Chapter 7: Data Base manipulation using php

7.1
Understanding the MySQL Privilege System in Detail: We can assign different types of
privileges to different kinds of users.
WAMP-phpMyAdmin-Privilegeso
o
o
o

to edit privileges.

Global privileges
Database specific privileges
Table specific privileges
Column specific privileges.

7.2
Locking and concurrency: In a multi-user environment, concurrency control can be achieved
by using locking.
MySQL uses table-level locking for MyISAM, MEMORY, and MERGE tables. It uses row-level
locking for InnoDB tables.
Example: Assuming real_table and temp_table, are MyISAM tables, the following code can be used to
move all rows in temp_table to real_table.
mysql> LOCK TABLES real_table WRITE, temp_table WRITE;
mysql> INSERT INTO real_table SELECT * FROM temp_table;
mysql> DELETE FROM temp_table;
mysql> UNLOCK TABLES;
7.3
Speeding up database queries with indexes
Using indexes speeds up execution, because there is no need to traverse every records.
Indexes are essential to any database.
Some thumb rules on creating indexes:
1.
Create indexes on every field that is (or will be) used in joins.
2.
Create indexes on every field on which you want to perform frequent where conditions.
3.
Avoid creating indexes on everything. Create index on the relevant fields of every table, and use
relations to retrieve the desired data.
4.
Avoid creating indexes on double fields, unless it is absolutely necessary.
5.
Avoid creating indexes on varchar fields, unless it is absolutely necessary.
7.4

General optimization tips

-Normalize database
-Optimize queries
-Use indices, primary keys, and foreign keys where ever required.

7.5
Different table types MySQL provides various storage engines (table types) for its tables as
below:
1.
2.
3.
4.
5.
6.
7.

MyISAM
InnoDB
MERGE
MEMORY (HEAP)
ARCHIVE
CSV
FEDERATED
1

MyISAM
MyISAM extends the former ISAM storage engine. The MyISAM tables are optimized for compression
and speed. MyISAM tables are also portable between platforms and OSes.
The size of MyISAM table can be up to 256TB, which is huge. In addition, MyISAM tables can be
compressed into read-only tables to save space. At startup, MySQL checks MyISAM tables for corruption
and even repair them in case of errors. The MyISAM tables are not transaction-safe.
Before MySQL version 5.5, MyISAM is the default storage engine when you create a table without
explicitly specify the storage engine. From version 5.5, MySQL uses InnoDB as the default storage
engine.
InnoDB
The InnoDB tables fully support ACID properties of transactions. They are also very optimal for
performance. InnoDB table supports foreign keys, commit, rollback, roll-and forward operations. The size
of the InnoDB table can be up to 64TB.
Like MyISAM, the InnoDB tables are portable between different platforms and OSes. MySQL also
checks and repair InnoDB tables, if necessary, at startup.
MERGE
A MERGE table is a virtual table that combines multiple MyISAM tables, which has similar structure,
into one table. The MERGE table does not have its own indexes; it uses indexes of the component tables
instead.
Using MERGE table, you can speed up performance in joining multiple tables. MySQL only allows you
to perform SELECT, DELETE, UPDATE and INSERT operations on the MERGE tables. If you use
DROP TABLE statement on a MERGE table, only MERGE specification is removed. The underlying
tables will not be affected.
Memory
The memory tables are stored in memory and used hash indexes so that they are faster than MyISAM
tables. The lifetime of the data of the memory tables depends on the up time of the database server. The
memory storage engine is formerly known as HEAP.
Archive
The archive storage engine allows you to store a large number of records, which for archiving purpose,
into a compressed format to save disk space. The archive storage engine compresses a record when it is
inserted and decompress it using zlib library as it is read.
The archive tables only allow INSERT and SELECT commands. The archive tables do not support
indexes, so reading records requires a full table scanning.
CSV
The CSV storage engine stores data in comma-separated values file format. A CSV table brings a
convenient way to migrate data into non-SQL applications such as spreadsheet software.
CSV table does not support NULL data type and read operation requires a full table scan.
FEDERATED
The FEDERATED storage engine allows you to manage data from a remote MySQL server without using
cluster or replication technology. The local federated table stores no data. When you query data from a
local federated table, the data is pull automatically from the remote federated tables.
2

7.6

Loading data from a file

1. Create database and the table in that database in phpMyadmin
2. Enter data for the table in an excel sheet and save it as coma separated value(csv) file
3. Open the table created in step 1 in phpMyadmin
4. Import data in .csv file created in step 2 into this table.
Making your database more secure
o Goto phpmyadmin and create a new user with new password and remove the default user
root.
o Goto F:\wamp\apps\phpmyadmin3.2.0.1 directory and open config.inc.php file.
o Change the word config to cookie or http and close the file.
o Now try to open phpmyadmin. It asks you to enter username and password.
o Enter the user name and password which you created earlier.
o Like this you can secure your database.
7.7
Web security and cryptography theory
Introduction to Web security
Databases and DBMS reside on servers. DBMS is the software that protects
these databases from illegal access. DBMS can achieve this, by storing legal usernames
and passwords in a table in the database itself. Whenever a user tries to access the
database by entering his username and password, DBMS, first checks whether this user is
present in the table or not, and if he is present, then it gives access to the database.
Otherwise, it warns the user with "Illegal Attempt" message and terminates. The logic is
so simple.
But it is not so, when we use remote servers for storing databases- Because, in
this case, users have to send their passwords via internet. Here, we need to provide
security against web attacks by hackers. This is called websecurity.
Disadvantages when users data is stored in remote servers:
1. Passwords travel in NET. Possibility for hackers to know the password (This problem
can be eleminated by using single key encryption)
2. Passwords are stored in DB. Database administrators know the password (This
problem can be eleminated by using public key encryption)
Cryptography deals with creating documents that can be shared secretly over public
communication channels. The secret document will be encrypted and sent over the
internet and finally it will be decrypted at destination by the authorized recipient.
Example:
m=Anand
E(m)=Boboe (B comes after A, o comes after n, e comes after d)
D(E(m))=m=Anand
Single key or symmetric or Private key or Challenge-response system: When user u1,
wants to connect to DB,
a. DBMS sends a challenge string(message, m) to u1
b. u1 encrypts m with his private key and sends this (e(m)) as his response to DBMS
c. DBMS decrypts this response (d(e(m)))
d. If d(e(m))==m, then DBMS allows user u1 to connect to DB
Otherwise sends "Illegal attempt" message to user u1.
Dual key or asymmetric or Public key or Public key-private key system: It has two keys.
(i)private key (ii)public key
3

DB stores only public keys. Private keys are not stored anywhere. Only users know
their private keys.
Public keys are used for encryption. Private keys are used for decryption.
When user u1, wants to connect to DB
a. DBMS encrypts a message m with user u1's public key (e1(m)) and sends it to user u1
b. u1 decrypts this string using his private key (d1(e1(m))) and sends it to DBMS
c. If d1(e1(m))==m, then DBMS allows user u1 to connect to DB
Otherwise sends "Illegal attempt" message to user u1.
Digital signatures: Public key system can also be used for signing digital documents.
Only authorized persons know private key. Public key can be published on internet.
Private key is used by authorized person for signing document
Public key can be used by anyone to verify that document.
Here, authorized person, encrypts the message by using his private key. Anyone can
decrypt it using authors public key that is published on net to verify the authenticity of
that document.
Implementation of public key system
Product of two large prime numbers (p1xp2) is public key
(p1,p2) is private key
EXAMPLE
EmailID: pranand12@gmail.com --->Public key
Password: abcdefgh --->Private key
***