SlideShare a Scribd company logo

MoSQL: More than SQL, but less than ORM

Mosky Liu
Mosky Liu

** Please visit https://speakerdeck.com/mosky/mosql-more-than-sql-but-less-than-orm-at-pycon-apac-2013 for the newer slide. :) It is the slides of the talk, "MoSQL: More than SQL, but Less than ORM", at PyCon TW 2013. About MoSQL: MoSQL is a Python library which lets you use common Python’s data structures to build SQLs, and provides a convenient model of result set. http://mosql.mosky.tw/

SoftwareBusiness
1 of 41
Download to read offline
1 MoSQLMoSQL MoskyMosky
2 More than SQL, but Less than ORMMore than SQL, but Less than ORM MoSQLMoSQL
3 OutlineOutline ● Why not SQL?Why not SQL? ● Why ORM?Why ORM? ● MoSQLMoSQL – SQL BuildersSQL Builders – Model of Result SetModel of Result Set ● ConclusionConclusion
4 Why not SQL?Why not SQL?
5 SQL SyntaxSQL Syntax ● SELECT * FROM article;SELECT * FROM article; ● SELECT * FROM article LIMIT 1;SELECT * FROM article LIMIT 1; ● add “ ORDER BY created ”?add “ ORDER BY created ”? ● add “ OFFSET 10 ”?add “ OFFSET 10 ”? ● add “ GROUP BY author ”?add “ GROUP BY author ”? ● Is “ UPDATE article WHERE title='SQL' SETIs “ UPDATE article WHERE title='SQL' SET title='ORM' ” correct?title='ORM' ” correct?
6 !@#$%!@#$%
7 SQL InjectionSQL Injection ● ') or '1'='1') or '1'='1 ● ' or true; --' or true; -- ● ' or 1=1; --' or 1=1; -- ● ' or 2=2; --' or 2=2; -- ● ' or 'str'='str'; --' or 'str'='str'; -- ● ……
8 It may be hacker friendly.It may be hacker friendly.
9 SQL seems ancient, but ...SQL seems ancient, but ...
10 using SQL is theusing SQL is the FASTESTFASTEST way.way.
11 Why ORM?Why ORM?
12 ORM SyntaxORM Syntax class User(Base):class User(Base): __tablename__ = 'users'__tablename__ = 'users' name = Column(String)name = Column(String) fullname = Column(String)fullname = Column(String) password = Column(String)password = Column(String)
13 ORM Syntax (cont.)ORM Syntax (cont.) >>> fake_user = User('fakeuser', 'Invalid',>>> fake_user = User('fakeuser', 'Invalid', '12345')'12345') >>> session.add(fake_user)>>> session.add(fake_user) >>> for row in session.query(User,>>> for row in session.query(User, User.name).all():User.name).all(): ... print row.User, row.name... print row.User, row.name
14 hmmm …hmmm …
15 SQL InjectionSQL Injection ● ' or true; --' or true; -- ● ' or 1=1; --' or 1=1; -- ● ' or 1=1; #' or 1=1; # ● ' or 1=1; /*' or 1=1; /* ● ') or '1'='1') or '1'='1 ● …… ● SaferSafer
16 It's good!It's good!
17 ORM seems modern, but ...ORM seems modern, but ...
18 the most of ORMs are SLOW.the most of ORMs are SLOW.
19 SQL < ______ < ORMSQL < ______ < ORM
20 SQL < MoSQL < ORMSQL < MoSQL < ORM
21 SQL BuildersSQL Builders
22 SQL Builders (cont.)SQL Builders (cont.) >>> from mosql.build import *>>> from mosql.build import * >>>>>> select('pycon')select('pycon') SELECT * FROM "pycon"SELECT * FROM "pycon" >>> select('pycon',>>> select('pycon', {'id': 'mosky'}{'id': 'mosky'})) SELECT * FROM "pycon" WHERE "id" = 'mosky'SELECT * FROM "pycon" WHERE "id" = 'mosky'
23 SQL Builders (cont.)SQL Builders (cont.) >>> insert('pycon',>>> insert('pycon', {'yr': 2013, 'id': 'masky'}{'yr': 2013, 'id': 'masky'})) INSERT INTO "pycon" ("id", "yr") VALUES ('masky', 2013)INSERT INTO "pycon" ("id", "yr") VALUES ('masky', 2013) >>> update('pycon',>>> update('pycon', ...... where={'id': 'masky'}where={'id': 'masky'},, ...... set ={'id': 'mosky'}set ={'id': 'mosky'} ... )... ) UPDATE "pycon" SET "id"='mosky' WHERE "id" = 'masky'UPDATE "pycon" SET "id"='mosky' WHERE "id" = 'masky'
24 SQL Builders (cont.)SQL Builders (cont.) ● insert(table,insert(table, setset, …), …) ● select(table,select(table, wherewhere, …), …) ● update(table,update(table, wherewhere,, setset, …), …) ● delete(table,delete(table, wherewhere, …), …) ● ......
25 If you like it,If you like it,
26 sudo pip install mosqlsudo pip install mosql
27 Model of Result SetModel of Result Set
28 Model: Configure ConnectionModel: Configure Connection import psycopg2.poolimport psycopg2.pool from mosql.result import Modelfrom mosql.result import Model pool = psycopg2.pool.SimpleConnectionPool(1, 5,pool = psycopg2.pool.SimpleConnectionPool(1, 5, database='mosky')database='mosky') class PostgreSQL(Model):class PostgreSQL(Model): getconn = pool.getconngetconn = pool.getconn putconn = pool.putconnputconn = pool.putconn
29 Model: Set the Name of TableModel: Set the Name of Table class Person(PostgreSQL):class Person(PostgreSQL): table = 'person'table = 'person' >>> Person.select(>>> Person.select({'person_id': 'mosky'}{'person_id': 'mosky'})) {'name': ['Mosky Liu'], 'person_id': ['mosky']}{'name': ['Mosky Liu'], 'person_id': ['mosky']} >>> Person.where(person_id=>>> Person.where(person_id=('andy', 'mosky')('andy', 'mosky'))) {'name': ['Andy Warhol', 'Mosky Liu'], 'person_id':{'name': ['Andy Warhol', 'Mosky Liu'], 'person_id': ['andy', 'mosky']}['andy', 'mosky']}
30 Model: Make QueriesModel: Make Queries Person.Person.selectselect({'person_id': 'mosky'})({'person_id': 'mosky'}) Person.Person.insertinsert({'person_id': 'tina'})({'person_id': 'tina'}) Person.Person.updateupdate(( where={'person_id': 'mosky'},where={'person_id': 'mosky'}, set ={'name' : 'Yiyu Liu'}set ={'name' : 'Yiyu Liu'} )) Person.Person.deletedelete({'person_id': 'tina'})({'person_id': 'tina'})
31 Model: Squash ColumnsModel: Squash Columns class Person(PostgreSQL):class Person(PostgreSQL): table = 'person'table = 'person' squashed = set(['person_id', 'name'])squashed = set(['person_id', 'name']) >>> Person.select({'person_id': 'mosky'})>>> Person.select({'person_id': 'mosky'}) {'name':{'name': 'Mosky Liu''Mosky Liu', 'person_id':, 'person_id': 'mosky''mosky'}} >>> Person.where(person_id=('andy', 'mosky'))>>> Person.where(person_id=('andy', 'mosky')) {'name':{'name': 'Andy Warhol''Andy Warhol', 'person_id':, 'person_id': 'andy''andy'}}
32 Model: ArrangeModel: Arrange class Person(PostgreSQL):class Person(PostgreSQL): ...... arrange_by = ('person_id', )arrange_by = ('person_id', ) >>> for person in Person.arrange(>>> for person in Person.arrange({'person_id':{'person_id': ('andy', 'mosky')}('andy', 'mosky')}):): ... print person... print person {'name': 'Andy Warhol', 'person_id': 'andy'}{'name': 'Andy Warhol', 'person_id': 'andy'} {'name': 'Mosky Liu', 'person_id': 'mosky'}{'name': 'Mosky Liu', 'person_id': 'mosky'}
33 Model: Arrange (cont.)Model: Arrange (cont.) >>> for detail in>>> for detail in DetailDetail.arrange({'person_id':.arrange({'person_id': ('mosky', 'andy')}):('mosky', 'andy')}): ... print detail... print detail ...... {'detail_id': [5],{'detail_id': [5], 'key': 'email','key': 'email', 'person_id': 'andy','person_id': 'andy', 'val': ['andy@gmail.com']}'val': ['andy@gmail.com']} ......
34 Model: FindModel: Find class Person(PostgreSQL):class Person(PostgreSQL): ...... arrange_by = ('person_id', )arrange_by = ('person_id', ) >>> for person in Person.>>> for person in Person.findfind((person_id=('andy',person_id=('andy', 'mosky')'mosky')):): ... print person... print person {'name': 'Andy Warhol', 'person_id': 'andy'}{'name': 'Andy Warhol', 'person_id': 'andy'} {'name': 'Mosky Liu', 'person_id': 'mosky'}{'name': 'Mosky Liu', 'person_id': 'mosky'}
35 Model: Identify a RowModel: Identify a Row class Person(PostgreSQL):class Person(PostgreSQL): ...... ident_by = ('person_id', )ident_by = ('person_id', )
36 Model: ModificationModel: Modification >>> p = Person.where(person_id='mosky')>>> p = Person.where(person_id='mosky') >>>>>> p['name'] = 'Yiyu Liu'p['name'] = 'Yiyu Liu' >>>>>> p.name = 'Yiyu Liu'p.name = 'Yiyu Liu' >>> p.save()>>> p.save() >>> d =>>> d = DetailDetail.where(.where(person_id='mosky', key='email'person_id='mosky', key='email')) >>>>>> p['val'][0] = '<modified email>'p['val'][0] = '<modified email>' >>>>>> p.val[0] = '<modified email>'p.val[0] = '<modified email>' >>> p.save()>>> p.save()
37 Model: Pop and AppendModel: Pop and Append >>> d = Detail.where(>>> d = Detail.where(person_id='mosky', key='email'person_id='mosky', key='email')) >>>>>> p.pop(-1)p.pop(-1) >>>>>> p.append({'val': '<new mail>'})p.append({'val': '<new mail>'}) >>> p.save()>>> p.save()
38 Model: Default ClausesModel: Default Clauses class Person(PostgreSQL):class Person(PostgreSQL): ...... clauses = dict(clauses = dict( order_by=('person_id', )order_by=('person_id', ) ))
39 PerformancePerformance ● AboutAbout 4x4x faster than SQLAlchemy.faster than SQLAlchemy. ● Just a little bit slower than pure SQL.Just a little bit slower than pure SQL.
40 SecuritySecurity ● Security by default.Security by default. ● Use escaping technique.Use escaping technique. ● Prevent SQL injection from both valuePrevent SQL injection from both value and identifier.and identifier. ● Passed the tests fromPassed the tests from sqlmapsqlmap at level=5at level=5 and risk=3.and risk=3.
41 ConclusionConclusion ● Easy-to-LearnEasy-to-Learn ● ConvenientConvenient ● FasterFaster ● SecureSecure ● sudo pip install mosqlsudo pip install mosql ● http://mosql.mosky.tw/http://mosql.mosky.tw/ ● Welcome to fork!Welcome to fork!

Recommended

MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013
MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013
MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013Mosky Liu
 
2986815 Normas Icontec
2986815 Normas Icontec2986815 Normas Icontec
2986815 Normas IcontecHelber Sepulveda
 
Create online games with node.js and socket.io
Create online games with node.js and socket.ioCreate online games with node.js and socket.io
Create online games with node.js and socket.iogrrd01
 
Beyond Breakpoints: Advanced Debugging with XCode
Beyond Breakpoints: Advanced Debugging with XCodeBeyond Breakpoints: Advanced Debugging with XCode
Beyond Breakpoints: Advanced Debugging with XCodeAijaz Ansari
 
2014 database - course 3 - PHP and MySQL
2014 database - course 3 - PHP and MySQL2014 database - course 3 - PHP and MySQL
2014 database - course 3 - PHP and MySQLHung-yu Lin
 
The Ring programming language version 1.5.2 book - Part 43 of 181
The Ring programming language version 1.5.2 book - Part 43 of 181The Ring programming language version 1.5.2 book - Part 43 of 181
The Ring programming language version 1.5.2 book - Part 43 of 181Mahmoud Samir Fayed
 
How to lose your database and your job
How to lose your database and your jobHow to lose your database and your job
How to lose your database and your jobRyan Gooler
 
SQLAlchemy Seminar
SQLAlchemy SeminarSQLAlchemy Seminar
SQLAlchemy SeminarYury Yurevich
 

Recommended

MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013
MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013
MoSQL: More than SQL, but Less than ORM @ PyCon APAC 2013Mosky Liu
 
2986815 Normas Icontec
2986815 Normas Icontec2986815 Normas Icontec
2986815 Normas IcontecHelber Sepulveda
 
Create online games with node.js and socket.io
Create online games with node.js and socket.ioCreate online games with node.js and socket.io
Create online games with node.js and socket.iogrrd01
 
Beyond Breakpoints: Advanced Debugging with XCode
Beyond Breakpoints: Advanced Debugging with XCodeBeyond Breakpoints: Advanced Debugging with XCode
Beyond Breakpoints: Advanced Debugging with XCodeAijaz Ansari
 
2014 database - course 3 - PHP and MySQL
2014 database - course 3 - PHP and MySQL2014 database - course 3 - PHP and MySQL
2014 database - course 3 - PHP and MySQLHung-yu Lin
 
The Ring programming language version 1.5.2 book - Part 43 of 181
The Ring programming language version 1.5.2 book - Part 43 of 181The Ring programming language version 1.5.2 book - Part 43 of 181
The Ring programming language version 1.5.2 book - Part 43 of 181Mahmoud Samir Fayed
 
How to lose your database and your job
How to lose your database and your jobHow to lose your database and your job
How to lose your database and your jobRyan Gooler
 
SQLAlchemy Seminar
SQLAlchemy SeminarSQLAlchemy Seminar
SQLAlchemy SeminarYury Yurevich
 
Slaying the Dragon: Implementing a Programming Language in Ruby
Slaying the Dragon: Implementing a Programming Language in RubySlaying the Dragon: Implementing a Programming Language in Ruby
Slaying the Dragon: Implementing a Programming Language in RubyJason Yeo Jie Shun
 
The Ring programming language version 1.6 book - Part 46 of 189
The Ring programming language version 1.6 book - Part 46 of 189The Ring programming language version 1.6 book - Part 46 of 189
The Ring programming language version 1.6 book - Part 46 of 189Mahmoud Samir Fayed
 
A comparison between C# and Java
A comparison between C# and JavaA comparison between C# and Java
A comparison between C# and JavaAli MasudianPour
 
Speeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallSpeeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallNullbyte Security Conference
 
Mongoose v3 :: The Future is Bright
Mongoose v3 :: The Future is BrightMongoose v3 :: The Future is Bright
Mongoose v3 :: The Future is Brightaaronheckmann
 
Gg chat
Gg chatGg chat
Gg chatWi'ne Abareles
 
R57.Php
R57.PhpR57.Php
R57.Phpguest63876e
 
Nop2
Nop2Nop2
Nop2guestea6d59
 
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011John Ford
 
Removing structural duplication
Removing structural duplicationRemoving structural duplication
Removing structural duplicationAlexandru Bolboaca
 
Wwe Management System
Wwe Management SystemWwe Management System
Wwe Management SystemNeerajMudgal1
 
Solr integration in Magento Enterprise
Solr integration in Magento EnterpriseSolr integration in Magento Enterprise
Solr integration in Magento EnterpriseTobias Zander
 
FRP: What does "declarative" mean
FRP: What does "declarative" meanFRP: What does "declarative" mean
FRP: What does "declarative" meanPeter Ovchinnikov
 
Clean code
Clean codeClean code
Clean codeiamAnaCortes
 
JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)
JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)
JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)PROIDEA
 
Mgd08 lab01
Mgd08 lab01Mgd08 lab01
Mgd08 lab01Hock Leng PUAH
 
Potential Friend Finder
Potential Friend FinderPotential Friend Finder
Potential Friend FinderRichard Schneeman
 
Nantes Jug - Java 7
Nantes Jug - Java 7Nantes Jug - Java 7
Nantes Jug - Java 7Sébastien Prunier
 
파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)
파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)
파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)성일 한
 
Shellwords
ShellwordsShellwords
ShellwordsKevin Munc
 
ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMMikhail Egorov
 
The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84Mahmoud Samir Fayed
 

More Related Content

What's hot

Slaying the Dragon: Implementing a Programming Language in Ruby
Slaying the Dragon: Implementing a Programming Language in RubySlaying the Dragon: Implementing a Programming Language in Ruby
Slaying the Dragon: Implementing a Programming Language in RubyJason Yeo Jie Shun
 
The Ring programming language version 1.6 book - Part 46 of 189
The Ring programming language version 1.6 book - Part 46 of 189The Ring programming language version 1.6 book - Part 46 of 189
The Ring programming language version 1.6 book - Part 46 of 189Mahmoud Samir Fayed
 
A comparison between C# and Java
A comparison between C# and JavaA comparison between C# and Java
A comparison between C# and JavaAli MasudianPour
 
Mongoose v3 :: The Future is Bright
Mongoose v3 :: The Future is BrightMongoose v3 :: The Future is Bright
Mongoose v3 :: The Future is Brightaaronheckmann
 
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011John Ford
 
Removing structural duplication
Removing structural duplicationRemoving structural duplication
Removing structural duplicationAlexandru Bolboaca
 
Wwe Management System
Wwe Management SystemWwe Management System
Wwe Management SystemNeerajMudgal1
 
Solr integration in Magento Enterprise
Solr integration in Magento EnterpriseSolr integration in Magento Enterprise
Solr integration in Magento EnterpriseTobias Zander
 
FRP: What does "declarative" mean
FRP: What does "declarative" meanFRP: What does "declarative" mean
FRP: What does "declarative" meanPeter Ovchinnikov
 
JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)
JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)
JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)PROIDEA
 
파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)
파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)
파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)성일 한
 

What's hot (20)

Slaying the Dragon: Implementing a Programming Language in Ruby
Slaying the Dragon: Implementing a Programming Language in RubySlaying the Dragon: Implementing a Programming Language in Ruby
Slaying the Dragon: Implementing a Programming Language in Ruby
 
The Ring programming language version 1.6 book - Part 46 of 189
The Ring programming language version 1.6 book - Part 46 of 189The Ring programming language version 1.6 book - Part 46 of 189
The Ring programming language version 1.6 book - Part 46 of 189
 
A comparison between C# and Java
A comparison between C# and JavaA comparison between C# and Java
A comparison between C# and Java
 
Speeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallSpeeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorall
 
Mongoose v3 :: The Future is Bright
Mongoose v3 :: The Future is BrightMongoose v3 :: The Future is Bright
Mongoose v3 :: The Future is Bright
 
Gg chat
Gg chatGg chat
Gg chat
 
R57.Php
R57.PhpR57.Php
R57.Php
 
Nop2
Nop2Nop2
Nop2
 
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
 
Removing structural duplication
Removing structural duplicationRemoving structural duplication
Removing structural duplication
 
Wwe Management System
Wwe Management SystemWwe Management System
Wwe Management System
 
Solr integration in Magento Enterprise
Solr integration in Magento EnterpriseSolr integration in Magento Enterprise
Solr integration in Magento Enterprise
 
FRP: What does "declarative" mean
FRP: What does "declarative" meanFRP: What does "declarative" mean
FRP: What does "declarative" mean
 
Clean code
Clean codeClean code
Clean code
 
JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)
JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)
JDD 2017: Performance tests with Gatling (Andrzej Ludwikowski)
 
Mgd08 lab01
Mgd08 lab01Mgd08 lab01
Mgd08 lab01
 
Potential Friend Finder
Potential Friend FinderPotential Friend Finder
Potential Friend Finder
 
Nantes Jug - Java 7
Nantes Jug - Java 7Nantes Jug - Java 7
Nantes Jug - Java 7
 
파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)
파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)
파이썬 플라스크로 배우는 웹프로그래밍 #4 (ABCD)
 
Shellwords
ShellwordsShellwords
Shellwords
 

Similar to MoSQL: More than SQL, but less than ORM

ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMMikhail Egorov
 
The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84Mahmoud Samir Fayed
 
PyCon 2010 SQLAlchemy tutorial
PyCon 2010 SQLAlchemy tutorialPyCon 2010 SQLAlchemy tutorial
PyCon 2010 SQLAlchemy tutorialjbellis
 
Connecting and using PostgreSQL database with psycopg2 [Python 2.7]
Connecting and using PostgreSQL database with psycopg2 [Python 2.7]Connecting and using PostgreSQL database with psycopg2 [Python 2.7]
Connecting and using PostgreSQL database with psycopg2 [Python 2.7]Dinesh Neupane
 
Refactor legacy code through pure functions
Refactor legacy code through pure functionsRefactor legacy code through pure functions
Refactor legacy code through pure functionsAlexandru Bolboaca
 
[Pgday.Seoul 2021] 2. Porting Oracle UDF and Optimization
[Pgday.Seoul 2021] 2. Porting Oracle UDF and Optimization[Pgday.Seoul 2021] 2. Porting Oracle UDF and Optimization
[Pgday.Seoul 2021] 2. Porting Oracle UDF and OptimizationPgDay.Seoul
 
PostgreSQL Open SV 2018
PostgreSQL Open SV 2018PostgreSQL Open SV 2018
PostgreSQL Open SV 2018artgillespie
 
Defcon_Oracle_The_Making_of_the_2nd_sql_injection_worm
Defcon_Oracle_The_Making_of_the_2nd_sql_injection_wormDefcon_Oracle_The_Making_of_the_2nd_sql_injection_worm
Defcon_Oracle_The_Making_of_the_2nd_sql_injection_wormguest785f78
 
Tokyo APAC Groundbreakers tour - The Complete Java Developer
Tokyo APAC Groundbreakers tour - The Complete Java DeveloperTokyo APAC Groundbreakers tour - The Complete Java Developer
Tokyo APAC Groundbreakers tour - The Complete Java DeveloperConnor McDonald
 
Back to Basics, webinar 2: La tua prima applicazione MongoDB
Back to Basics, webinar 2: La tua prima applicazione MongoDBBack to Basics, webinar 2: La tua prima applicazione MongoDB
Back to Basics, webinar 2: La tua prima applicazione MongoDBMongoDB
 
PL/SQL User-Defined Functions in the Read World
PL/SQL User-Defined Functions in the Read WorldPL/SQL User-Defined Functions in the Read World
PL/SQL User-Defined Functions in the Read WorldMichael Rosenblum
 
When to NoSQL and when to know SQL
When to NoSQL and when to know SQLWhen to NoSQL and when to know SQL
When to NoSQL and when to know SQLSimon Elliston Ball
 
Jdbc oracle
Jdbc oracleJdbc oracle
Jdbc oracleyazidds2
 
Database madness with_mongoengine_and_sql_alchemy
Database madness with_mongoengine_and_sql_alchemyDatabase madness with_mongoengine_and_sql_alchemy
Database madness with_mongoengine_and_sql_alchemyJaime Buelta
 
The Ring programming language version 1.5.3 book - Part 29 of 184
The Ring programming language version 1.5.3 book - Part 29 of 184The Ring programming language version 1.5.3 book - Part 29 of 184
The Ring programming language version 1.5.3 book - Part 29 of 184Mahmoud Samir Fayed
 

Similar to MoSQL: More than SQL, but less than ORM (20)

ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORM
 
The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84
 
PyCon 2010 SQLAlchemy tutorial
PyCon 2010 SQLAlchemy tutorialPyCon 2010 SQLAlchemy tutorial
PyCon 2010 SQLAlchemy tutorial
 
Connecting and using PostgreSQL database with psycopg2 [Python 2.7]
Connecting and using PostgreSQL database with psycopg2 [Python 2.7]Connecting and using PostgreSQL database with psycopg2 [Python 2.7]
Connecting and using PostgreSQL database with psycopg2 [Python 2.7]
 
Refactor legacy code through pure functions
Refactor legacy code through pure functionsRefactor legacy code through pure functions
Refactor legacy code through pure functions
 
[Pgday.Seoul 2021] 2. Porting Oracle UDF and Optimization
[Pgday.Seoul 2021] 2. Porting Oracle UDF and Optimization[Pgday.Seoul 2021] 2. Porting Oracle UDF and Optimization
[Pgday.Seoul 2021] 2. Porting Oracle UDF and Optimization
 
greenDAO
greenDAOgreenDAO
greenDAO
 
PostgreSQL Open SV 2018
PostgreSQL Open SV 2018PostgreSQL Open SV 2018
PostgreSQL Open SV 2018
 
QB Into the Box 2018
QB Into the Box 2018QB Into the Box 2018
QB Into the Box 2018
 
Defcon_Oracle_The_Making_of_the_2nd_sql_injection_worm
Defcon_Oracle_The_Making_of_the_2nd_sql_injection_wormDefcon_Oracle_The_Making_of_the_2nd_sql_injection_worm
Defcon_Oracle_The_Making_of_the_2nd_sql_injection_worm
 
JavaTalks: OOD principles
JavaTalks: OOD principlesJavaTalks: OOD principles
JavaTalks: OOD principles
 
Tokyo APAC Groundbreakers tour - The Complete Java Developer
Tokyo APAC Groundbreakers tour - The Complete Java DeveloperTokyo APAC Groundbreakers tour - The Complete Java Developer
Tokyo APAC Groundbreakers tour - The Complete Java Developer
 
Back to Basics, webinar 2: La tua prima applicazione MongoDB
Back to Basics, webinar 2: La tua prima applicazione MongoDBBack to Basics, webinar 2: La tua prima applicazione MongoDB
Back to Basics, webinar 2: La tua prima applicazione MongoDB
 
PL/SQL User-Defined Functions in the Read World
PL/SQL User-Defined Functions in the Read WorldPL/SQL User-Defined Functions in the Read World
PL/SQL User-Defined Functions in the Read World
 
Live Updating Swift Code
Live Updating Swift CodeLive Updating Swift Code
Live Updating Swift Code
 
When to NoSQL and when to know SQL
When to NoSQL and when to know SQLWhen to NoSQL and when to know SQL
When to NoSQL and when to know SQL
 
Database connectivity in python
Database connectivity in pythonDatabase connectivity in python
Database connectivity in python
 
Jdbc oracle
Jdbc oracleJdbc oracle
Jdbc oracle
 
Database madness with_mongoengine_and_sql_alchemy
Database madness with_mongoengine_and_sql_alchemyDatabase madness with_mongoengine_and_sql_alchemy
Database madness with_mongoengine_and_sql_alchemy
 
The Ring programming language version 1.5.3 book - Part 29 of 184
The Ring programming language version 1.5.3 book - Part 29 of 184The Ring programming language version 1.5.3 book - Part 29 of 184
The Ring programming language version 1.5.3 book - Part 29 of 184
 

More from Mosky Liu

Statistical Regression With Python
Statistical Regression With PythonStatistical Regression With Python
Statistical Regression With PythonMosky Liu
 
Practicing Python 3
Practicing Python 3Practicing Python 3
Practicing Python 3Mosky Liu
 
Data Science With Python
Data Science With PythonData Science With Python
Data Science With PythonMosky Liu
 
Hypothesis Testing With Python
Hypothesis Testing With PythonHypothesis Testing With Python
Hypothesis Testing With PythonMosky Liu
 
Elegant concurrency
Elegant concurrencyElegant concurrency
Elegant concurrencyMosky Liu
 
Boost Maintainability
Boost MaintainabilityBoost Maintainability
Boost MaintainabilityMosky Liu
 
Beyond the Style Guides
Beyond the Style GuidesBeyond the Style Guides
Beyond the Style GuidesMosky Liu
 
Simple Belief - Mosky @ TEDxNTUST 2015
Simple Belief - Mosky @ TEDxNTUST 2015Simple Belief - Mosky @ TEDxNTUST 2015
Simple Belief - Mosky @ TEDxNTUST 2015Mosky Liu
 
Concurrency in Python
Concurrency in PythonConcurrency in Python
Concurrency in PythonMosky Liu
 
ZIPCodeTW: Find Taiwan ZIP Code by Address Fuzzily
ZIPCodeTW: Find Taiwan ZIP Code by Address FuzzilyZIPCodeTW: Find Taiwan ZIP Code by Address Fuzzily
ZIPCodeTW: Find Taiwan ZIP Code by Address FuzzilyMosky Liu
 
Graph-Tool in Practice
Graph-Tool in PracticeGraph-Tool in Practice
Graph-Tool in PracticeMosky Liu
 
Minimal MVC in JavaScript
Minimal MVC in JavaScriptMinimal MVC in JavaScript
Minimal MVC in JavaScriptMosky Liu
 
Learning Git with Workflows
Learning Git with WorkflowsLearning Git with Workflows
Learning Git with WorkflowsMosky Liu
 
Dive into Pinkoi 2013
Dive into Pinkoi 2013Dive into Pinkoi 2013
Dive into Pinkoi 2013Mosky Liu
 
Learning Python from Data
Learning Python from DataLearning Python from Data
Learning Python from DataMosky Liu
 
Introduction to Clime
Introduction to ClimeIntroduction to Clime
Introduction to ClimeMosky Liu
 
Programming with Python - Adv.
Programming with Python - Adv.Programming with Python - Adv.
Programming with Python - Adv.Mosky Liu
 
Programming with Python - Basic
Programming with Python - BasicProgramming with Python - Basic
Programming with Python - BasicMosky Liu
 

More from Mosky Liu (18)

Statistical Regression With Python
Statistical Regression With PythonStatistical Regression With Python
Statistical Regression With Python
 
Practicing Python 3
Practicing Python 3Practicing Python 3
Practicing Python 3
 
Data Science With Python
Data Science With PythonData Science With Python
Data Science With Python
 
Hypothesis Testing With Python
Hypothesis Testing With PythonHypothesis Testing With Python
Hypothesis Testing With Python
 
Elegant concurrency
Elegant concurrencyElegant concurrency
Elegant concurrency
 
Boost Maintainability
Boost MaintainabilityBoost Maintainability
Boost Maintainability
 
Beyond the Style Guides
Beyond the Style GuidesBeyond the Style Guides
Beyond the Style Guides
 
Simple Belief - Mosky @ TEDxNTUST 2015
Simple Belief - Mosky @ TEDxNTUST 2015Simple Belief - Mosky @ TEDxNTUST 2015
Simple Belief - Mosky @ TEDxNTUST 2015
 
Concurrency in Python
Concurrency in PythonConcurrency in Python
Concurrency in Python
 
ZIPCodeTW: Find Taiwan ZIP Code by Address Fuzzily
ZIPCodeTW: Find Taiwan ZIP Code by Address FuzzilyZIPCodeTW: Find Taiwan ZIP Code by Address Fuzzily
ZIPCodeTW: Find Taiwan ZIP Code by Address Fuzzily
 
Graph-Tool in Practice
Graph-Tool in PracticeGraph-Tool in Practice
Graph-Tool in Practice
 
Minimal MVC in JavaScript
Minimal MVC in JavaScriptMinimal MVC in JavaScript
Minimal MVC in JavaScript
 
Learning Git with Workflows
Learning Git with WorkflowsLearning Git with Workflows
Learning Git with Workflows
 
Dive into Pinkoi 2013
Dive into Pinkoi 2013Dive into Pinkoi 2013
Dive into Pinkoi 2013
 
Learning Python from Data
Learning Python from DataLearning Python from Data
Learning Python from Data
 
Introduction to Clime
Introduction to ClimeIntroduction to Clime
Introduction to Clime
 
Programming with Python - Adv.
Programming with Python - Adv.Programming with Python - Adv.
Programming with Python - Adv.
 
Programming with Python - Basic
Programming with Python - BasicProgramming with Python - Basic
Programming with Python - Basic
 

Recently uploaded

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 

Recently uploaded (20)

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 

MoSQL: More than SQL, but less than ORM

  • 2. 2 More than SQL, but Less than ORMMore than SQL, but Less than ORM MoSQLMoSQL
  • 3. 3 OutlineOutline ● Why not SQL?Why not SQL? ● Why ORM?Why ORM? ● MoSQLMoSQL – SQL BuildersSQL Builders – Model of Result SetModel of Result Set ● ConclusionConclusion
  • 4. 4 Why not SQL?Why not SQL?
  • 5. 5 SQL SyntaxSQL Syntax ● SELECT * FROM article;SELECT * FROM article; ● SELECT * FROM article LIMIT 1;SELECT * FROM article LIMIT 1; ● add “ ORDER BY created ”?add “ ORDER BY created ”? ● add “ OFFSET 10 ”?add “ OFFSET 10 ”? ● add “ GROUP BY author ”?add “ GROUP BY author ”? ● Is “ UPDATE article WHERE title='SQL' SETIs “ UPDATE article WHERE title='SQL' SET title='ORM' ” correct?title='ORM' ” correct?
  • 7. 7 SQL InjectionSQL Injection ● ') or '1'='1') or '1'='1 ● ' or true; --' or true; -- ● ' or 1=1; --' or 1=1; -- ● ' or 2=2; --' or 2=2; -- ● ' or 'str'='str'; --' or 'str'='str'; -- ● ……
  • 8. 8 It may be hacker friendly.It may be hacker friendly.
  • 9. 9 SQL seems ancient, but ...SQL seems ancient, but ...
  • 10. 10 using SQL is theusing SQL is the FASTESTFASTEST way.way.
  • 12. 12 ORM SyntaxORM Syntax class User(Base):class User(Base): __tablename__ = 'users'__tablename__ = 'users' name = Column(String)name = Column(String) fullname = Column(String)fullname = Column(String) password = Column(String)password = Column(String)
  • 13. 13 ORM Syntax (cont.)ORM Syntax (cont.) >>> fake_user = User('fakeuser', 'Invalid',>>> fake_user = User('fakeuser', 'Invalid', '12345')'12345') >>> session.add(fake_user)>>> session.add(fake_user) >>> for row in session.query(User,>>> for row in session.query(User, User.name).all():User.name).all(): ... print row.User, row.name... print row.User, row.name
  • 15. 15 SQL InjectionSQL Injection ● ' or true; --' or true; -- ● ' or 1=1; --' or 1=1; -- ● ' or 1=1; #' or 1=1; # ● ' or 1=1; /*' or 1=1; /* ● ') or '1'='1') or '1'='1 ● …… ● SaferSafer
  • 17. 17 ORM seems modern, but ...ORM seems modern, but ...
  • 18. 18 the most of ORMs are SLOW.the most of ORMs are SLOW.
  • 19. 19 SQL < ______ < ORMSQL < ______ < ORM
  • 20. 20 SQL < MoSQL < ORMSQL < MoSQL < ORM
  • 22. 22 SQL Builders (cont.)SQL Builders (cont.) >>> from mosql.build import *>>> from mosql.build import * >>>>>> select('pycon')select('pycon') SELECT * FROM "pycon"SELECT * FROM "pycon" >>> select('pycon',>>> select('pycon', {'id': 'mosky'}{'id': 'mosky'})) SELECT * FROM "pycon" WHERE "id" = 'mosky'SELECT * FROM "pycon" WHERE "id" = 'mosky'
  • 23. 23 SQL Builders (cont.)SQL Builders (cont.) >>> insert('pycon',>>> insert('pycon', {'yr': 2013, 'id': 'masky'}{'yr': 2013, 'id': 'masky'})) INSERT INTO "pycon" ("id", "yr") VALUES ('masky', 2013)INSERT INTO "pycon" ("id", "yr") VALUES ('masky', 2013) >>> update('pycon',>>> update('pycon', ...... where={'id': 'masky'}where={'id': 'masky'},, ...... set ={'id': 'mosky'}set ={'id': 'mosky'} ... )... ) UPDATE "pycon" SET "id"='mosky' WHERE "id" = 'masky'UPDATE "pycon" SET "id"='mosky' WHERE "id" = 'masky'
  • 24. 24 SQL Builders (cont.)SQL Builders (cont.) ● insert(table,insert(table, setset, …), …) ● select(table,select(table, wherewhere, …), …) ● update(table,update(table, wherewhere,, setset, …), …) ● delete(table,delete(table, wherewhere, …), …) ● ......
  • 25. 25 If you like it,If you like it,
  • 26. 26 sudo pip install mosqlsudo pip install mosql
  • 27. 27 Model of Result SetModel of Result Set
  • 28. 28 Model: Configure ConnectionModel: Configure Connection import psycopg2.poolimport psycopg2.pool from mosql.result import Modelfrom mosql.result import Model pool = psycopg2.pool.SimpleConnectionPool(1, 5,pool = psycopg2.pool.SimpleConnectionPool(1, 5, database='mosky')database='mosky') class PostgreSQL(Model):class PostgreSQL(Model): getconn = pool.getconngetconn = pool.getconn putconn = pool.putconnputconn = pool.putconn
  • 29. 29 Model: Set the Name of TableModel: Set the Name of Table class Person(PostgreSQL):class Person(PostgreSQL): table = 'person'table = 'person' >>> Person.select(>>> Person.select({'person_id': 'mosky'}{'person_id': 'mosky'})) {'name': ['Mosky Liu'], 'person_id': ['mosky']}{'name': ['Mosky Liu'], 'person_id': ['mosky']} >>> Person.where(person_id=>>> Person.where(person_id=('andy', 'mosky')('andy', 'mosky'))) {'name': ['Andy Warhol', 'Mosky Liu'], 'person_id':{'name': ['Andy Warhol', 'Mosky Liu'], 'person_id': ['andy', 'mosky']}['andy', 'mosky']}
  • 30. 30 Model: Make QueriesModel: Make Queries Person.Person.selectselect({'person_id': 'mosky'})({'person_id': 'mosky'}) Person.Person.insertinsert({'person_id': 'tina'})({'person_id': 'tina'}) Person.Person.updateupdate(( where={'person_id': 'mosky'},where={'person_id': 'mosky'}, set ={'name' : 'Yiyu Liu'}set ={'name' : 'Yiyu Liu'} )) Person.Person.deletedelete({'person_id': 'tina'})({'person_id': 'tina'})
  • 31. 31 Model: Squash ColumnsModel: Squash Columns class Person(PostgreSQL):class Person(PostgreSQL): table = 'person'table = 'person' squashed = set(['person_id', 'name'])squashed = set(['person_id', 'name']) >>> Person.select({'person_id': 'mosky'})>>> Person.select({'person_id': 'mosky'}) {'name':{'name': 'Mosky Liu''Mosky Liu', 'person_id':, 'person_id': 'mosky''mosky'}} >>> Person.where(person_id=('andy', 'mosky'))>>> Person.where(person_id=('andy', 'mosky')) {'name':{'name': 'Andy Warhol''Andy Warhol', 'person_id':, 'person_id': 'andy''andy'}}
  • 32. 32 Model: ArrangeModel: Arrange class Person(PostgreSQL):class Person(PostgreSQL): ...... arrange_by = ('person_id', )arrange_by = ('person_id', ) >>> for person in Person.arrange(>>> for person in Person.arrange({'person_id':{'person_id': ('andy', 'mosky')}('andy', 'mosky')}):): ... print person... print person {'name': 'Andy Warhol', 'person_id': 'andy'}{'name': 'Andy Warhol', 'person_id': 'andy'} {'name': 'Mosky Liu', 'person_id': 'mosky'}{'name': 'Mosky Liu', 'person_id': 'mosky'}
  • 33. 33 Model: Arrange (cont.)Model: Arrange (cont.) >>> for detail in>>> for detail in DetailDetail.arrange({'person_id':.arrange({'person_id': ('mosky', 'andy')}):('mosky', 'andy')}): ... print detail... print detail ...... {'detail_id': [5],{'detail_id': [5], 'key': 'email','key': 'email', 'person_id': 'andy','person_id': 'andy', 'val': ['andy@gmail.com']}'val': ['andy@gmail.com']} ......
  • 34. 34 Model: FindModel: Find class Person(PostgreSQL):class Person(PostgreSQL): ...... arrange_by = ('person_id', )arrange_by = ('person_id', ) >>> for person in Person.>>> for person in Person.findfind((person_id=('andy',person_id=('andy', 'mosky')'mosky')):): ... print person... print person {'name': 'Andy Warhol', 'person_id': 'andy'}{'name': 'Andy Warhol', 'person_id': 'andy'} {'name': 'Mosky Liu', 'person_id': 'mosky'}{'name': 'Mosky Liu', 'person_id': 'mosky'}
  • 35. 35 Model: Identify a RowModel: Identify a Row class Person(PostgreSQL):class Person(PostgreSQL): ...... ident_by = ('person_id', )ident_by = ('person_id', )
  • 36. 36 Model: ModificationModel: Modification >>> p = Person.where(person_id='mosky')>>> p = Person.where(person_id='mosky') >>>>>> p['name'] = 'Yiyu Liu'p['name'] = 'Yiyu Liu' >>>>>> p.name = 'Yiyu Liu'p.name = 'Yiyu Liu' >>> p.save()>>> p.save() >>> d =>>> d = DetailDetail.where(.where(person_id='mosky', key='email'person_id='mosky', key='email')) >>>>>> p['val'][0] = '<modified email>'p['val'][0] = '<modified email>' >>>>>> p.val[0] = '<modified email>'p.val[0] = '<modified email>' >>> p.save()>>> p.save()
  • 37. 37 Model: Pop and AppendModel: Pop and Append >>> d = Detail.where(>>> d = Detail.where(person_id='mosky', key='email'person_id='mosky', key='email')) >>>>>> p.pop(-1)p.pop(-1) >>>>>> p.append({'val': '<new mail>'})p.append({'val': '<new mail>'}) >>> p.save()>>> p.save()
  • 38. 38 Model: Default ClausesModel: Default Clauses class Person(PostgreSQL):class Person(PostgreSQL): ...... clauses = dict(clauses = dict( order_by=('person_id', )order_by=('person_id', ) ))
  • 39. 39 PerformancePerformance ● AboutAbout 4x4x faster than SQLAlchemy.faster than SQLAlchemy. ● Just a little bit slower than pure SQL.Just a little bit slower than pure SQL.
  • 40. 40 SecuritySecurity ● Security by default.Security by default. ● Use escaping technique.Use escaping technique. ● Prevent SQL injection from both valuePrevent SQL injection from both value and identifier.and identifier. ● Passed the tests fromPassed the tests from sqlmapsqlmap at level=5at level=5 and risk=3.and risk=3.
  • 41. 41 ConclusionConclusion ● Easy-to-LearnEasy-to-Learn ● ConvenientConvenient ● FasterFaster ● SecureSecure ● sudo pip install mosqlsudo pip install mosql ● http://mosql.mosky.tw/http://mosql.mosky.tw/ ● Welcome to fork!Welcome to fork!