# Databases in Applications

SQL is declarative, intuitive, versatile, but
* cannot express all possible queries in SQL
* need to enforce business rules beyond domain/ref integrity
* need procedural constructs such as loops and decisions
* need a user interface that is both friendly and constraining

Examples of business logic:
* Check name and password. If good, login, if bad, error message
* Insert one row in Order table, then several in OrderItem table
* Insert one row in supertype table, then one row in subtype table
* Check amount < balance. If so, subtract amount from one row in bank account table, then add amount to another row
* For all rows in Customer table, send out monthly statements

Procedural programming languages can do:
* Sequence(several steps performed in order)
* Iteration(loops)
* Control flow(conditions, decisions)
* User interface(accept input and present output for users)

SQL is specialized for low-level data access

Customer places an order:
* Accept inputs from user(e.g. via web form)
* Insert row into Order table
* Repeat for each product ordered:
    * Check Product table shows sufficient quantity in stock. If so:
        * Insert one row into OrderItem table
        * Change Product table in-stock, Customer table amount-owing
* If no errors encountered, end successfully

We need to combine data manipulation with the ability to handle sequence, iteration, decision. Different approaches:

* "Embedded SQL"(Old-fashioned)
    * "host language" = C, Fortran, Cobol, Java etc
    * SQL embedded in code is interpreted and replaced with library calls

* "Dynamic SQL"(Common today)
    * Host language sends SQL to DBMS via middleware e.g. ODBC
    * Data is passed back to program as record-set
    * Host language can handle business and presentation logic

* Stored Procedures, Triggers
    * Procedural code is stored and executed in the DBMS
    * Enforce business logic within the database
    * In SQL-92 standard, but implemented differently in different DBMS(Procedural code for Oracle, MySQL and Microsoft are different)
    
Example stored procedure:

1. accept person details as inputs

2. check whether the person is already in the database

3. if yes, return error

4. if no, add to database

<img src="img/img55.png" width="400">

## Application Architectures

An information system must provide
* Presentation logic
    * Input(keyboard, touchscreen, voice etc.)
    * Output(large screen, printer, phone, ATM etc.)
* Business logic
    * Input and command handling
    * Enforcement of business rules
* Storage logic
    * Persistent storage of data
    * Enforcement of data integrity
    
<img src="img/img56.png" width="400">

* Mainframe/dumb terminal(1-tier)
    * One large computer handles all logic
    * Problems: doesn't scale up
* Client-Server architecture
    * 2-tier: presentation, business logic is handled in client application
    * 3-tier: separation of Presentation, Processing and Storage logic
* Web architecture
    * a particular form of 3 or 4 tier
    
<img src="img/img57.png" width="400">

Advantages for 2-Tier
* Clients and server share processing load(the presentation and business logic are handled by PC)
* Good data integrity since data is all processed centrally
* Stored procedures allow some business rules to be implemented on the database server

Disadvantages for 2-Tier
* Presentation, business logic, data model are intertwined at client
* If DB schema changes, all clients break(such as adding a columns to a table)
* Updates need to be deployed to all clients
* DB connection for every client, thus difficult to scale
* Difficult to implement beyond the organization(to customers)

### 3-Tier architecture

Client program & Application server & Database server

Presentation logic: Client handles interface, thinner clients, limited or no data storage

Business logic: Application server deals with business logic

Storage logic: Database server deals with data persistence and access

Advantages of 3-Tier:
* Scalability
* Technological flexibility(can change business logic easily, no impact on other parts)
* Can swap out any single component fairly easily(transfer from MySQL to Oracle)
* Long-term cost reduction
* Improved security - customer machine does presentation only

Disadvantages of 3-Tier:
* High short-term costs
* Tools and training
* Complex to design
* Variable standards(between different vendors)

### 3-Tier(Web based)

Browser handles presentation logic

Browser talks to web server via simple, standard protocol

Business logic and data storage handled on server

Pros:
* Everyone has a browser
* No need for install and maintain client software
* HTML and HTTP are simple standards, widely supported
* Opens up the possibility of global access to database

Cons:
* Even more complexity in the middle-tier
* Simple standards = hard to make complex application
* Global access = potential security nightmare

Security can be enforced at different tiers:
* application password security: for allowing access to the application software
* database-level password security: for determining access privileges to tables
* secure client/server communication: via encryption

# Web Apps

Reasons for creating web applications:
* Web browsers are ubiquitous
* No need to install client software for external customers
* Simple communication protocols
* Platform and Operating System independent
* Reduction in development time and cost
* Has enabled eGov, eBusiness, eCommerce, B2B, B2C

<img src="img/img58.png" width="400">

## Web infrastructure

Browser
* Software that retrieves and displays HTML documents

Web Server
* Software that responds to requests from browsers by transmitting HTML and other documents to browsers

Web pages(HTML documents)
* Static web pages: content established at development time such as the login page for facebook
* Dynamic web pages: content dynamically generated using data from database such as the time line for facebook

World Wide Web(WWW)
* The total set of interlinked hypertext documents residing on Web servers worldwide

## Web-related languages

Hypertext Markup Language(HTML)
* Markup language used to define a web page

Cascading Style Sheets(CSS)
* Control appearance of an HTML document

JavaScript(JS)
* Scripting language that enable interactivity in HTML documents

Extensible Markup Language(XML)
* Markup language used to transport data between web services

## Structure of an HTML document

* elements are structured as a tree(one page = one tree)
* divided into a HEAD and a BODY
* the BODY is what you see displayed in the browser
* BODY is divided into elements such as headings, paragraphs, tables, lists

HTML form:
* Forms allow users to input data to a web page
* The web server process the user's input using the file named in the 'action' attribute

<img src="img/img59.png" width="400">

The process HTML documents moves:
* User wants to see a web page
* Types URL into browser
* Browser fetches page from server and displays it

STATIC web page:
* the URL identifies a file on the server's file system
* server fetches the file and sends it to the browser
* the file contains HTML
* browser interprets the HTML for display on screen

DYNAMIC web page:
* URL identifies a program to be run
* web app runs the program
* program typically retrieves data from database
* elements such as TABLE, LIST are populated with data(web app uses LOOPs to fill the contents of TABLEs and LISTs)

## Problems with old-style web apps

Placing "raw" SQL inside PHP/HTML files
* Mixes presentation, business logic, database
* Hard to maintain when things change
* Want separation of concerns e.g. MVC(Model/View/Controller)

Lots of reinvention of wheels
* Each dev writes their own solution to common features e.g. login security, presentation templates, database access

Increasing variety of clients e.g. phones and tablets
* Manually program for different platforms

Web application frameworks: Ruby on Rails, .Net, Symfony, AngularJS, Django

## Web Services

The WWW allows humans to access databases

Web services allow computers to access databases

2 Major approaches: SOAP and REST
* Simple Object Access Protocol
* Representational State Transfer

structure data usually returned in XML or JSON format

REST nouns are resources, addressed via URIs

REST verbs correspond to DML statements

GET(select), POST(insert), PUT(update), DELETE(delete)