHERE w.id = ?1 ”; 3. Set parameters qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 6
Example: Using JPA to query DB String getText(String id, Link link) { String qStr; Query q; 1. Build query string qStr = “SELECT w FROM Weblog w ”; 2. Create query qStr += “WHERE w.id = ?1 ”; 3. Set parameters qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 7
Example: Using JPA to query DB String getText(String id, Link link) { String qStr; Query q; 1. Build query string qStr = “SELECT w FROM Weblog w ”; 2. Create query qStr += “WHERE w.id = ?1 ”; 3. Set parameters qStr += “AND w.link.id = ?2”; 4. Execute query q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 8
Example: Using JPA to query DB String getText(String id, Link link) { String qStr; Query q; 1. Build query string qStr = “SELECT w FROM Weblog w ”; 2. Create query qStr += “WHERE w.id = ?1 ”; 3. Set parameters qStr += “AND w.link.id = ?2”; 4. Execute query q = createQuery(qStr); q.setParam(1, id); • Efficient q.setParam(2, link.id); • Flexible Weblog w = (Weblog) q.execQuery(); Unsafe return w.text; } 9
Uncaught Errors String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 10
Uncaught Errors String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); // q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 11
Uncaught Errors String getText(String id, Link link) { String qStr; Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); // q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 12
Uncaught Errors String getText(String id, Link link) { String qStr; Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 13
Uncaught Errors String getText(String id, Link link) { String qStr; Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; 2. Unsafe param type qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, new Weblog()); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 14
Uncaught Errors String getText(String id, Link link) { String qStr; Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; 2. Unsafe param type qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 15
Uncaught Errors String getText(String id, Link link) { String qStr; Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; 2. Unsafe param type qStr += “WHERE w.id = ?1 ”; 3. Unsafe downcast qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Warranty w = (Warranty) q.execQuery(); return w.text; } 16
Uncaught Errors String getText(String id, Link link) { String qStr; Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; 2. Unsafe param type qStr += “WHERE w.id = ?1 ”; 3. Unsafe downcast qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); Java compiler does q.setParam(2, link.id); not reason about Weblog w = (Weblog) q.execQuery(); the query strings; return w.text; cannot typecheck. } 17
Refactor: Weblog.id à Weblog.name String getText(String id, Link link) { String qStr; Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; 2. Unsafe param type qStr += “WHERE w.id = ?1 ”; 3. Unsafe downcast qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 18
Refactor: Weblog.id à Weblog.name String getText(String id, Link link) { String qStr; Refactor Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; 2. Unsafe param type qStr += “WHERE w.id = ?1 ”; 3. Unsafe downcast qStr += “AND w.link.id = ?2”; Don’t Refactor q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Need to know type Weblog w = (Weblog) q.execQuery(); of w and w.link to refactor safely. return w.text; } 19
Refactor: Weblog.id à Weblog.name String getText(String id, Link link) { String qStr; Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; 2. Unsafe param type qStr += “WHERE w.id = ?1 ”; 3. Unsafe downcast qStr += “AND w.link.id = ?2”; 4. Refactoring difficult q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 20
String Based Query Challenges String getText(String id, Link link) { String qStr; Query q; 1. Unset parameter qStr = “SELECT w FROM Weblog w ”; 2. Unsafe param type qStr += “WHERE w.id = ?1 ”; 3. Unsafe downcast qStr += “AND w.link.id = ?2”; 4. Refactoring difficult q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 21
Deep Typechecking Example String getText(String id, Link link) { Query safety: String qStr; • All params set Query q; • Params safely set qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; • Result safely downcast qStr += “AND w.link.id = ?2”; q = createQuery(qStr); Is this query exec safe? q.setParam(1, id); q.setParam(2, link.id); Need to know: Weblog w = (Weblog) q.execQuery(); 1. query string 2. param types return w.text; } 22
Deep Typechecking Example Bound Query : String getText(String id, Link link) { String qStr; • query string Query q; qStr = “SELECT w FROM Weblog w ”; • param types qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; Example : q = createQuery(qStr); query : “SELECT … ?1 … ?2 … ?3 …” ?1 : String q.setParam(1, id); ?2 : Weblog q.setParam(2, link.id); ?3 : unknown Weblog w = (Weblog) q.execQuery(); At each program point map return w.text; } each var to a set of BQs. 23
Bound Query Analysis String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 24
Bound Query Analysis String getText(String id, Link link) { qStr = “SELECT … ?2” String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } 25
Recommend
More recommend
