You are on page 1of 8

CP3003 Lecture 23 2001.

Lecture 23
Web and Database - MySQL

1 Introduction
The final tier in our n-tier architecture is the data tier. The particular program we will use to
implement our data tier is MySQL.

2 The Players
The implementation of our data tier involves a number of components, roles and activities in-
cluding:

Data Repository This is the location where the data and metadata components of the database
are stored. In RedHat Linux 7.1, these can be found in /var/lib/mysql
# /bin/ls -lF /var/lib/mysql
total 8
drwx------ 2 mysql mysql 4096 May 11 10:59 mysql/
srwxrwxrwx 1 mysql mysql 0 May 13 09:23 mysql.sock=
drwx------ 2 mysql mysql 4096 May 11 10:59 test/
#

A convenient feature of MySQL is that it stores individual databases in their own direc-
tories; each such directory contains all of the information required by its database. In
a sense, we can treat the directory as an object that encapsulates all of the information
concerning a database. This approach has a number of advantages including:

 A database can be backed up by adding its directory to the regular backup schedule;
 A database can be migrated from one machine to another by moving its directory1
Database Server The server, /usr/libexec/mysqld, listens on port 3306. It accepts high-
level requests from clients, produces responses and manages the data repository.
Database Client There are a number of database clients, including some written in PHP. Some
clients are provided as part of the mysql distribution for managing the database:
mysqlaccess Create new MySQL users
mysqlshow Show the structure of a MySQL database
mysql Text-based client
mysqladmin Utility for performing administrative operations
mysqld multi Utility for managing multiple mysqld servers
mysqldump Dump or backup a MySQL database
1 Within limits; if the machine architectures are different e.g., Intel IA32 and Compaq Alpha, we may need to convert

the formats of objects like floating point numbers or integers. To do this, we would use a tool such as mysqldump that
will export the database in a more univeral presentation format.

Lecture 23 Page 1 Web and Database - MySQL


CP3003 Lecture 23 2001.1

Database Administrator (DBA) The DBA is responsible for:


 managing the database system
 creating and deleting databases
 creating and deleting user accounts
 assigning access controls that determine which operations users can perform on the
various databases.
Database Users Users are the entities that access the database. Each user has a name and
may have a password which they need to quote in order to authenticate with the database.
Under our definition, an application program is a valid a database user.

We can use the mysql client to explore the initial database structure as shown below.
1 $ mysql -A
2 Welcome to the MySQL monitor. Commands end with ; or \g.
3 Your MySQL connection id is 11 to server version: 3.23.36
4
5 Type ’help;’ or ’\h’ for help. Type ’\c’ to clear the buffer
6
7 mysql> show databases;
8 +----------+
9 | Database |
10 +----------+
11 | mysql |
12 | test |
13 +----------+
14 2 rows in set (0.00 sec)
15
16 mysql> use mysql;
17 Database changed
18 mysql> show tables;
19 +-----------------+
20 | Tables_in_mysql |
21 +-----------------+
22 | columns_priv |
23 | db |
24 | func |
25 | host |
26 | tables_priv |
27 | user |
28 +-----------------+
29 6 rows in set (0.00 sec)
30

Line 7 Show the databases this server currently knows about. The test database is empty. As
its name suggests, the mysql database is used by MySQL for management purposes.
Line 16 Select a databae to use. We are interested in the mysql database.
Line 18 List the tables in the mysql database.

3 Access Controls
An Access Control List (ACL) is a vector that describes what operations a user may perform.
ACLs are associated with the object to which they control access, and an object will typically
have multiple ACLs associated with it, one ACL per user. If we were to consider a database as
an object, it would have one or more users, each of which would be able some combination of
operations on the database. These operations would include actions like update, query, insert,
delete and so on. This information could be represented mathematically as a matrix with one
row per user and one column for each of the operations that the user may perform. Each
element of the matrix could be a boolean flag indicating that a particular user can or cannot

Lecture 23 Page 2 Web and Database - MySQL


CP3003 Lecture 23 2001.1

perform a particular operation. If this all sounds to you like it could be implemented trivially as
a table, then you are thinking in a most appropriate manner. Figure 1 shows the contents of the
user table in the mysql database.

31 mysql> select * from user;


32 +-----------+------+----------+-------------+-------------+-------------+
33 | Host | User | Password | Select_priv | Insert_priv | Update_priv |
34 +-----------+------+----------+-------------+-------------+-------------+
35 | localhost | root | | Y | Y | Y |
36 | cu | root | | Y | Y | Y |
37 | localhost | | | N | N | N |
38 | cu | | | N | N | N |
39 +-----------+------+----------+-------------+-------------+-------------+
32 -------------+-------------+-----------+-------------+---------------+
33 Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv |
34 -------------+-------------+-----------+-------------+---------------+
35 Y | Y | Y | Y | Y |
36 Y | Y | Y | Y | Y |
37 N | N | N | N | N |
38 N | N | N | N | N |
39 -------------+-------------+-----------+-------------+---------------+
32 --------------+-----------+------------+-----------------+------------+
33 Process_priv | File_priv | Grant_priv | References_priv | Index_priv |
34 --------------+-----------+------------+-----------------+------------+
35 Y | Y | Y | Y | Y |
36 Y | Y | Y | Y | Y |
37 N | N | N | N | N |
38 N | N | N | N | N |
39 --------------+-----------+------------+-----------------+------------+
32 ------------+
33 Alter_priv |
34 ------------+
35 Y |
36 Y |
37 N |
38 N |
39 ------------+
40 4 rows in set (0.00 sec)
41
42 mysql>

Figure 1: user table in mysql database. In this listing, the formatting has been adjusted to
make the table more readable. Lines 32-39 appear four times; this is just the result of wrap-
ping around a very wide table. This table shows the operations that root and other users may
perform.

Internally, MySQL uses a number of such grants tables to manage accesses. These tables and
their uses include:

user Users that may connect to the server and the operations that they may perform.
db Operations that users may perform on specific databases
tables priv Operations that users may perform on specific databases
columns priv Operations that users may perform on specific columns

Some entries in these tables have special meanings:

 An empty entry in the Password column means the user has no password
 An empty entry in the User column means that any user can perform the accesses ac-
crded to them by that row in the table
 The % character is a wild card that can be used for hostnames. For example, a hostname
of %.cs.jcu.edu.au means that a user can connect to the database from any host in
the cs.jcu.edu.au domain.

Lecture 23 Page 3 Web and Database - MySQL


CP3003 Lecture 23 2001.1

Figure 1 also shows that, by default, root has all of the privileges. This would imply that the
system administrator (root) is also the DBA. We can remedy this situation by creating a DBA
user who can perform all operations. This would enable us to keep the database and system
administration roles separate.2
The default installation also does not provide a password for root. Fig 2 shows what is possible
with this configuration.

$ mysql mysql
ERROR 1044: Access denied for user: ’@localhost’ to database ’mysql’
$ mysql -u root mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6 to server version: 3.23.36
Type ’help;’ or ’\h’ for help. Type ’\c’ to clear the buffer
mysql> select * from user;
+-----------+------+----------+...
| Host | User | Password |...
+-----------+------+----------+...
| localhost | root | |
+-----------+------+----------+...
: : : :

Figure 2: Unauthorized root access allowed with default configuration.

3.1 Managing Access Controls


Since MySQL uses tables to store access control informations, we can manage acces controls
by directly manipulating these tables. Figure 3 shows how we can assign a password to the
root user.

mysql> update user set password="cdrom34c" where user="root";


Query OK, 2 rows affected (0.00 sec)
Rows matched: 2 Changed: 2 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> select host, user, password from user;
+-----------+------+----------+
| host | user | password |
+-----------+------+----------+
| localhost | root | cdrom34c |
| cu | root | cdrom34c |
| localhost | | |
| cu | | |
+-----------+------+----------+
4 rows in set (0.00 sec)
mysql>

Figure 3: Updating user table.

Note that the strings entered into the password column are unencrypted. MySQL provides a
function password() that generates an encrypted password string.

2 Even though in some installations, both of these roles may be performed by the one person.

Lecture 23 Page 4 Web and Database - MySQL


CP3003 Lecture 23 2001.1

mysql> update user set password=password("cdrom34c") where user="root";


Query OK, 2 rows affected (0.00 sec)
Rows matched: 2 Changed: 2 Warnings: 0
mysql> select host, user, password from user;
+-----------+------+------------------+
| host | user | password |
+-----------+------+------------------+
| localhost | root | 10193d2d6a5fbe14 |
| cu | root | 10193d2d6a5fbe14 |
| localhost | | |
| cu | | |
+-----------+------+------------------+
4 rows in set (0.00 sec)
mysql>

Figure 4: Updating user table using the password() function.

While it is possible to manage access controls by directly manipulating the grant tables, the [DuB00]
preferred mechanism is to use the grant and revoke commands. Figure 5 shows the use of
the grant statement.

mysql> grant all on *.* to root@localhost


-> identified by "moo23con" with grant option;
Query OK, 0 rows affected (0.00 sec)
mysql> select host, user, password from user;
+-----------+------+------------------+
| host | user | password |
+-----------+------+------------------+
| localhost | root | 2f4c0c0218b0f389 |
| cu | root | 10193d2d6a5fbe14 |
| localhost | | |
| cu | | |
+-----------+------+------------------+
4 rows in set (0.00 sec)
mysql>

Figure 5: Updating user table using the grant statement.

4 Creating a Database
Let’s create a database for an hypothetical PC store, “PCbits” that sells the components required
to build a PC: motherboards, processors, RAM, etc. Each product the store sells has:

sku Stock keeping unit.


type Processor, memory, etc
manufacturer Intel, AMD, etc.
description Detailed description of product
price Cost in cents.
stock Number in stock.

A Stock Keeping Unit (SKU) uniquely identifies a particular item and represents the smallest
amount of an item that may be dispensed. For example, the SKU for a ream of A4 paper might

Lecture 23 Page 5 Web and Database - MySQL


CP3003 Lecture 23 2001.1

be PAPER01234 and the fact that this product has a SKU indicates that this is the smallest unit
that is sold i.e., we don’t sell individual sheets of paper.
Developing this database is a non-trivial programming exercise and it is unlikely that we will get
it right first time, so we place the SQL statements into a file and use the source command
of the mysql command line client to load and execute the statements. This has a number of
advantages:

 We can use editing tools we are familiar with to manipulate the source
 If we already have a textual version of the data, perhaps as the output of a spreadsheet
or other tool, we can convert this into SQL statements that insert the data into the tables
using: editor features such as regular expressions3 ; stream processing tools such as
sed(1), awk(1)
 This is actually a very portable presentation layer format that is understood by a large
number of systems.

Figure 6 shows the script file pcbits.sql that creates and initializes the database.

#
# File: pcbits.sql
# Description: Create and populate the pcbits database
#
#
# Delete any old versions of the database
#
drop database if exists pcbits;
#
# Create a new database
#
create database pcbits;
use pcbits;
#
# Add product table
#
create table if not exists products (
sku varchar(20) not null,
type varchar(20) not null,
manufacturer varchar(20) not null,
description varchar(50),
price int not null,
primary key (sku)
);
#
# Populate the product table
#
insert into products values (’1000’,’Processor’,’AMD’,’Duron 750MHz’,13500);
insert into products values (’1001’,’Processor’,’AMD’,’Thunderbird 1GHz’,39000);
insert into products values (’1002’,’Processor’,’Intel’,’Pentium III 1GHz’,43100);
insert into products values (’1003’,’Processor’,’Intel’,’Celeron 600 MHz’,12500);
insert into products values (’2000’,’Motherboard’,’Asus’,’A7A266 Socket A’,30500);
insert into products values (’2001’,’Motherboard’,’Asus’,’CUSL2 PGA370’,31000);
insert into products values (’2002’,’Motherboard’,’Epox’,’8KTA3 Socket A’,43100);
insert into products values (’2003’,’Motherboard’,’MSI’,’MS6368 Socket 370’,43100);
insert into products values (’3000’,’Memory’,’KingMax’,’128MB PC130 SDRAM’,11000);
insert into products values (’3001’,’Memory’,’KingMax’,’128MB DDR SRAM’,22000);
insert into products values (’3002’,’Memory’,’Apacer’,’128MB RDRAM’,62000);
insert into products values (’3003’,’Mem-
ory’,’Apacer’,’128MB PC150 SDRAM ECC’,25100);
#
# End pcbits.sql
#

Figure 6: Script to create and initialize pcbits database.

3 Available in any respectable editor.

Lecture 23 Page 6 Web and Database - MySQL


CP3003 Lecture 23 2001.1

The script embodies the debugging cycle which consists of deleting the old database, then
creating and populating the new one.
Figure 7 shows the result of loading this database into MySQL.

$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 25 to server version: 3.23.36
Type ’help;’ or ’\h’ for help. Type ’\c’ to clear the buffer
mysql> show databases;
+----------+
| Database |
+----------+
| mysql |
| test |
+----------+
2 rows in set (0.00 sec)
mysql> source pcbits.sql;
Query OK, 0 rows affected (0.00 sec)
:
: (noise elided)
:
Query OK, 1 row affected (0.00 sec)
mysql> show databases;
+----------+
| Database |
+----------+
| mysql |
| pcbits |
| test |
+----------+
3 rows in set (0.01 sec)
mysql> select * from products;
+------+-------------+--------------+-----------------------+-------+
| sku | type | manufacturer | description | price |
+------+-------------+--------------+-----------------------+-------+
| 1000 | Processor | AMD | Duron 750MHz | 13500 |
| 1001 | Processor | AMD | Thunderbird 1GHz | 39000 |
| 1002 | Processor | Intel | Pentium III 1GHz | 43100 |
| 1003 | Processor | Intel | Celeron 600 MHz | 12500 |
| 2000 | Motherboard | Asus | A7A266 Socket A | 30500 |
| 2001 | Motherboard | Asus | CUSL2 PGA370 | 31000 |
| 2002 | Motherboard | Epox | 8KTA3 Socket A | 43100 |
| 2003 | Motherboard | MSI | MS6368 Socket 370 | 43100 |
| 3000 | Memory | KingMax | 128MB PC130 SDRAM | 11000 |
| 3001 | Memory | KingMax | 128MB DDR SRAM | 22000 |
| 3002 | Memory | Apacer | 128MB RDRAM | 62000 |
| 3003 | Memory | Apacer | 128MB PC150 SDRAM ECC | 25100 |
+------+-------------+--------------+-----------------------+-------+
12 rows in set (0.00 sec)
mysql>

Figure 7: Loading the pcbits.qsql script using the mysql client.

5 Exercises
1. After you have finished populating the database, you realize that you have not included
the quantity in stock column in the products table. Describe:

(a) How you would add the new column to the database
(b) The process you would use to synchronize the values in this column when bringing
the database into service.

Lecture 23 Page 7 Web and Database - MySQL


CP3003 Lecture 23 2001.1

(c) How your database client programs would synchronize the values in this column
when a sale is made.

2. Perform a more formal and complete analysis of the PCbits online store. Document your
schema and implement it in MySQL, populating the tables with a few example values.
3. How would you implement an online shopping cart using MySQL?

References
[DuB00] P. DuBois. MySQL. New Riders Professional Library, 2000. ISBN 0-7357-0921-1.

Lecture 23 Page 8 Web and Database - MySQL