CSCE 5560

Secure Electronic Commerce

Databases

University of North Texas

Database Overview

2
 What is a Database?
• Database
– A collection of data, structured in a well-defined
format, accessed by multiple applications using
standard commands, ensuring integrity of access
• An electronic database
– Stores data items
– Data items can be extracted
– Data items can be sorted
– Data items can be manipulated to reveal new
information
3
 Database Management Systems
• A combination of software and data, made up of a
physical database, a database engine, and a database
schema
– Physical database
• A collection of files that contain the data
– Database engine
• Software that supports access to and modification of
the database contents
– Database schema
• A specification of the logical structure of the data
stored in the database
4
Database Management Systems

Schemas
• Complete set of tables designed
for a database
• Do not include data
• Often show type information for
each attribute

5
 Database Management Systems
• A collection of software that facilitates and optimizes
database I/O for applications
– Flexible access to data – independent of physical
storage
– Rapid response to ad hoc queries
– Access by multiple applications in various ways
– Ensures data integrity
– Elimination of redundant data

6
 The Relational Model
• Relational DBMS
– A DBMS in which the data items and the
relationships among them are organized into
tables
• In a relational database:
– A table (i.e., relation) represents information about an
entity
– A row, also called a record or tuple, contains data about
one instance of an entity
– Each category of information (i.e., column) is called an
attribute or field
7
 Tables
ID Name Address City
customers

1 Julie Smith 25 Oak Street Airport West

2 Alan Wong 1147 Haines Ave. Box Hill
3 Michelle Arthur 357 North Road Yarraville

• Each column has an associated data type

• All rows have the same attributes
• Each row consists of a set of individual values that
correspond to columns

8
 Keys
• Need a way to identify each customer
– Names are not unique
– Could use name, address, city
• Assign unique customer ID
• Identifying column in a table is called the key or the
primary key

9
 Connecting Tables
ID Name Address City
customers

1 Julie Smith 25 Oak Street Airport West

2 Alan Wong 1147 Haines Ave. Box Hill
3 Michelle Arthur 357 North Road Yarraville

What day did Michelle Arthur place an order?

OrderID CustomerID Amount Date

1 3 27.50 02-Apr-2000
orders

2 1 12.99 15-Apr-2000
3 2 74.00 19-Apr-2000
4 4 6.99 01-May-2000
10
 Foreign Key
ID Name Address City
customers

1 Julie Smith 25 Oak Street Airport West

2 Alan Wong 1147 Haines Ave. Box Hill
3 Michelle Arthur 357 North Road Yarraville

Key put in another table to link

the tables is called a foreign key
OrderID CustomerID Amount Date
1 3 27.50 02-Apr-2000
orders

2 1 12.99 15-Apr-2000
3 2 74.00 19-Apr-2000
4 4 6.99 01-May-2000
11
Structured Query Language

12
 Structured Query Language
• Data within a DBMS is manipulated by a specific
application program using a DBMS access language
• Specialized query languages
– Enable the user or another application program to query
the database
– SQL has become the international standard language for
data definition and manipulation
• Relationships among different entities in a database
– Established through the correspondence between primary
keys and foreign keys
13
 Structured Query Language
• Structured Query Language (SQL)
– A comprehensive relational database language for
data manipulation and queries

select attribute-list from table-list where condition

name of field name of table value restriction

select * from Movie where Rating = 'PG'

– Result is a table containing all PG movies in table Movie

14
 Creating Database Tables
• Syntax
CREATE TABLE tablename(columns)
• Example Table Name All rows must have a
create table orders value for this attribute

( orderid int unsigned not null

auto_increment primary key,
customerid int unsigned not null,
amount float(6, 2),
Values must be unique.
date date not null Data Types
MySQL will index on
); Column Names this column
Automatically generate a unique value –
can only be used once per table 15
 Creating Database Tables
orderid customerid amount date
1 3 69.98 02-Apr-2000
orders

2 1 49.99 15-Apr-2000
3 2 74.98 19-Apr-2000
4 3 24.99 01-May-2000

• How do we add data? Values must be in the

insert into orders values correct order

(NULL, 3, 69.98, "2000-04-02"),

(NULL, 1, 49.99, "2000-04-15"),
(NULL, 2, 74.98, "2000-04-19"),
(NULL, 3, 24.99, "2000-05-01");
16
 Writing Queries in SQL
SELECT items
FROM tables
[WHERE condition]
[GROUP BY group_type]
[HAVING where_definition]
[ORDER BY order_type]
[LIMIT limit_criteria]

17
 Writing Queries in SQL
orderid customerid amount date
1 3 69.98 02-Apr-2000
orders

2 1 49.99 15-Apr-2000
3 2 74.98 19-Apr-2000
4 3 24.99 01-May-2000

select * from orders;

orderid customerid amount date
1 3 69.98 02-Apr-2000
2 1 49.99 15-Apr-2000
3 2 74.98 19-Apr-2000
4 3 24.99 01-May-2000
18
 Writing Queries in SQL

orderid customerid amount date

1 3 69.98 02-Apr-2000
orders

2 1 49.99 15-Apr-2000
3 2 74.98 19-Apr-2000
4 3 24.99 01-May-2000

select * from orders where customerid = 3;

orderid customerid amount date
1 3 69.98 02-Apr-2000
4 3 24.99 01-May-2000
• Other comparison operations:
– IN, BETWEEN, NOT NULL, LIKE, REGEXP
19
 Writing Queries in SQL

orderid customerid amount date

1 3 69.98 02-Apr-2000
orders

2 1 49.99 15-Apr-2000
3 2 74.98 19-Apr-2000
4 3 24.99 01-May-2000

select amount, date from orders

where customerid = 3;
amount date
69.98 02-Apr-2000
24.99 01-May-2000

20
 Writing Queries in SQL

orderid customerid amount date

1 3 69.98 02-Apr-2000
orders

2 1 49.99 15-Apr-2000
3 2 74.98 19-Apr-2000
4 3 24.99 01-May-2000

select amount, date from orders

where customerid = 3 or customerid = 1;

amount date
69.98 02-Apr-2000
49.99 15-Apr-2000
24.99 01-May-2000
21
 Writing Queries in SQL
orders
orderid customerid amount date customers
1 3 69.98 02-Apr-2000 id name address city

2 1 49.99 15-Apr-2000 1 Julie Smith 25 Oak Street Airport West

3 2 74.98 19-Apr-2000 2 Alan Wong 1147 Haines Ave. Box Hill
4 3 24.99 01-May-2000 3 Michelle Arthur 357 North Road Yarraville

select orderid, amount, date

from customers, orders
where name = 'Julie Smith'
and customers.id = orders.customerid;
orderid amount date
2 49.99 15-Apr-2000
22
 Ordered Results
customers
id name address city

1 Julie Smith 25 Oak Street Airport West

2 Alan Wong 1147 Haines Ave. Box Hill

3 Michelle Arthur 357 North Road Yarraville

It’s easier to put fields together
than to take them apart
select name, address
from customers
order by name; name address
Alan Wong 1147 Haines Ave.
Julie Smith 25 Oak Street
Michelle Arthur 357 North Road
23
 Grouping and Aggregating
select avg(amount) avg(amount)

from orders 54.985002

select id, avg(amount) id avg(amount)

from orders 1 49.990002

group by id; 2 74.980003

3 47.485002

• Aggregate functions
– AVG(column), COUNT(items), MIN(column),
MAX(column), STD(column), SUM(column)
24
 Updating Records
• Syntax
UPDATE tablename
SET col1=exp1, col2=exp2, …
[WHERE condition]
• Examples
update books
set price=price*1.1;

update customers
set address='250 Olsens Road'
where customerid = 4;
25
 Deleting Records
• Syntax
DELETE FROM table
You will usually want to
[WHERE condition]
include the WHERE clause
• Example
delete from customers
where customerid = 5;

26
 Dropping Tables
• Syntax
DELETE TABLE table
• Deletes the table and all data in it

27
Developing Object-Oriented PHP

28
 Using Objects in PHP
• Declare an object in PHP by using the new operator
with a class constructor
• A class constructor is a special function with the
same name as its class that is called automatically
when an object from the class is instantiated
• The syntax for instantiating an object is
$ObjectName = new ClassName();

29
 Using Objects in PHP
• The identifiers for an object name:
– Must begin with a dollar sign
– Can include numbers or an underscore
– Cannot include spaces
– Are case sensitive
$Checking = new BankAccount();
– Can pass arguments to many constructor functions
$Checking = new BankAccount(01234587, 1021, 97.58);

30
 Using Objects in PHP
• After an object is instantiated, use a hyphen and a
greater-than symbol (->) to access the methods and
properties contained in the object
• Together, these two characters are referred to as
member selection notation
– With member selection notation, append one or more
characters to an object, followed by the name of a method
or property

31
 Using Objects in PHP
• With methods, include a set of parentheses at the
end of the method name, just as with functions
• Like functions, methods can also accept arguments
$Checking->getBalance();
$CheckNumber = 1022;
$Checking->getCheckAmount($CheckNumber);

32
 Working with Database Connections

• Access MySQL database connections as objects by

instantiating an object from the mysqli class
• To connect to a MySQL database server
$DBConnect = mysqli_connect("localhost", "dongosselin",
"rosebud", "real_estate");
• To connect to the MySQL database server using
object-oriented style
$DBConnect = new mysqli("localhost", "dongosselin",
"rosebud", "real_estate");
• To explicitly close the database connection, use the
close() method of the mysqli class
$DBConnect->close();
33
 Selecting a Database
• Select or change a database with the
mysqli_select_db() function
• Pass two arguments to the
mysqli_select_db() function
1. The variable representing the database
connection
2. The name of the database you want to use

34
 Selecting a Database
• Example of procedural syntax to open a connection
to a MySQL database server:
$DBConnect = mysqli_connect("localhost", "dongosselin",
"rosebud");
mysqli_select_db($DBConnect, "real_estate");
// additional statements to access or manipulate database
mysqli_close($DBConnect);

• An object-oriented version of the code

$DBConnect = new mysqli("localhost", "dongosselin",
"rosebud");
$DBConnect->select_db("real_estate");
// additional statements to access or manipulate database
$DBConnect->close();
35
 Handling MySQL Errors
• With object-oriented style, check whether a value is
assigned to the mysqli_connect_errno() or
mysqli_connect_error() functions and then
call the die() function to terminate script
execution
$DBConnect = @new mysqli("localhost", "dgosselin",
"rosebud");
if (mysqli_connect_errno())
die("<p>Unable to connect to the database
server.</p>"
. "<p>Error code " . mysqli_connect_errno()
. ": " . mysqli_connect_error()) . "</p>";

36
 Handling MySQL Errors
• For any methods of the mysqli class that fail (as
indicated by a return value of false), terminate script
execution by appending die() or exit()
functions to method call statements
$DBName = "guitars";
@$DBConnect->select_db($DBName)
or die("<p>Unable to select the database.</p>"
. "<p>Error code " . mysqli_errno($DBConnect)
. ": " . mysqli_error($DBConnect)) . "</p>";

37
 Executing SQL Statements
• With object-oriented style, use the query()
method of the mysqli class
• To return the fields in the current row of a result-set
into an indexed array use
– The mysqli_fetch_row() function
• To return the fields in the current row of a result-set
into an associative array use
– The mysqli_fetch_assoc() function

38
 Executing SQL Statements
$TableName = "inventory";
$SQLstring = "SELECT * FROM inventory";
$QueryResult = $DBConnect->query($SQLstring)
or die("<p>Unable to execute the query.</p>"
. "<p>Error code " . $DBConnect->errno
. ": " . $DBConnect->error) . "</p>";
echo "<table width='100%‘ border='1'>";
echo "<tr><th>Make</th><th>Model</th>
<th>Price</th><th>Inventory</th></tr>";
$Row = $QueryResult->fetch_row();
do {
echo "<tr><td>{$Row[0]}</td>";
echo "<td>{$Row[1]}</td>";
echo "<td align='right'>{$Row[2]}</td>";
echo "<td align='right'>{$Row[3]}</td></tr>";
$Row = $QueryResult->fetch_row();
} while ($Row);

39