Database Applications Overview and SQL Interfaces

Questions and Answers

What type of SQL function should be used when procedural elements are required to complete a task?

• PL/pgSQL Functions (correct)
• Dynamic SQL Statements
• Stored Functions
• Single SQL Statements

Which statement about the 'clean_students' function is true?

• It is a simple wrapper of SQL statements. (correct)
• It uses procedural elements like BEGIN…END.
• It generates dynamic SQL statements at runtime.
• It returns a tuple of students.

In what situation should you be cautious of SQL injection attacks?

• When executing basic SELECT statements.
• When using stored functions.
• When generating dynamic SQL statements at runtime. (correct)
• When creating simple SQL queries.

What return type does the function 'get_top_student' have?

students (D)

Which of the following is NOT a reason to use PL/pgSQL functions over single SQL statements?

Avoid transactional handling. (A)

What is the purpose of the 'RETURN' statement in a stored function?

It sends a value back to the caller. (A)

Which of the following is a suitable language choice for database operations?

PL/pgSQL (C)

What needs to be included in the function for it to be valid according to the example given?

The function should return an integer. (A)

What is the expected output of the SQL command 'SELECT add(2, 3);'?

5 (B)

Which of the following statements best describes PL/pgSQL?

It is suitable for code with numerous SQL queries. (D)

In the provided function declaration, what type of parameters does it accept?

Integer and Integer (D)

What is the role of the 'DECLARE' section within a function?

To declare local variables. (D)

If a function has an OUT parameter, what is its purpose?

To return a value without using RETURN. (C)

What does the function get_top_student() return?

The student with the highest points (B)

What SQL clause is used to limit the number of returned records from the function?

LIMIT (D)

What is a requirement for using the RECORD type in a function, as shown in get_top_student_count?

At least two OUT parameters must be defined (C)

Which SQL function would you use to count the number of students with maximum points in get_top_student_count?

COUNT() (C)

What would happen if get_top_student() was written without the LIMIT clause?

It would return multiple records of students (A)

In the structure of the get_enrolled_students function, what condition filters the returned students?

Students who are currently enrolled (C)

What does the SELECT MAX(points) subquery achieve in the get_top_student_count function?

It retrieves the highest point value from students (C)

What is the output data type of the get_top_student function?

ONE student (A)

What is the purpose of the function get_group_counts()?

To count the number of students who graduated and those who did not. (C)

Which statement is correct regarding the RETURNS clause in functions?

It specifies the type of value the function will return. (A)

What distinguishes a stored procedure from a stored function?

Stored procedures do not have a RETURNS clause. (B)

What will be the effect of executing SELECT add_bonus(3, 5);?

It will execute the bonus update but output nothing. (A)

How is a stored procedure called in SQL?

Using CALL procedure_name(); (D)

In the context of stored functions, what does RETURNS VOID signify?

The function does not return any value or result. (A)

What type of data does the function get_group_counts() return?

TABLE with boolean and integer values. (A)

What is the main focus of the add_bonus function?

To update points for a specified student. (D)

If a stored procedure does not output a result, what is the expected outcome?

The procedure's operations are performed without visible output. (A)

Which SQL command is used to define a stored function?

CREATE FUNCTION function_name() (A)

What is a key difference between functions and procedures in PostgreSQL?

Procedures do not need to return a value. (C)

Which statement about invoking procedures is true?

Procedures must be called using the CALL statement. (D)

In what scenario would you typically use a CREATE FUNCTION instead of a CREATE PROCEDURE?

When you want to return one or more values. (B)

Can functions in PostgreSQL be VOID?

Yes, functions can return no values. (A)

What is the purpose of INOUT and OUT parameters in procedures?

To allow procedures to return multiple values. (B)

Which operation cannot be performed by functions in PostgreSQL?

Commit a transaction. (D)

Which command is used to define a procedure in PostgreSQL?

CREATE PROCEDURE (C)

What is the primary use case for a stored function in PostgreSQL?

To encapsulate complex logic and return data. (D)

What type of parameters are used in a procedure to allow it to return values?

OUT and INOUT parameters (B)

Which of the following statements regarding the execution of stored functions and procedures is true?

Functions can be executed in DML commands. (D)

What is one advantage of using SQL-based procedural languages?

Better performance (A)

What is a significant disadvantage of SQL-based procedural languages?

Limited portability (C)

Which SQL syntax is primarily used in PostgreSQL for writing stored functions?

PL/pgSQL (D)

What does the 'IN' mode signify for a function argument in SQL?

Value is passed into the function (B)

In a stored function declaration, what does the 'RETURNS' clause specify?

The datatype of the output value (D)

Which of the following is NOT a feature of OUT mode for function arguments?

Value is passed into the function (C)

What is the purpose of using a DECLARE block in a stored function?

To declare variables and constants (C)

What is a characteristic of INOUT mode for function arguments?

Can be both passed in and returned (C)

Which SQL-based procedural language is associated with SQL Server?

Transact-SQL (C)

What does the body of a stored function primarily include?

SQL statements and procedural logic (C)

Which of the following is a core feature of stored functions in SQL?

Ability to call other functions (A)

What is the function of a cursor in a SQL stored procedure?

To iterate over query results row by row (D)

Why might testing and debugging be more challenging with SQL procedures?

Complex interactions between SQL and procedural logic (C)

What does the default value of an IN mode argument indicate?

Value can be absent (B)

Flashcards

SQL Functions

Stored procedures in a database that perform specific tasks and return values.

PL/SQL

Procedural language extension for SQL, mainly used for Oracle databases.

Stored Stored Procedures

Stored blocks of code that perform specific tasks in a database.

SQL/PSM

ISO standard for persistent stored modules in SQL.

Function Arguments (Mode)

Determines how an argument is used within a function (IN, OUT, INOUT).

Function Arguments (IN)

Arguments passed into a function, not modified there.

Function Arguments (OUT)

Arguments used to return values from a function.

Function Arguments (INOUT)

Arguments used for both input and output.

Function Arguments (Name)

The identifier of an argument.

Function Arguments (Type)

Specifies the datatype of an argument.

SQL/PSM (SQL Persistent Stored Modules

Stored modules are predefined blocks of code that execute within a SQL environment.

PL/pgSQL

Procedural language extension for PostgreSQL databases.

Stored Function

A function defined within a database system, usually to perform specific tasks. Stored functions reside in the database and can be called by other parts of the system.

PL/pgSQL

A procedural language used in PostgreSQL databases to write stored functions. Similar to programming languages like Python or Java, but specifically designed for database tasks.

SQL Function

A function written in SQL and operated by the database. Includes set operations on tables, subqueries, and operators.

Function Definition

A block of code, containing the instructions on how to execute the function, with parameters or without.

Parameters (IN)

Values passed into a function to perform an operation; they can be read but not modified inside the function.

Parameters (OUT)

Values returned by a function; calculated inside function and returned, can have multiple OUT parameters.

Function Return Value

The result or output of a function. It can be a single value or multiple values, depending on how the function is written.

Language Selection

Choosing the programming language in which the function is written (e.g., SQL, PL/pgSQL, PL/Python).

SQL vs. PL/pgSQL

SQL is a set-oriented language, while PL/pgSQL is procedural allowing more complex calculations, control flow (if..then..else) and variable use.

Stored Functions

Functions that are stored in the database and can be called like normal functions.

SQL Statements

Instructions for the database to perform operations (like selecting data or updating records).

plpgsql

A procedural language available in PostgreSQL that allows creating stored procedures and functions with more complex logic than just SQL alone.

Stored Function (clean_students)

A stored function that deletes graduated students from the database and returns the count of remaining students.

Return Value

The result produced by a function. Can be a simple value or a more complex object.

Dynamic SQL

SQL statements that are generated at runtime, rather than being hardcoded.

SQL Injection

A security vulnerability where malicious SQL code is inserted into an application's input parameters.

Function Syntax

CREATE FUNCTION function_name() RETURNS data_type AS $$ SQL queries $$ LANGUAGE sql;

get_top_student() Function

A function to retrieve student having maximum points in database (student table).

Function get_top_student

A SQL function that selects the student with the highest points from the 'students' table.

RETURNS students

Indicates that the function returns a single row from the 'students' table.

RETURNS SETOF students

Defines a function that produces a set of rows from the 'students' table.

OUT parameter

An argument used to return values from a function.

Function get_top_student_count

A function that returns the highest points and the count of students with that score.

RECORD return type

Allows the return of multiple values/columns in a function.

LIMIT 1 clause

In a 'SELECT' statement, it restricts to only one row matching the selection criteria.

Error in get_top_student

The code will give an error because 'students' is not a 'return' type.

Stored Function

A function defined within a database that performs specific tasks and returns values.

Function Return Value

The result or output provided by a function after executing its code.

Stored Procedure

A stored block of code that performs specific tasks in a database, but does not return a value.

CALL command

Used to execute a stored procedure in a database.

RETURNS clause

Used in stored function definitions to specify what type of value is returned.

No Return Value

A situation where a stored function or procedure does not provide a return value.

SQL vs Functions

SQL are set-oriented and functions allows using a more focused commands in the database.

Stored Function vs. Procedure

Both are stored blocks of code in a database, but functions must return a value, while procedures don't need to.

Function Return Value

The result a function produces. It can be a single value or multiple

Procedure Transactions

Procedures can execute transactions (commit or rollback) in a database. Functions can't.

Function Invocation

Functions are called by using them in SELECT statements

Procedure Invocation

Procedures are called using a CALL statement as an isolated instruction

Return Value via Parameters

Procedures can use 'OUT' and 'INOUT' parameters to return values

Best Practice (Functions)

Use functions to return values. This code style is usually preferred.

Study Notes

Overview of Database Applications

• This lecture covers writing database applications using SQL.
• The core of the material focuses on two main types of interfaces: Statement Level Interface (SLI) and Call Level Interface (CLI).
• SQL injection attacks are also a significant topic.

SQL Functions and Procedures

• Understanding Motivation & Overview
• Main Parameters: arguments, language, return values
• Assignments & Control Structures
• Cursors

Statement Level Interface (SLI)

• Code blends host language statements with SQL statements.
• Embedded SQL and Dynamic SQL are examples of SLI implementation.
• Includes a detailed process for writing, preprocessing, and compiling SLI-based code. Specifics for SLI using C given.
• Common steps for declaring, connecting, executing, and deallocating SLI code explained.

Call Level Interface (CLI)

• Application written entirely in a host language.
• SQL statements are arguments to the host procedures and libraries.
• Various libraries are available. For instance, ODBC (Open DataBase Connectivity), and JDBC (Java DataBase Connectivity).
• Python Libraries: pyodbc and psycopg are key for handling DBMS communications.

SQL Injection Attack

• Cyberattacks target dynamic SQL.
• These attacks aim to execute malicious SQL statements within applications.
• Often arise from concatenating user inputs with SQL strings leading to unexpected functionality.
• Common attack vector: forms in web interfaces where user inputs configure the SQL statements.

SQL Functions & Procedures

• Motivation and Overview Details.
• Key parameters and control structures of SQL functions and procedures explained.
• A detailed example on returning multiple values is provided.

Cursors

• Purpose: Cursors provide a mechanism to access query results row by row, which can prevent memory overrun when the query result is very large.
• General workflow: The procedure for declaring, opening, fetching tuples from a cursor, and closing.
• Cursors are important for situations involving navigating through and manipulating individual rows returned by a SELECT statement.
• The provided example demonstrates how to find the median of a numerical field from a table using a cursor.
• Practical methods for finding the median of a numerical field using Cursors and functions in PostgreSQL, given.

Stored Functions

• Basic Syntax: Structure for creating stored functions in PostgreSQL, incorporating explicit type declarations, argument modes(IN, OUT, INOUT), and return statements.
• SQL vs PL/pgSQL: Advantages and disadvantages of each approach are discussed. The best practice is selected based on the type of operations required.
• Return Values: Details on returning values beyond single values. This includes the creation of a set of tuples, one new tuple concepts and a discussion of important circumstances requiring more than one return value for stored functions/procedures.
• Example of procedures that do not return any values and how they are created are given.
• Comparison and contrast between functions that return values, and procedures that do not return values in PostgreSQL.

Assignments with SQL

• Basic assignments in SQL.

• Assignment of query results explained.

• A detailed explanation of assignments with SQL, focusing on the fundamental use of the assignment operator for assigning values to variables that store data associated with DB operations.

Control Structures

• IF-THEN-ELSE block.

• CASE expressions.

• Simple loops in the languages used for operations on the DB.

• A presentation of control structures, including IF expressions and CASE expressions, to manage logical conditions in SQL PL, with emphasis on the control structures required to navigate through data in a specific order or manipulate data based on conditions, or in loops.

Summary of the Lecture

• Summary of the lecture discussing practical considerations for implementing functions and procedures, and the importance of understanding the principles behind their application.