01 Developing Successful Oracle Applications

varchar2 类型定义时, 个人认为应该选择byte 类型, 即 varchar2(20), oracle 支持的最大的字符串是 varchar2(4000), 同时, 个人认为, 当你定义一个varchar2时, 首先预判这个地段大概能放多少内容, 比如20个字符,但是由于多字符集中, 比如utf8, 一个字符并不是对应一个字节, 比如有可能对应4个字节, 所以, 比如我们定义的字段有20个字, 那么, 我们需要定义80个字节以上, 比如 varchar2(100), 这样是比较保险的

You should do it in a single SQL statement if at all possible. And believe it or not, it is almost always possible.
If you can’t do it in a single SQL statement, do it in PL/SQL – as little PL/SQL as possible! Follow the saying that goes “more code = more bugs, less code = less bugs.”
if you can’t do it in PL/SQL, try a Java stored procedure. The itmes this is necessary are extremely rare nowadays with oracle9i and above.
if you can’t do it in Java, do it in a C external procedure. This is most frequently the approach when raw speed or using a third-parth API written in C is needed.
if you can’t do it in C external routine, you might want to seriously think about why it is you need to do it. –- 还是大师搞笑.

基本上 95% 的问题都可以通过 SQL, PL/SQL 解决.

看来, 连 developer 都需要了解 oracle 内部原理, 架构, 实现. 否则 oracle 就是个"黑盒”, 当你写 sql 语句时, 就可能出现问题.

With the database, you need to be aware of how it works but you don’t have to know everything inside and out.

bitmap index: bitmap 比如性别, 如果你使用bitmap索引, 当你插入新记录时, 比如你插入的记录在这个column的值是n, 那么在这个table中的所有的这个column 是 n 的列都会被 lock, 所以, 这时如果有人想要修改n到y, 那么在加锁时, 就会发现锁已经被占用, 从而进入等待.

Note: i will use autonomous transactions(自治事务) throughout(贯穿) this book to demonstrate locking, blocking, and concurrency issues. it is my firm belief that autonomous transactions are a feature that oracle should not have exposed to developers. Beyond using them as a demonstration tool, autonomous transactions have exactly one other use-as an error-logging mechanism.

看来这个自治事务只能在以下地方使用:

1) error-logging: 就是记录错误, 将错误信息保存在一个table 并且commit it, 自治事务的commit不会影响其他事务.

2) demonstrating concept: 即用来演示某些概念, 只是演示, 不能在生产库中进行. (比如演示两个事物锁的问题)

Bit-map 索引的问题, 注意如果删除了bitmap索引, 那么以下实验是成功的

create table t

( test_flag varchar2(1));

create bitmap index t_idx on t(test_flag);

insert into t values('N');

declare

pragma autonomous_transaction;

begin

    insert into t values('Y');

end;

/

实际上, 上边的例子, 我们创建B*Tree索引是很好的, 就不会出现这个问题.

When we created the index, we had to choose between the following approaches:
• Just create an index on the processed-flag column.

• Create an index only on the processed-flag column when the processed flag is N,

that is, only index the values of interest. We typically don’t want to use an index

when the processed flag is Y since the vast majority of the records in the table have

the value Y. Notice that I did not say “We never want to use….” You might want to

very frequently count the number of processed records for some reason, and then

an index on the processed records might well come in very handy.

上面说的, 只对 test_flag 这列的值等于 N 时创建的索引.

create index t_idx on t(decode(processed_flag, ‘N’, ‘N’));

80% ~ 90% 调优是在 application 层面

-- index for function

create table t

(     id    number primary key,

    test_flag    varchar2(1),

    payload        varchar2(20)

);

create index t_idx on t(decode(test_flag, 'N', 'N'));    -- if test_flag == 'N', return 'N'

insert into t

select r,

        case

        when mod(r, 2) = 0 then 'N'

        else 'Y'

        end,

        'payload ' || r

   from (select level r

           from dual

           connect by level <= 5)

/

select * from t;

create or replace function get_first_unlocked_row

return    t%rowtype

as

    resource_busy exception;

    pragma exception_init(resource_busy, -54);

    l_rec t%rowtype;

begin

    for x in (select rowid rid

                from t

               where decode(test_flag, 'N', 'N') = 'N')

    loop

    begin

        select * into l_rec

          from t

         where rowid = x.rid and test_flag = 'N'

           for update nowait;

        return l_rec;

    exception

        when resource_busy then null;

        when no_data_found then null;

    end;

    end loop;

    return null;

end;

/

-- test function

declare

l_rec t%rowtype;

begin

    l_rec := get_first_unlocked_row;

    dbms_output.put_line('I got row ' || l_rec.id || ', ' || l_rec.payload);

    commit;

end;

/

-- 这条语句返回的结果是 , 2

declare

l_rec t%rowtype;

cursor c

is

select *

  from t

 where decode(test_flag, 'N', 'N') = 'N'    -- use decode function is for index

   for update

  skip locked;

begin

    open c;

    fetch c into l_rec;

    if (c%found)

    then

        dbms_output.put_line('I got row ' || l_rec.id || ', ' || l_rec.payload);

    end if;

    close c;

end;

/

-- 这条语句同样返回的结果是, 2

declare

l_rec t%rowtype;

pragma autonomous_transaction;

cursor c

is

select *

  from t

 where decode(test_flag, 'N', 'N') = 'N'    -- use decode function is for index

   for update

  skip locked;  -- 如果不使用这条语句, 那么整个这个过程就会被挂起, 等待

begin

    open c;

    fetch c into l_rec;

    if (c%found)

    then

        dbms_output.put_line('I got row ' || l_rec.id || ', ' || l_rec.payload);

    end if;

    close c;

    commit;

end;

/

-- 返回的结果是 4

How (and How Not) to Develop Database Applications

1. Understanding Oracle Architecture

2. Use a Single Connection in Oracle (多个查询共用1个连接 connnection)

对比sqlserver,

in SQL Server it is a very common practice to open a connection to the database for each concurrent statement you want to execute, If you are going to do five queries, you might well see five connections in SQL Server. but In Oracle, if you want to do five queries or five hundred, the maximum number of connections you want to open is one.

3. Use Bind Variables

软解析与硬解析的对比, 另外如果不使用绑定变量时, 有可能出现 SQL INJECTION(SQL注入), 即当程序员在编写代码的时候, 没有对用户输入数据的合法性进行判断, 使应用程序存在安全隐患.

测试 sql injection

/*

 * This program will test SQL injection when you don't use bind variable.

 */

create or replace procedure inj(p_date in date)

as

    l_rec    all_users%rowtype;

    c        sys_refcursor;

    l_query    long;

begin

    l_query := '

        select *

          from all_users

         where created = ''' || p_date || '''';

        dbms_output.put_line(l_query);

        open c for l_query;

        for i in 1..5

        loop

                fetch c into l_rec;

                exit when c%notfound;

                dbms_output.put_line(l_rec.username || '.....');

        end loop;

        close c;

end;

/

-- you want to show

exec inj(sysdate);

-- show the dangerous part about this inj procedure

create table user_pw

( uname varchar2(30) primary key,

  pw varchar2(30)

);

insert into user_pw(uname, pw)

values('TKYTE', 'TO SECRET');

COMMIT;

-- now, some user don't know user_pw table exist, simulation this table

-- +is very important.

grant execute on inj to scott;

-- so now, scott connect the database, and do as below

alter session set nls_date_format = '"''union select tname, 0, null from tab--"';

exec leon.inj(sysdate);

/*

 * The result is:

 * -----------------------------------------

   select *

     from all_users

    where created = ''union select tname, 0, null from tab--'

 * -----------------------------------------

 * we know table information, some important table.

 */

-- in this way, scott can see the table user_pw(very important table)

-- now they want to try to select this important table.

select * from leon.user_pw;  -- but they can not, because they don't have privilege.

alter session set nls_date_format = '"''union select tname || cname, 0, null from col--"';

exec leon.inj(sysdate);

/*

 * The result is:

 * -----------------------------------------

   select *

     from all_users

    where created = ''union select tname || cname, 0, null from col--'

 * -----------------------------------------

 * we know the column information in some important table.

 */

-- use bind variable to pertect you.

create or replace procedure NOT_inj(p_date in date)

as

    l_rec    all_users%rowtype;

    s        sys_refcursor;

    l_query    long;

begin

        l_query := '

        select *

          from all_users

         where created = :x';

        dbms_output.put_line(l_query);

        open c for l_query using P_DATE;

        for i in 1..5

        loop

                fetch c into l_rec;

                exit when c%notfound;

                dbms_output.put_line(l_rec.username || '....');

        end loop;

        close c;

end;

/

-- test not_inj

exec not_inj(sysdate);

/*

 * The result is:

 * -----------------------------------------

   select *

     from all_users

    where created = :x

 * -----------------------------------------

 */

-- so from now on, you must use bind variable. ^^

4. Understanding Concurrency Control

Concurrency issues are the hardest to track down; the problem is similar to debugging a multithreaded program.

locks are the mechanism that allows for concurrency.

If you or the database itself locks data unnecessarily, fewer people will be able to concurrently perform operations. Thus, understanding what locking is and how it works in your database is vital if you are to develop a scalable, correct application.

What is also vital is that you understand that each database implements locking differently.

The following points sum up Oracle’s locking policy:

• Oracle locks data at the row level on modification. There is no lock escalation to a block or table level.

• Oracle never locks data just to read it. There are no locks placed on rows of data by simple reads.

• A writer of data does not block a reader of data. Let me repeat: reads are not blocked by writes. This is fundamentally different from many other databases, where reads are blocked by writes. While this sounds like an extremely positive attribute (and it generally is), if you do not understand this thoroughly and you attempt to enforce integrity constraints in your application via application logic, you are most likely doing it incorrectly.

• A writer of data is blocked only when another writer of data has already locked the row it was going after. A reader of data never blocks a writer of data.