Your search keyword '"Language Integrated Query"' showing total 666 results

201. SQLshield: Preventing SQL Injection Attacks by Modifying User Input Data

Author

Manik Lal Das, Punit Mehta, and Jigar Sharda

Subjects

Autocommit, Database, Computer science, business.industry, Data_MISCELLANEOUS, InformationSystems_DATABASEMANAGEMENT, Data Transformation Services, computer.software_genre, User-defined function, Language Integrated Query, SQL injection, Code injection, Query by Example, Stored procedure, business, computer, Computer network, computer.programming_language

Abstract

SQL injection attacks, a class of code injection attacks, pose a serious threat to web applications. A web server allows users to perform a query in order to get the intended service where the SQL queries containing user inputs are executed by the database server. An attacker can take advantage of this query-response mechanism to inject some characters into the user input based on the attack strategy. This may lead to an SQL injection attack. If an attacker can bypass the SQL injection defense put at the web server, then the attacker can obtain some sensitive information from the database. In this paper, we present a scheme, SQLshield that prevents SQL injection attacks in web applications. SQLshield uses a randomization technique that modifies the user input data before the SQL query is executed at the database server. The randomization technique used in SQLshield modifies the user input data in such a way that the execution of the resultant SQL query does not divert from its programmer-intended execution. We compare SQLshield with other schemes and show that SQLshield performs better than the other approaches used to detect and prevent SQL injection attacks.

Published

2015

202. DEVELOPMENT OF INFORMATION SYSTEM FOR AUTOMATION OF ORGANIZATION BASED ON MICROSOFT SQL SERVER

Author

Angelina V. Bagdueva

Subjects

Open Database Connectivity, Computer science, Operating system, Data Transformation Services, computer.software_genre, computer, Identity column, Language Integrated Query, User-defined function, Microsoft Visual Studio, Microsoft Office Live Meeting, computer.programming_language, Business Intelligence Markup Language

Published

2015

203. SQLiDDS: SQL Injection Detection Using Query Transformation and Document Similarity

Author

Debabrata Kar, Suvasini Panigrahi, and Srikanth Sundararajan

Subjects

Database server, Database, Computer science, business.industry, Data Transformation Services, computer.software_genre, User-defined function, Language Integrated Query, SQL injection, Web application, Query by Example, Data mining, Stored procedure, business, computer, computer.programming_language

Abstract

SQL Injection Attack has been a major security threat to web applications since last 15 years. Nowadays, hackers use automated tools to discover vulnerable websites and launch mass injection attacks. Accurate run-time detection of SQL injection has been a challenge in spite of extensive research in this area. This paper presents a novel approach for real-time detection of SQL injection attacks using query transformation and document similarity measure. Acting as a database firewall, the proposed system named SQLiDDS, can protect multiple web applications using the database server. With additional inputs from human expert, SQLiDDS can also become more robust over time. Our experimental results confirm that this approach can effectively detect and prevent all types of SQL injection attacks with good accuracy yet negligible impact on system performance. The approach was tested on web applications built using PHP and MySQL, however it can be easily adopted in other platforms with minimal changes.

Published

2015

204. An ontological approach to describe the SQL:2003 object-relational features

Author

Mario Piattini, Aline Lúcia Baroni, F. Brito e Abreu, Coral Calero, and Francisco Ruiz

Subjects

SQL, Computer science, Programming language, Data definition language, InformationSystems_DATABASEMANAGEMENT, computer.software_genre, Language Integrated Query, Null (SQL), Hardware and Architecture, Query by Example, Stored procedure, SQL/PSM, Law, computer, SQL:2003, Software, computer.programming_language

Abstract

The SQL (Structured Query Language) is currently available in most database management systems and is the focus of an intense standardization process resulting in the latest version of the SQL:2003 standard. Standards are fundamental, but often they are difficult to use, due to their lack of understandability and the occurrence of inconsistencies. An ontology is useful for clarifying the elements of a standard, along with their interrelationships, as well as for detecting inconsistencies. In this paper we propose an ontology for the object-relational features of the new SQL:2003 standard, formalized with UML 2.0 class diagrams and OCL well-formedness rules. The ontology is instantiated with an example in which most of the new object-relational features of the SQL:2003 standard are presented.

Published

2006

205. A practical guide to SQL white-box testing

Author

Javier Tuya, M. José Suárez-Cabal, and Claudio de la Riva

Subjects

SQL, Database, Relational database, Programming language, Computer science, Data definition language, InformationSystems_DATABASEMANAGEMENT, Data Transformation Services, computer.software_genre, Query language, Computer Graphics and Computer-Aided Design, User-defined function, Language Integrated Query, Database testing, Open Database Connectivity, In-Memory Processing, Query by Example, Stored procedure, SQL/PSM, computer, Software, Business Intelligence Markup Language, computer.programming_language

Abstract

SQL is a ubiquitous language used in a wide range of applications for accessing the data stored in relational databases. However, the usual software testing techniques are not designed to address some important features of SQL. We present a set of practical guidelines for designing white-box tests cases that reasonably exercise the way in which an SQL query processes the stored data. These guidelines are illustrated using an example.

Published

2006

206. Join minimization in XML-to-SQL translation

Author

Elke A. Rundensteiner, Daniel J. Dougherty, Murali Mani, and Song Wang

Subjects

Recursive join, Tuple relational calculus, SQL, Theoretical computer science, computer.internet_protocol, Computer science, Relational database, Data definition language, Joins, Relational algebra, computer.software_genre, Query optimization, Language Integrated Query, Query by Example, Stored procedure, computer.programming_language, Programming language, InformationSystems_DATABASEMANAGEMENT, Nested set model, Relational calculus, Null (SQL), Codd's theorem, Relational model, Sargable, Conjunctive query, Domain relational calculus, computer, Software, XML, Information Systems

Abstract

Consider an XML view defined over a relational database, and a user query specified over this view. This user XML query is typically processed using the following steps: (a) our translator maps the XML query to one or more SQL queries, (b) the relational engine translates an SQL query to a relational algebra plan, (c) the relational engine executes the algebra plan and returns SQL results, and (d) our translator translates the SQL results back to XML. However, a straightforward approach produces a relational algebra plan after step (b) that is inefficient and has redundant joins. In this paper, we report on our preliminary observations with respect to how joins in such a relational algebra plan can be minimized. Our approach works on the relational algebra plan and optimizes it using novel rewrite rules that consider pairs of joins in the plan and determine whether one of them is redundant and hence can be removed. Our study shows that algebraic techniques achieve effective join minimization, and such techniques are useful and can be integrated into mainstream SQL engines.

Published

2006

207. Integration of SQL and XQuery in IBM DB2

Author

Fatma Ozcan, Krishna Kulkarni, J.-E. Michels, and Donald D. Chamberlin

Subjects

SQL, General Computer Science, Database, Computer science, Data definition language, InformationSystems_DATABASEMANAGEMENT, computer.software_genre, Computer Graphics and Computer-Aided Design, Language Integrated Query, Theoretical Computer Science, XQuery, XML database, Computational Theory and Mathematics, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, Query by Example, Stored procedure, SQL/PSM, computer, Software, Information Systems, computer.programming_language

Abstract

Relational database systems have dominated the database industry for a quarter century. However, the advent of the Web has led to requirements for storage of new kinds of information in which the order of information is important and data structure can vary over time and from one document to another. These evolving requirements have given rise to Extensible Markup Language (XML) as a widely accepted data format and to XQuery as an emerging standard language for querying XML data sources. A set of extensions to the Structured Query Language (SQL) called SQL/XML enables XML data to be stored in relational databases, taking advantage of the mature infrastructure of relational systems and combining the advantages of SQL and XQuery. However, building a bridge between SQL and XQuery is challenging due to the many syntactic and semantic differences between the two languages. This paper describes how IBM DB2® deals with this challenge and provides users with a flexible system for storing and processing both relational and XML data.

Published

2006

208. Quantitative Evaluations on the Query Modeling and System Integrating Cost of SQL/MDR

Author

Dongwon Jeong, Hoh Peter In, and Young-Gab Kim

Subjects

SQL, General Computer Science, Database, Computer science, Data definition language, Data Transformation Services, computer.software_genre, Query language, Language Integrated Query, Electronic, Optical and Magnetic Materials, Metadata, Query by Example, Stored procedure, Electrical and Electronic Engineering, computer, computer.programming_language

Abstract

SQL/MDR is a metadata registry query language used to consistently exchange and share the data between distributed metadata registries. It is an extension of the international SQL and is familiar to most database builders and administrators. It provides many advantages such as simplicity of query language, ease of use, an independent description for distributed querying, low cost for adding new systems, simplicity of exchanging mechanism, and so on. The goal of this paper is to evaluate and show its merits quantitatively. To achieve this goal, we define simulation models to compare with an existing approach and then describe the evaluation results. In the quantitative evaluation results, the good points of SQL/MDR can be identified and known.

Published

2005

209. Building data mining solutions with OLE DB for DM and XML for analysis

Author

Peter Pyungchul Kim, Zhaohui Tang, and Jamie Maclennan

Subjects

SQL, Database, computer.internet_protocol, Computer science, Online analytical processing, InformationSystems_DATABASEMANAGEMENT, Data Transformation Services, computer.software_genre, Language Integrated Query, User-defined function, XML for Analysis, World Wide Web, Open Database Connectivity, Web mining, Data mining, Web service, computer, Software, Information Systems, computer.programming_language, Business Intelligence Markup Language

Abstract

A data mining component is included in Microsoft SQL Server 2000 and SQL Server 2005, one of the most popular DBMSs. This gives a push for data mining technologies to move from a niche towards the mainstream. Apart from a few algorithms, the main contribution of SQL Server Data Mining is the implementation of OLE DB for Data Mining. OLE DB for Data mining is an industrial standard led by Microsoft and supported by a number of ISVs. It leverages two existing relational technologies: SQL and OLE DB. It defines a SQL language for data mining based on a relational concept. More recently, Microsoft, Hyperion, SAS and a few other BI vendors formed the XML for Analysis Council. XML for Analysis covers both OLAP and Data Mining. The goal is to allow consumer applications to query various BI packages from different platforms. This paper gives an overview of OLE DB for Data Mining and XML for Analysis. It also shows how to build data mining application using these APIs.

Published

2005

210. Advanced SQL modeling in RDBMS

Author

John Haydu, Srikanth Bellamkonda, Andrew Witkowski, Sankar Subramanian, Nathan Folkert, Lei Sheng, Tolga Bozkaya, and Abhinav Gupta

Subjects

SQL, Theoretical computer science, View, Computer science, Data definition language, Joins, ROLAP, computer.software_genre, Language Integrated Query, Data cube, Relational database management system, In-Memory Processing, Query by Example, Stored procedure, computer.programming_language, Programming language, Online analytical processing, InformationSystems_DATABASEMANAGEMENT, PL/SQL, Data Transformation Services, User-defined function, Nested set model, Open Database Connectivity, Null (SQL), Relational model, SQL/PSM, computer, Information Systems, MOLAP

Abstract

Commercial relational database systems lack support for complex business modeling. ANSI SQL cannot treat relations as multidimensional arrays and define multiple, interrelated formulas over them, operations which are needed for business modeling. Relational OLAP (ROLAP) applications have to perform such tasks using joins, SQL Window Functions, complex CASE expressions, and the GROUP BY operator simulating the pivot operation. The designated place in SQL for calculations is the SELECT clause, which is extremely limiting and forces the user to generate queries with nested views, subqueries and complex joins. Furthermore, SQL query optimizers are preoccupied with determining efficient join orders and choosing optimal access methods and largely disregard optimization of multiple, interrelated formulas. Research into execution methods has thus far concentrated on efficient computation of data cubes and cube compression rather than on access structures for random, interrow calculations. This has created a gap that has been filled by spreadsheets and specialized MOLAP engines, which are good at specification of formulas for modeling but lack the formalism of the relational model, are difficult to coordinate across large user groups, exhibit scalability problems, and require replication of data between the tool and RDBMS. This article presents an SQL extension called SQL Spreadsheet , to provide array calculations over relations for complex modeling. We present optimizations, access structures, and execution models for processing them efficiently. Special attention is paid to compile time optimization for expensive operations like aggregation. Furthermore, ANSI SQL does not provide a good separation between data and computation and hence cannot support parameterization for SQL Spreadsheets models. We propose two parameterization methods for SQL. One parameterizes ANSI SQL view using subqueries and scalars, which allows passing data to SQL Spreadsheet. Another method presents parameterization of the SQL Spreadsheet formulas. This supports building stand-alone SQL Spreadsheet libraries. These models are then subject to the SQL Spreadsheet optimizations during model invocation time.

Published

2005

211. Implementation of fuzzy classification in relational databases using conventional SQL querying

Author

Yauheni Veryha

Subjects

SQL, Information retrieval, Database, Computer science, Data definition language, InformationSystems_DATABASEMANAGEMENT, Data Transformation Services, PL/SQL, computer.software_genre, Language Integrated Query, Computer Science Applications, Null (SQL), Query by Example, Stored procedure, computer, Software, Information Systems, computer.programming_language

Abstract

In this paper, a framework for implementing fuzzy classifications in information systems using conventional SQL querying is presented. The fuzzy classification and use of conventional SQL queries provide easy-to-use functionality for data extraction similar to the conventional non-fuzzy classification and SQL querying. The developed framework can be used as data mining tool in large information systems and easily integrated with conventional relational databases. The benefits of using the presented approach include more flexible data analysis and improvement of information presentation at the report generation phase. To confirm the theory, a prototype was developed based on the stored procedures and database extensions of Microsoft SQL Server 2000.

Published

2005

212. Is LINQ in your toolbox?

Author

Suzanne W. Dietrich

Subjects

SQL, Functional programming, General Computer Science, Programming language, Computer science, computer.internet_protocol, computer.software_genre, Query language, Language Integrated Query, Toolbox, Education, computer, XML, computer.programming_language

Abstract

LINQ is a query language integrating declarative and functional paradigms within an object-oriented language. LINQ looks a bit like SQL with from, where, and select clauses. However, the execution order of the clauses is different due to its underlying foundation of functional programming. LINQ also provides a unifying paradigm for querying relations, objects, and XML (ROX). This paper provides a brief overview of LINQ by example and discusses its importance from both a historical and a pedagogical perspective.

Published

2013

213. Advancements in SQL/XML

Author

Andrew Eisenberg and Jim Melton

Subjects

SQL, Computer science, computer.internet_protocol, Data_MISCELLANEOUS, Efficient XML Interchange, Data definition language, computer.software_genre, Language Integrated Query, SQL/XML, World Wide Web, SQL injection, XML Schema Editor, Streaming XML, Query by Example, Stored procedure, computer.programming_language, Programming language, InformationSystems_DATABASEMANAGEMENT, XML validation, computer.file_format, Data Transformation Services, PL/SQL, User-defined function, Null (SQL), XML Protocol, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, SQL/PSM, computer, Software, XML, Information Systems, Business Intelligence Markup Language

Abstract

Since we last wrote about SQL/XML in [2], the first edition of that new part of the SQL standard has been officially published as an international standard [1], commonly called SQL/XML:2003. At the time of that earlier column, SQL/XML was just entering its first official ballot, meaning that (possibly significant) changes to the text were expected in response to ballot comments submitted by the various participants in the SQL standardization process.

Published

2004

214. C# and the .NET framework: ready for real time?

Author

Phillip A. Laplante and Michael H. Lutz

Subjects

Computer science, business.industry, Programming language, computer.software_genre, Net (mathematics), Language Integrated Query, NET Remoting, Common Language Runtime, The Internet, NET Framework, business, Software engineering, Managed code, computer, Software, computer.programming_language

Abstract

Microsoft's integrated development environment, Visual Studio.NET, includes a new programming language C# (pronounced "C sharp"), which targets the .NET Framework. Both the .NET Framework and C# are fairly well-documented technologies, but the platform's appropriateness for real-time systems has not received much attention. Microsoft doesn't specifically claim that C# and NET are intended for real-time systems, but many of the platform's general purpose features including type unsafe features, thread synchronization, and overflow-sensitive arithmetic apply to real-time systems. This article will further explore C# and the .NET Framework's suitability for real-time systems.

Published

2003

215. 122Reducing the burden of unnecessary LINQ implantable loop recorder remote downloads by implementing an in-hospital multidisciplinary strategy to individualise management of patients with high volume downloads

Author

JL Yeo, J Walsh, Andrew Staniforth, Shahnaz Jamil-Copley, T Robinson, R Oliver, AJ Ahsan, M Lyons, JH Tan, and MJ Ng Kam Chuen

Subjects

business.industry, Volume (computing), Cardiac arrhythmia, Workload, medicine.disease, Language Integrated Query, Multidisciplinary approach, Physiology (medical), Implantable loop recorder, Medicine, Medical emergency, Cardiology and Cardiovascular Medicine, business, computer, computer.programming_language

Published

2017

216. GeoSpark SQL: An Effective Framework Enabling Spatial Queries on Spark

Author

Lin Wan, Yiran Chen, Zhou Huang, and Xia Peng

Subjects

Computer science, Geography, Planning and Development, 0211 other engineering and technologies, Data definition language, spatial query processing, lcsh:G1-922, 02 engineering and technology, computer.software_genre, Query optimization, Language Integrated Query, big data, GeoSpark SQL, 0202 electrical engineering, electronic engineering, information engineering, Earth and Planetary Sciences (miscellaneous), Query by Example, spatial database, Computers in Earth Sciences, computer.programming_language, Spark, Database, Spatial database, Materialized view, InformationSystems_DATABASEMANAGEMENT, 021107 urban & regional planning, Spatial query, 020201 artificial intelligence & image processing, Sargable, computer, lcsh:Geography (General)

Abstract

In the era of big data, Internet-based geospatial information services such as various LBS apps are deployed everywhere, followed by an increasing number of queries against the massive spatial data. As a result, the traditional relational spatial database (e.g., PostgreSQL with PostGIS and Oracle Spatial) cannot adapt well to the needs of large-scale spatial query processing. Spark is an emerging outstanding distributed computing framework in the Hadoop ecosystem. This paper aims to address the increasingly large-scale spatial query-processing requirement in the era of big data, and proposes an effective framework GeoSpark SQL, which enables spatial queries on Spark. On the one hand, GeoSpark SQL provides a convenient SQL interface; on the other hand, GeoSpark SQL achieves both efficient storage management and high-performance parallel computing through integrating Hive and Spark. In this study, the following key issues are discussed and addressed: (1) storage management methods under the GeoSpark SQL framework, (2) the spatial operator implementation approach in the Spark environment, and (3) spatial query optimization methods under Spark. Experimental evaluation is also performed and the results show that GeoSpark SQL is able to achieve real-time query processing. It should be noted that Spark is not a panacea. It is observed that the traditional spatial database PostGIS/PostgreSQL performs better than GeoSpark SQL in some query scenarios, especially for the spatial queries with high selectivity, such as the point query and the window query. In general, GeoSpark SQL performs better when dealing with compute-intensive spatial queries such as the kNN query and the spatial join query.

Published

2017

217. D. SQL Query for Downloading SDSS Data

Author

Zeljko Ivezic, Andrew J. Connolly, Alexander G. Gray, and Jacob T VanderPlas

Subjects

SQL, Upload, Information retrieval, Database, Computer science, Sargable, Query by Example, computer.software_genre, Query optimization, computer, Language Integrated Query, computer.programming_language

Published

2014

218. Equivalence of Problems in Problem Based e-Learning of Database

Author

Abu Sayed Md. Latiful Hoque, Md. Rasel Uddin, and Golam Md. Muradul Bashiry

Subjects

SQL, Theoretical computer science, Database, business.industry, Computer science, Data definition language, InformationSystems_DATABASEMANAGEMENT, computer.software_genre, User-defined function, Language Integrated Query, In-Memory Processing, Query by Example, Artificial intelligence, Equivalence (formal languages), business, computer, computer.programming_language, Business Intelligence Markup Language

Abstract

Problem-based learning (PBL) is a way to learn what is needed to solve a problem, how can a solution be obtained quickly, precisely and professionally. To achieve the goal of problem-based learning, problem design and assign same level of problems among the students are important in engineering classroom environment. SQL is a major part in Database course. In problem based e-Learning of SQL, it is essential to find out the equivalence of an SQL problems to assign the set of problems to a set of students. This is necessary for equal judgment of the performance of individual students. We have developed a complexity model to find out the equivalence of problems for Problem based e-learning of database. In this model, complexity of problems is found by parsing the given solution of the problem in top down approach. We have applied our model to well-known SQL Learning and Evaluation System (SQL-LES). We have compared our calculated complexity value with the complexity value in the question bank of SQL-LES assigned by the SQL experts and found that in most cases our model generate similar complexity value as SQL-LES. Application of our model will reduce the instructor workload in SQL-LES.

Published

2014

219. Formulating second-order logic conditions in SQL

Author

Jalal Kawash

Subjects

SQL, Computer science, Programming language, Data definition language, InformationSystems_DATABASEMANAGEMENT, computer.software_genre, Language Integrated Query, User-defined function, Null (SQL), Query by Example, Stored procedure, SQL/PSM, computer, computer.programming_language

Abstract

Researchers continue to find ways by which SQL is better taught. While the language itself is easy, students find it challenging to grasp. This is aggravated with queries that require second-order logic conditions. SQL does not have a construct for universal quantification, which must be done through the negation of SQL's EXISTS construct. This paper describes a tool, RX, that tutors SQL programmers how to formulate SQL queries that require second-order logic conditions. The paper also reports on an experiment that evaluates RX.

Published

2014

220. A model architecture for Big Data applications using relational databases

Author

Robert W. Harrison, Erin-Elizabeth A. Durham, and Andrew Rosen

Subjects

SQL, Computer science, View, Relational database, Big data, Data definition language, computer.software_genre, Query optimization, Database design, Language Integrated Query, Data modeling, Relational database management system, In-Memory Processing, Query by Example, Stored procedure, Change data capture, Database model, computer.programming_language, Information retrieval, Database, business.industry, Materialized view, Nested set model, Null (SQL), Business intelligence, Sargable, business, computer

Abstract

Effective Big Data applications dynamically handle the retrieval of decisioned results based on stored large datasets efficiently. One effective method of requesting decisioned results, or querying, large datasets is the use of SQL and database management systems such as MySQL. But a problem with using relational databases to store huge datasets is the decisioned result retrieval time, which is often slow largely due to poorly written queries / decision requests. This work presents a model to re-architect Big Data applications in order to efficiently present decisioned results: lowering the volume of data being handled by the application itself, and significantly decreasing response wait times while allowing the flexibility and permanence of a standard relational SQL database, supplying optimal user satisfaction in today's Data Analytics world. In this paper we review a Big Data case study in the telecommunications field and use it to experimentally demonstrate the effectiveness of our approach.

Published

2014

221. Data Tier Applications und SQL Server Data Tools

Author

Klemens Konopasek

Subjects

Database, Computer science, Data Transformation Services, computer.software_genre, Language Integrated Query, User-defined function, World Wide Web, In-Memory Processing, Sql server, Stored procedure, Log shipping, computer, computer.programming_language, Business Intelligence Markup Language

Published

2014

222. SQL injection vulnerability general patch using header sanitization

Author

Amirmohammad Sadeghian, Azizah Abd Manaf, and Mazdak Zamani

Subjects

Autocommit, SQL, Database, business.industry, Computer science, Data definition language, InformationSystems_DATABASEMANAGEMENT, Data Transformation Services, PL/SQL, Web application security, computer.software_genre, Language Integrated Query, User-defined function, Open Database Connectivity, SQL injection, In-Memory Processing, Web application, Query by Example, Stored procedure, SQL/PSM, business, computer, computer.programming_language, Business Intelligence Markup Language

Abstract

SQL injection is one of well-known web application vulnerabilities. SQL injection is a type of attack which attacker attempts to insert malicious SQL query through none sanitized variables into the web application. Consequently web application will concatenate the variable with the legitimate query and will send it to the database for execution. In result of a successful SQL injection attack, the attacker can read from the database or modify entities of the database (Insert, Delete, Update). Currently different types of defense systems are available to defeat this vulnerability. However some of these techniques needs to stop the existence web application and patch the vulnerability, and since this process might be time consuming, it is not very practical for companies to stop their online services. To address this problem we proposed a model which can generally patch the SQL injection vulnerability. The model is not dependent on the language which the web application is written in and the amount of necessary changes in the application is low. The model can be implemented as a library which can be include in the vulnerable web application by calling one line of code.

Published

2014

223. A two tier defense against SQL injection

Author

Bharti Saneja and Naresh Duhan

Subjects

Computer science, business.industry, Web developer, Data Transformation Services, Computer security, computer.software_genre, Language Integrated Query, User-defined function, SQL injection, Web application, Query by Example, business, computer, computer.programming_language, Business Intelligence Markup Language

Abstract

In recent years with increase in ubiquity and popularity of web based applications, information systems are frequently migrated to the web, which will jeopardize security and privacy of the users. One of the most easiest and hazardous security attacks confronted by these systems is SQL injection attacks (SQLIAs). SQL injection attack is a method that can insert any malevolent query into the original query statement. In this paper, we demonstrate an efficient approach for Securing Web Application from SQL injection, which incorporates the combination of client side validation and identity based cryptography. To affirm the technique we examine it on some prototype web applications generated by web developer tools which ensure that our approach is secure and efficient and also hypothesis testing is done to validate the results.

Published

2014

224. Query Shredding: Efficient Relational Evaluation of Queries over Nested Multisets

Author

James Cheney, Sam Lindley, and Philip Wadler

Subjects

SQL, Multiset, Range (mathematics), Semantics (computer science), Relational database, Computer science, Programming language, InformationSystems_DATABASEMANAGEMENT, computer.software_genre, Language Integrated Query, computer, Shredding (disassembling genomic data), computer.programming_language

Abstract

Nested relational query languages have been explored extensively, and underlie industrial language-integrated query systems such as Microsoft’s LINQ. However, relational databases do not natively support nested collections in query results. This can lead to major performance problems: if programmers write queries that yield nested results, then such systems typically either fail or generate a large number of queries. We present a new approach to query shredding, which converts a query returning nested data to a fixed number of SQL queries. Our approach, in contrast to prior work, handles multiset semantics, and generates an idiomatic SQL:1999 query directly from a normal form for nested queries. We provide a detailed description of our translation and present experiments showing that it offers comparable or better performance than a recent alternative approach on a range of examples.

Published

2014

225. Schema-free SQL

Author

Tianyin Pan, Fei Li, and H. V. Jagadish

Subjects

Autocommit, SQL, Alias, Relational database, Computer science, View, Data definition language, Query language, Query optimization, Language Integrated Query, Information schema, In-Memory Processing, SQL injection, Schema (psychology), Query by Example, Stored procedure, Database model, computer.programming_language, Information retrieval, InformationSystems_DATABASEMANAGEMENT, Nested set model, Spatial query, Null (SQL), Conjunctive query, Sargable, SQL/PSM, computer

Abstract

Querying data in relational databases is often challenging since SQL requires its users to know the exact schema of the database, the roles of various entities in a query, and the precise join paths to be followed. On the other hand, keyword search is unable to express much desired query semantics. In this paper, we propose a query language, Schema-free SQL, which enables its users to query a relational database using whatever partial schema they know. If they know the full schema, they can write full SQL. But, to the extent they do not know the schema, Schema-free SQL is tolerant of unknown or inaccurately specified relation names and attribute names, and it also does not require information regarding which relations are involved and how they are joined. We present techniques to evaluate Schema-free SQL by first converting it to full SQL. We show experimentally that a small amount of schema information, which one can reasonably expect most users to have, is enough to get queries evaluated as if they had been completely and correctly specified.

Published

2014

226. Ranking crowd knowledge to assist software development

Author

Marcelo de Almeida Maia, Lucas Batista Leite de Souza, and Eduardo Cunha Campos

Subjects

Source code, business.industry, Computer science, media_common.quotation_subject, Software development, Recommender system, Snippet, Language Integrated Query, World Wide Web, Type of service, Ranking, business, Classifier (UML), computer, media_common, computer.programming_language

Abstract

StackOverflow.com (SO) is a Question and Answer service oriented to support collaboration among developers in order to help them solving their issues related to software development. In SO, developers post questions related to a programming topic and other members of the site can provide answers to help them. The information available on this type of service is also known as "crowd knowledge" and currently is one important trend in supporting activities related to software development and maintenance. We present an approach that makes use of "crowd knowledge" available in SO to recommend information that can assist developers in their activities. This strategy recommends a ranked list of pairs of questions/answers from SO based on a query (list of terms). The ranking criteria is based on two main aspects: the textual similarity of the pairs with respect to the query (the developer's problem) and the quality of the pairs. Moreover, we developed a classifier to consider only "how-to" posts. We conducted an experiment considering programming problems on three different topics (Swing, Boost and LINQ) widely used by the software development community to evaluate the proposed recommendation strategy. The results have shown that for 77.14% of the assessed activities, at least one recommended pair proved to be useful concerning the target programming problem. Moreover, for all activities, at least one recommended pair had a source code snippet considered reproducible or almost reproducible.

Published

2014

227. Books Database Management System Design Based on ASP

Author

Bai Xuebing

Subjects

Database server, Open Database Connectivity, Database, Computer science, ASP.NET, Data Transformation Services, Log shipping, computer.software_genre, computer, Identity column, Language Integrated Query, Data administration, computer.programming_language

Abstract

With the accelerating library information construction of information construction of electronic books, library has become an important means of strengthening management. The latest Microsoft Visual Studio.NET development platform and SQL Server 2000 database server are used to ensure that the system can meet the demands of market for a long period of time. After adjusting the books management system, robustness and scalability have been improved greatly, and can satisfy the need of relevant units.

Published

2014

228. SQL injection detection and prevention system with raspberry Pi honeypot cluster for trapping attacker

Author

Hudan Studiawan, Satrio Gita Nugraha, Baskoro Adi Pratomo, Supeno Djanali, and F. X. Arunanto

Subjects

Honeypot, Computer science, Data_MISCELLANEOUS, InformationSystems_DATABASEMANAGEMENT, Data Transformation Services, Computer security, computer.software_genre, Language Integrated Query, Open Database Connectivity, Taint checking, SQL injection, Query by Example, computer, Business Intelligence Markup Language, computer.programming_language

Abstract

One of the most common security attack for web application is SQL injection. It is an attack to acquire access to application's database through injection of script or malicious query attributes. This attack can be executed in any page of web application which interacts with database. SQL injection could be more dangerous if the victim was an enterprise system such as online banking.

Published

2014

229. Microsoft SQL Server-Administration

Author

Holger Schwichtenberg

Subjects

Open Database Connectivity, Database, Computer science, Data Transformation Services, SQL/PSM, PL/SQL, computer.software_genre, computer, Identity column, Language Integrated Query, Microsoft Visual Studio, computer.programming_language, Business Intelligence Markup Language

Published

2014

230. Visualization of the tire-soil interaction area by means of ObjectARX programming interface

Author

Krzysztof Przybył, Barbara Raba, Krzysztof Koszela, M. Gruszczyński, Wojciech Mueller, Andrzej Lewicki, Piotr Boniecki, and Maciej Zaborowicz

Subjects

Computer science, business.industry, Interface (Java), Computer programming, Language Integrated Query, Microsoft Visual Studio, Visualization, Information visualization, Data visualization, ObjectARX, Computer graphics (images), business, computer, computer.programming_language

Abstract

The process of data visualization, important for their analysis, becomes problematic when large data sets generated via computer simulations are available. This problem concerns, among others, the models that describe the geometry of tire-soil interaction. For the purpose of a graphical representation of this area and implementation of various geometric calculations the authors have developed a plug-in application for AutoCAD, based on the latest technologies, including ObjectARX, LINQ and the use of Visual Studio platform. Selected programming tools offer a wide variety of IT structures that enable data visualization and data analysis and are important e.g. in model verification.

Published

2014

231. Applying Microsoft SQL Server database in paper quality evaluation

Author

Qin Huang, Shumei Li, Minghua Dong, and Qingfen Wu

Subjects

Open Database Connectivity, Database, Computer science, SQL/PSM, Data Transformation Services, computer.software_genre, Log shipping, Identity column, computer, User-defined function, Language Integrated Query, Business Intelligence Markup Language, computer.programming_language

Published

2014

232. LittleD

Author

Ramon Lawrence and Graeme Douglas

Subjects

SQL, Database, Computer science, Relational database, business.industry, Data management, Joins, computer.software_genre, Language Integrated Query, Memory management, In-Memory Processing, Relational model, Query by Example, Stored procedure, business, computer, computer.programming_language

Abstract

Databases have reduced the cost associated with data management by abstracting applications from information processing challenges. There is an increasing need for managing and analyzing data in smaller embedded devices and sensor nodes. Due to resource limitations, these devices typically do not have well-defined data management APIs and standards such as the relational model and SQL. This results in increased complexity and cost. LittleD is a SQL relational database allowing ad-hoc queries on sensor devices. The novel implementation of LittleD adapts to memory and code size restrictions by streamlining query parsing and execution and implementing efficient memory management techniques. Experimental results demonstrate that LittleD executes queries with joins and selections on devices with less than 2 KB memory in a few seconds.

Published

2014

233. DBIQS — An intelligent system for querying and mining databases using NLP

Author

Deepa H. Kulkarni, Rohit Agrawal, Amogh Chakkarwar, Usha A. Jogalekar, and Prateek Choudhary

Subjects

SQL, Information retrieval, Database, Alias, View, Computer science, Data manipulation language, Database schema, Data definition language, InformationSystems_DATABASEMANAGEMENT, computer.software_genre, Query language, Language Integrated Query, Database design, Temporal database, In-Memory Processing, Data control language, Query by Example, Database theory, Stored procedure, computer, Intelligent database, computer.programming_language, Database model

Abstract

Facts play a critical role in our lives. We have got radical ways to accumulate and store these facts as meaningful information. A database is an organized collection of facts and information stored in the form of data. A good organization has to maintain lots and lots of data. There are ultimate tools which can collect and store the huge data in its proper format in the main repository but still the users doesn't get benefited from it up to its full potential. Retrieving meaningful information from such repositories requires an extensive knowledge of database languages like SQL. However, not everybody is able to write the complex SQL queries to extract the needful information. This intricate problem can be solved to a great extent by providing a Natural Language Interface to the users using which they can query a database in their own language. In this paper, we propose a Database Intelligent Querying System (DBIQS) which portrays completely automatic, simple, fast and reliable way to query a database.

Published

2014

234. Evaluation of Sub Query Performance in SQL Server

Author

Surya Sujarwo and Tanty Oktavia

Subjects

Information retrieval, Web search query, Computer science, SQL Server, Physics, QC1-999, InformationSystems_INFORMATIONSTORAGEANDRETRIEVAL, Sub query, InformationSystems_DATABASEMANAGEMENT, Query optimization, Language Integrated Query, Spatial query, Query expansion, Object Query Language, Query by Example, Sargable, computer, performance, computer.programming_language, indexing

Abstract

The paper explores several sub query methods used in a query and their impact on the query performance. The study uses experimental approach to evaluate the performance of each sub query methods combined with indexing strategy. The sub query methods consist of in, exists, relational operator and relational operator combined with top operator. The experimental shows that using relational operator combined with indexing strategy in sub query has greater performance compared with using same method without indexing strategy and also other methods. In summary, for application that emphasized on the performance of retrieving data from database, it better to use relational operator combined with indexing strategy. This study is done on Microsoft SQL Server 2012. Keywords: Sub query, indexing, performance, SQL Server

Published

2014

235. Algorithm to prevent back end database against SQL injection attacks

Author

Mahima Srivastava

Subjects

Database, business.industry, Computer science, Data Transformation Services, computer.software_genre, Computer security, User-defined function, Language Integrated Query, SQL injection, Server, Query by Example, Stored procedure, business, Database security, computer, Algorithm, computer.programming_language, Computer network

Abstract

SQL injection attack (SQLIA) is a technique through which attackers gain access over back-end databases by inserting the malicious codes through front-end. In recent times SQL injection attacks (SQLIAs) have emerged as a major threat to database security. Flaws in designing, improper coding practices, configuration errors, improper validation of user input etc. makes the web application vulnerable and allows the malicious user to obtain unrestricted access to confidential information. Researchers have proposed so many solutions but still SQLIAs exist. In this paper we will discuss several types of SQLIAs, existing techniques and their drawbacks. Finally I have proposed a solution using the ASCII values. I have implemented it using C# and SQL server 2005, although this algorithm can be implemented in any language and for any database platform with minimal modifications.

Published

2014

236. Effects of aggregation and data size on query performance and memory requirements of a Data Warehouse

Author

Alok Dubey, Archana Kamal, and Suresh C. Gupta

Subjects

Database, Computer science, Aggregate (data warehouse), InformationSystems_DATABASEMANAGEMENT, Dimensional modeling, computer.software_genre, Query optimization, Language Integrated Query, Data warehouse, In-Memory Processing, Sargable, Query by Example, computer, computer.programming_language

Abstract

Aggregation is a key technique to enhance query response time in a large data warehouse. This paper analyzes its effects on query performance and memory requirements. A grocery shop data warehouse has been designed for simulation purpose using Red Gate Data Generator tool along with the Business Intelligence Development Studio of Microsoft SQL Server 2008. For a desired performance gain, the requirements on aggregate and its impact on memory usage has been studied. The effects of variation in size of base cube of a Data Warehouse on memory requirement and performance gain have also been analyzed.

Published

2014

237. Effective quotation

Author

Gabriel Radanne, Philip Wadler, Sam Lindley, and James Cheney

Subjects

FOS: Computer and information sciences, D.3.1, Computer Science - Programming Languages, Computer science, Programming language, D.3.2, Translation (geometry), computer.software_genre, H.2.3, Language Integrated Query, effects, language-integrated query, quotation, Dynamic query, Simple (abstract algebra), Core (graph theory), Compiler, computer, Programming Languages (cs.PL), computer.programming_language

Abstract

Language-integrated query techniques have been explored in a number of different language designs. We consider two different, type-safe approaches employed by Links and F#. Both approaches provide rich dynamic query generation capabilities, and thus amount to a form of heterogeneous staged computation, but to date there has been no formal investigation of their relative expressiveness. We present two core calculi Eff and Quot, respectively capturing the essential aspects of language-integrated querying using effects in Links and quotation in LINQ. We show via translations from Eff to Quot and back that the two approaches are equivalent in expressiveness. Based on the translation from Eff to Quot, we extend a simple Links compiler to handle queries., Comment: Proceedings of the ACM SIGPLAN 2014 Workshop on Partial Evaluation and Program Manipulation, January 20-21, 2014, San Diego, CA, USA. Copyright is held by the owner/author(s). Publication rights licensed to ACM

Published

2014

238. Interacting with the File System

Author

Sudipta Mukherjee

Subjects

File system, Computer science, Programming language, business.industry, ComputerApplications_COMPUTERSINOTHERSYSTEMS, computer.software_genre, Language Integrated Query, Leverage (negotiation), Analytics, Scripting language, business, computer, Host (network), computer.programming_language

Abstract

You can use LINQ as you would a scripting programming language to perform several types of file system analytics operations. For .NET developers, LINQ can be as useful as PowerShell—in fact, sometimes even better, because when using LINQ, developers can still leverage all the other benefits that the host language has to offer (C# in this case).

Published

2014

239. Refactoring with MoreLINQ

Author

Sudipta Mukherjee

Subjects

Branching (version control), Open source, Code refactoring, Programming language, Computer science, Window operator, computer.software_genre, Legacy code, computer, Language Integrated Query, computer.programming_language

Abstract

In the preceding chapter, you saw how LINQ can help replace existing loops. Loop constructs can sometimes range from difficult to impossible to comprehend, especially when nested. This chapter extends the loop-to-LINQ replacement concept by showing how the open source LINQ API called MoreLINQ can help you refactor legacy code. By going beyond the core LINQ operators, the MoreLINQ API offers a wide range of operators that you can readily use to replace looping or looping/branching logic. After reading this chapter, you should be able to rewrite such code by using methods found in the MoreLINQ API.

Published

2014

240. Refactoring with LINQ

Author

Sudipta Mukherjee

Subjects

Loop counter, Operator (computer programming), Code refactoring, Ask price, Computer science, Programming language, computer.software_genre, Code snippet, Language Integrated Query, computer, ComputingMilieux_MISCELLANEOUS, computer.programming_language

Abstract

When I help my colleagues refactor their loops by using LINQ, they always ask me, “How do you know what LINQ operator to use?” I am sure my colleagues are not alone. This chapter is dedicated to providing detailed examples to help answer that question.

Published

2014

241. The SQL Standard

Author

Nelson Mendonça Mattos, Krishna Kulkarni, Hugh Darwen, Christopher M. Farrar, Jan-Eike Michels, and Andrew Eisenberg

Subjects

SQL, Computer science, Programming language, Data definition language, InformationSystems_DATABASEMANAGEMENT, Transaction time, PL/SQL, Data Transformation Services, computer.software_genre, Database design, Language Integrated Query, User-defined function, Temporal database, Valid time, Null (SQL), Query by Example, Stored procedure, SQL/PSM, computer, computer.programming_language, Foreign key

Abstract

Temporal database support was added to the SQL standard in 2011. This lengthy chapter explains that support in detail and compares and contrasts it with the ideas introduced in previous chapters. It discusses “periods” (SQL’s analog of intervals, represented by explicit from/to pairs); an SQL base table can have at most one application time period (corresponding to valid time) and at most one system time period (corresponding to transaction time). SQL supports analogs of certain of the interval operators discussed in previous chapters; unfortunately, however, it has nothing analogous to PACK and UNPACK. The chapter discusses all of these operators, also database design considerations, queries, and updates in the SQL context. In particular, it explains how queries and updates work on “tables with system time” (especially system-versioned tables) and on “bitemporal tables” (tables with both application time and system time). The chapter concludes with a detailed analysis and assessment of the SQL temporal features.

Published

2014

242. A Study of SQL-on-Hadoop Systems

Author

Yueguo Chen, Jiaheng Lu, Huijie Zhang, Haoqiong Bian, Zhaoan Dong, Yanjie Gao, Xiongpai Qin, Xiaoyong Du, Jun Chen, and Dehai Liu

Subjects

SQL, Database, Computer science, Data definition language, InformationSystems_DATABASEMANAGEMENT, Data Transformation Services, computer.software_genre, Language Integrated Query, Spatial query, In-Memory Processing, Query by Example, Stored procedure, computer, computer.programming_language

Abstract

Hadoop is now the de facto standard for storing and processing big data, not only for unstructured data but also for some structured data. As a result, providing SQL analysis functionality to the big data resided in HDFS becomes more and more important. Hive is a pioneer system that support SQL-like analysis to the data in HDFS. However, the performance of Hive is not satisfactory for many applications. This leads to the quick emergence of dozens of SQL-on-Hadoop systems that try to support interactive SQL query processing to the data stored in HDFS. This paper firstly gives a brief technical review on recent efforts of SQL-on-Hadoop systems. Then we test and compare the performance of five representative SQL-on-Hadoop systems, based on some queries selected or derived from the TPC-DS benchmark. According to the results, we show that such systems can benefit more from the applications of many parallel query processing techniques that have been widely studied in the traditional MPP analytical databases.

Published

2014

243. SQL Server Optimization Checklist

Author

Grant Fritchey

Subjects

World Wide Web, Computer science, Check constraint, Stored procedure, Data Transformation Services, Snapshot isolation, PL/SQL, Log shipping, Language Integrated Query, computer, User-defined function, computer.programming_language

Abstract

If you have read through the previous 16 chapters of this book, then you understand the major aspects involved in performance optimization. You also understand that it is a challenging and ongoing activity.

Published

2014

244. Querying Temporal Databases via OWL 2 QL

Author

Thomas Meyer and Szymon Klarman

Subjects

Spatial query, SQL, Information retrieval, Null (SQL), Computer science, Data definition language, InformationSystems_DATABASEMANAGEMENT, Conjunctive query, Query by Example, computer, Language Integrated Query, Temporal database, computer.programming_language

Abstract

SQL:2011, the most recently adopted version of the SQL query language, has unprecedentedly standardized the representation of temporal data in relational databases. Following the successful paradigm of ontology-based data access, we develop a practical approach to querying the SQL:2011-based temporal data model via the semantic layer of OWL 2 QL. The interval-based temporal query language (TQL), which we propose for this task, is based on naturally characterizable combinations of temporal logic with conjunctive queries. As the central contribution, we present rules for sound and complete rewriting of TQL queries into two-sorted first-order logic, and consequently, into corresponding SQL queries, which can be evaluated in any existing relational database management system compliant with the SQL:2011 temporal data model. Importantly, the proposed rewriting is based on the direct reuse of the standard rewriting techniques for conjunctive queries under OWL 2 QL. This renders our approach modular and easily implementable. As a notable corollary, we show that the data complexity of TQL query answering remains in AC0, i.e., as in the usual, non-temporal case.

Published

2014

245. Exploratory Data Analysis

Author

Sudipta Mukherjee

Subjects

Computer science, computer.internet_protocol, Programming language, Generalization, String (computer science), computer.software_genre, Language Integrated Query, Matrix addition, Exploratory data analysis, Code (cryptography), computer, Row, XML, computer.programming_language

Abstract

Generalization is an extremely powerful concept when applied correctly. For example, in MATLAB even the most trivial addition is performed as a matrix addition. Data comes in many formats. Mostly these formats are not ready for analysis, so programmers, researchers, and data scientists often need to write a lot of data-wrangling code to get the data into a useful form. However, LINQ has changed the way programmers interact with data. LINQ works on the generalization that data is a list—of something. For example, you can think of a database table as a list of rows, an XML file as a list of nodes, a CSV file as a list of comma-delimited string arrays, and so on.

Published

2014

246. Running SQL Server in the Cloud

Author

Kathi Kellenberger and Scott Shaw

Subjects

Computer science, business.industry, Cloud computing, Data Transformation Services, computer.software_genre, Language Integrated Query, ArcGIS Server, User-defined function, World Wide Web, Internet Authentication Service, Operating system, business, Log shipping, computer, computer.programming_language, Business Intelligence Markup Language

Abstract

I must confess that when I hear the phrase “in the cloud” I immediately picture white fluffy clouds with desktop computers, complete with monitors and keyboards strewn about. I’m not sure where this image originated because I know that Microsoft has datacenters worldwide that are situated firmly on the ground consisting of thousands of commodity servers in racks that look nothing like desktop computers. Microsoft’s cloud services are branded Microsoft Azure.

Published

2014

247. Static Code Analysis

Author

Sudipta Mukherjee

Subjects

Reflection (computer programming), Programming language, Computer science, Scripting language, Code (cryptography), Static program analysis, computer.software_genre, Base (topology), computer, Language Integrated Query, computer.programming_language

Abstract

Programmers always tend to think that code and data are separate. However, for a general-purpose framework such as LINQ, code is also data. By taking advantage of LINQ and .NET Reflection, you can perform a great deal of static code analysis and gain a lot of insight into code. This chapter presents several LINQ scripts that will help you accrue knowledge about your code base.

Published

2014

248. Performance Analysis of .NET Based Object–Relational Mapping Frameworks

Author

Aleksandra Gruca and Przemysław Podsiadło

Subjects

Information retrieval, Computer science, Order (business), Performance comparison, Sql server, Object-relational mapping, computer.software_genre, Query language, Net (mathematics), NET Framework, computer, Language Integrated Query, computer.programming_language

Abstract

Object-relational mapping is a technology that connects relationships with object-oriented entities, which aims to eliminate duplicate layers together with costs of maintenance and any errors arising from their existence. A lot of tools and technologies were designed in order to support and implement idea of object-relational mapping. In this paper we present the performance comparison of two most common object-relational mapping interfaces for .NET framework: Entity Framework and NHibernate. In the .NET developers community, there is a lot of discussion today about the similarities and differences of the both technologies. To address this issue, we compared the features and performance of both tools. We analysed the performance of Entity Framework and NHibernate for two different databases (MS SQL Server and PostgreSQL), different query languages (lambda expressions and LINQ for Entity Framework and HQL and Critera API for NHibernate) and compared the results with the standard SqlClient queries. The results show that there is no significant difference between these both tools and we proved that common opinion that NHibernate performs better than Entity Framework is incorrect.

Published

2014

249. The SQL Scripts Used in This Book

Author

Murali Vallath

Subjects

Development environment, SQL, ComputingMilieux_THECOMPUTINGPROFESSION, Database, Programming language, Computer science, computer.software_genre, Language Integrated Query, Scripting language, SQL injection, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, Query by Example, Stored procedure, SQL/PSM, GeneralLiterature_REFERENCE(e.g.,dictionaries,encyclopedias,glossaries), computer, computer.programming_language

Abstract

This appendix lists and documents the various scripts referenced and/or used in the various chapters of this book.

Published

2014

250. Static Integration of SQL Queries in C++ Programs

Author

Bartosz Zieliński, Piotr Kruszyński, Maciej Sysak, Ścibor Sobieski, and Paweł Maślanka

Subjects

Database, Computer science, Programming language, Data definition language, InformationSystems_DATABASEMANAGEMENT, PL/SQL, computer.software_genre, Language Integrated Query, Null (SQL), SQL injection, Query by Example, Stored procedure, SQL/PSM, computer, computer.programming_language

Abstract

Contemporary frameworks offer essentially two methods of accessing data in relational databases. The one using plain SQL requires writing a lot of boilerplate code and storing the SQL in a string, which is error prone and denies the benefits of static query analysis. The other one enforces the use of an additional (usually object oriented) abstraction layer which incurs additional runtime costs and hinders the use of advanced SQL capabilities. In this paper we present a working implementation of a radically different approach. Our tool uses the database engine to analyze the native SQL queries prepared by the user, and generates all the necessary classes representing query responses, single result rows and database connections. The use of native queries allows to utilize advanced and highly optimized SQL features. On the other hand, the use of the generated classes ensures that data access happens in a statically checked, type-safe way.

Published

2014