Professional Documents
Culture Documents
Module 3, Lecture 1
1/9
Web Server
Client tier
Web tier
Data tier
Module 3, Lecture 1
2/9
Relational Databases
Relational databases are the most common way to persistently store data in web applications. A relational database is used to store a collection of relations. This involves storing records in tables. Each row in a table (or entity) corresponds to one record, and the columns correspond to elds (or attributes) of the record. Ex.
people id first_name Frank 1 2 John Jane 3 4 John last_name Furter Doe Doe Doe address 1 Wiener Way 30 Smith PL 30 Smith PL 30 Smith PL phone 212-555-1234 505-555-1234 505-463-4321 505-463-1234
Module 3, Lecture 1
3/9
Relational Databases
Whats the point of the id eld in the previous table? It is used to form relationships to other tables. Its referred to as the primary key of the table. For example, John Doe appeared in the previous table twice. Why? Because he has two phones. More specically, there is a one-to-many relationship between people and phones one person can have many phones. We can normalize the database by creating two tables, one for people and a separate table for phones:
Each record in the phone table will hold the id of a person. In the phone table, this person_id is referred to as a foreign key. Given the id of a person, we can now search the phone table for all of the phones that belong to a person. This is typically done using the structured query language (SQL), but in Rails well by-pass this using the methods provided with Active Records.
Module 3, Lecture 1
4/9
phones id person_id 1 2 3 4 1 2 3 2
Module 3, Lecture 1
5/9
Module 3, Lecture 1
6/9
Relational Databases
Notice that we could further normalize the database by creating an address table. However, in this case, the one-to-many relationship is in the other direction, i.e., we have one address for many people in the table. You can imagine a situation where one person also has many addresses, e.g., one for work, one for home, etc. Thus, we really need to create a many-to-many relationship between people and addresses. This is done by creating a join table its called this because it joins the people and addresses tables. The join table in the following example is called addresses_people. Notice that it only stores foreign keys, and has no primary keys.
Module 3, Lecture 1
7/9
phones id person_id 1 2 3 4 1 2 3 2
state OR NE
Module 3, Lecture 1
8/9
Entity-Relationship Model
Module 3, Lecture 1
9/9
Module 3, Lecture 2
1/5
Web Server
Client tier
Web tier
Data tier
Module 3, Lecture 2
2/5
Database Migrations
Each time we ran the scaold generator in our blog application, Rails created a database migration le and placed it in the db/migrate directory. Rails uses the rake command to run these migrations, which creates a schema, from which appropriate databases can then be created. Because migrations can also be used to undo the work of previous migrations (e.g., to make corrections), they are timestamped, and executed in the order they were created. The lename contains the timestamp.
Module 3, Lecture 2
3/5
Rails Environments
Rails automatically sets up applications to run in one of three prebuilt environments (you can also add your own):
Development Used when youre developing the application. Test Used when your run tests. Production Used when you deploy your application.
By default, when you run: $ rails server Rails runs in the development environment. To force rails to run in a dierent environment, use: $ rails server -e production
Module 3, Lecture 2
4/5
Rails Databases
One of the architectural elements most likely to dier between development and production environments is the database: During development, you (the developer) are the only one accessing the database. Rails automatically sets up the development environment to use SQLite, a simple easy-to-use le-based relational database that runs in memory. SQLite is not a production grade database. When an application goes into production, it may receive 100s or 1000s of hits in a matter of seconds, and the database needs be able to handle the data requests associated with these hits. Popular production database include: PostgreSQL and MySQL. The databases that Rails will use in dierent environments is specied in: db/database.yml.
c 2011-13 G.L. Heileman Module 3, Lecture 2 5/5
Module 3, Lecture 3
1/9
Web Server
Client tier
Web tier
Data tier
Module 3, Lecture 3
2/9
Module 3, Lecture 3
3/9
Module 3, Lecture 3
4/9
Attributes
Module 3, Lecture 3
5/9
The ActiveRecord module is built into Rails the functionalities above are utilized when you create a Rails app and run scaold and model generators.
c 2011-13 G.L. Heileman Module 3, Lecture 3 6/9
Module 3, Lecture 3
7/9
ActiveRecord Module
If you create a new class by inheriting ActiveRecord::Base, and call it Post, it is assumed a database table will exist that is called posts. I.e., it pluaralizes the name of the class, and then looks for a table with that name. The Base class in the ActiveRecord module will inspect the posts database, and determine that it has title and body elds, and it will automatically add member variables (and accessors) with these same names in the Post class. I.e., it takes care of the ORM! Furthermore, a query interface is also provided in most cases, ActiveRecord insulates you from the need to use SQL. Post.all Ex. Post.first Post.find_by(1) Post.find_by_title("My First Post")
c 2011-13 G.L. Heileman Module 3, Lecture 3 8/9
Module 3, Lecture 3
9/9
Module 3, Lecture 4
1/4
Associations in Rails
Because we used the scaold generator for the posts and comments in our blog application, the Active Record design pattern is pre-wired. This means: A SQLite database able to store posts and comments was created when we ran the migrations. A connection to this database was established. The ORM for Post and Comment objects was set up the M in MVC. However, theres one thing missing we need to ensure that any comments entered for a particular post are permanently linked to that post.
Module 3, Lecture 4
2/4
Associations in Rails
We did make the connection between posts and comments in the database recall that a post_id can be stored with each comment. To make our models in Rails fully functional we need to add associations each post needs to know the list of comments associated with it, and each comment needs to know which post it belongs to. Theres a many-to-one relationship between comments and posts a post has many comments, and a comment belongs to a post:
Module 3, Lecture 4
3/4
Associations in Rails
The ActiveRecord module contains a set of class methods for tying objects together through foreign keys. To enable these, you must declare associations within your models using the following: Relationship one-to-one many-to-one many-to-many Model with no foreign key has_one has_many has_and_belongs_to_many Model with foreign key belongs_to belongs_to
The foreign keys for each model are stored in a join table.
Module 3, Lecture 4
4/4
Module 3, Lecture 5
1/6
The most common web application security weakness is failure to validate client-side input SQL injection, cross-site scripting and buer overow attacks are enabled.
Module 3, Lecture 5
2/6
Web Server
JavaScript HTML5
Controller-level Model-level
Databasestored procedure
Module 3, Lecture 5
3/6
Module 3, Lecture 5
4/6
ActiveRecord Callbacks
We can think of the objects in an OO system as having a lifecycle they are rst created, can later be updated and also destroyed. ActiveRecord objects have methods that can be called in order to ensure their integrity at the various stages of their lifecycle. Ex.
Dont create a new user object if the user already exists in the database. Ensure that all of an objects attributes are valid before allowing it to be saved to the database. When destroying an object, destroy all of the objects that depend on it.
Callbacks are methods that get called at certain points in an ActiveRecord objects lifecycle they are hooks into the lifecycle, allowing you to trigger logic before or after the state of an object changes.
c 2011-13 G.L. Heileman Module 3, Lecture 5 5/6
ActiveRecord Validations
Validations are a type of ActiveRecord callback that can be used to ensure only valid data is stored in your Rails databases. The create, save and update methods trigger validations, and will only allow a valid ActiveRecord object to be saved to the database. Validations are dened in your models. Ex.
class Person < ActiveRecord::Base validates_presence_of :name validates_numericality_of :age, :only_integer => true validates_ confirmation_of :email validates_length_of :password, :in => 8..20 end
Module 3, Lecture 5
6/6
Module 3: Overview
1/2
Module Overview
Relational Databases Databases in Rails The Active Record Design Pattern The Blog App Iteration 2 (Associations) The Blog App Iteration 3 (Validations)
Module 3: Overview
2/2