Tài liệu SQL Antipatterns: Avoiding the Pitfalls of Database Programming pdf

What Readers Are Saying About SQL Antipatterns

I am a strong advocate of best practices. I prefer to learn from other

people’s mistakes. This book is a comprehensive collection of those

other people’s mistakes and, quite surprisingly, some of my own. I

wish I had read this book sooner.

Marcus Adams

Senior Software Engineer

Bill has written an engaging, useful, important, and unique book.

Software developers will certainly benefit from reading the anti￾patterns and solutions described here. I immediately applied tech￾niques from this book and improved my applications. Fantastic work!

Frederic Daoud

Author of Stripes: ...And Java Web Development Is Fun Again

and Getting Started with Apache Click

SQL Antipatterns is a must-read for software developers, who will

frequently encounter the database design choices presented in this

book. It helps development teams to understand the consequences of

their database designs and to make the best decisions possible based

on requirements, expectations, measurements, and reality.

Darby Felton

Cofounder, DevBots Software Development

I really like how Bill has approached this book; it shows his unique

style and sense of humor. Those things are really important when

discussing potentially dry topics. Bill has succeeded in making the

teachings accessible for developers in a good descriptive form, as

well as being easy to reference later. In short, this is an excellent new

resource for your pragmatic bookshelf!

Arjen Lentz

Executive Director of Open Query (http://openquery.com);

Coauthor of High Performance MySQL, Second Edition

This book is obviously the product of many years of practical expe￾rience with SQL databases. Each topic is covered in great depth,

and the attention to detail in the book was beyond my expectations.

Although it’s not a beginner’s book, any developer with a reasonable

amount of SQL experience should find it to be a valuable reference

and would be hard-pressed not to learn something new.

Mike Naberezny

Partner at Maintainable Software; Coauthor of Rails for PHP

Developers

This is an excellent book for the software engineer who knows basic

SQL but finds herself needing to design SQL databases for projects

that go a little beyond the basics.

Liz Neely

Senior Database Programmer

Karwin’s book is full of good and practical advice, and it was pub￾lished at the right time. While many people are focusing on the new

and seemingly fancy stuff, professionals now have the chance and the

perfect book to sharpen their SQL knowledge.

Maik Schmidt

Author of Enterprise Recipes with Ruby and Rails and

Enterprise Integration with Ruby

Bill has captured the essence of a slew of traps that we’ve probably all

dug for ourselves at one point or another when working with SQL —

without even realizing we’re in trouble. Bill’s antipatterns range from

“I can’t believe I did that (again!)” hindsight gotchas to tricky scenar￾ios where the best solution may run counter to the SQL dogma you

grew up with. A good read for SQL diehards, novices, and everyone in

between.

Danny Thorpe

Microsoft Principal Engineer; Author of Delphi Component

Design

SQL Antipatterns

Avoiding the Pitfalls of Database Programming

Bill Karwin

The Pragmatic Bookshelf

Raleigh, North Carolina Dallas, Texas

Many of the designations used by manufacturers and sellers to distinguish their prod￾ucts are claimed as trademarks. Where those designations appear in this book, and The

Pragmatic Programmers, LLC was aware of a trademark claim, the designations have

been printed in initial capital letters or in all capitals. The Pragmatic Starter Kit, The

Pragmatic Programmer, Pragmatic Programming, Pragmatic Bookshelf and the linking g

device are trademarks of The Pragmatic Programmers, LLC.

Every precaution was taken in the preparation of this book. However, the publisher

assumes no responsibility for errors or omissions, or for damages that may result from

the use of information (including program listings) contained herein.

Our Pragmatic courses, workshops, and other products can help you and your team

create better software and have more fun. For more information, as well as the latest

Pragmatic titles, please visit us at

http://www.pragprog.com

Copyright © 2010 Bill Karwin.

All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmit￾ted, in any form, or by any means, electronic, mechanical, photocopying, recording, or

otherwise, without the prior consent of the publisher.

Printed in the United States of America.

ISBN-10: 1-934356-55-7

ISBN-13: 978-1-934356-55-5

Printed on acid-free paper.

P1.0 printing, May 2010

Version: 2010-6-9

Contents

1 Introduction 13

1.1 Who This Book Is For . . . . . . . . . . . . . . . . . . . . 14

1.2 What’s in This Book . . . . . . . . . . . . . . . . . . . . 15

1.3 What’s Not in This Book . . . . . . . . . . . . . . . . . . 17

1.4 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.5 Example Database . . . . . . . . . . . . . . . . . . . . . 19

1.6 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 22

I Logical Database Design Antipatterns 24

2 Jaywalking 25

2.1 Objective: Store Multivalue Attributes . . . . . . . . . . 26

2.2 Antipattern: Format Comma-Separated Lists . . . . . . 26

2.3 How to Recognize the Antipattern . . . . . . . . . . . . 29

2.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 30

2.5 Solution: Create an Intersection Table . . . . . . . . . . 30

3 Naive Trees 34

3.1 Objective: Store and Query Hierarchies . . . . . . . . . 35

3.2 Antipattern: Always Depend on One’s Parent . . . . . . 35

3.3 How to Recognize the Antipattern . . . . . . . . . . . . 39

3.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 40

3.5 Solution: Use Alternative Tree Models . . . . . . . . . . 41

4 ID Required 54

4.1 Objective: Establish Primary Key Conventions . . . . . 55

4.2 Antipattern: One Size Fits All . . . . . . . . . . . . . . . 57

4.3 How to Recognize the Antipattern . . . . . . . . . . . . 61

4.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 61

4.5 Solution: Tailored to Fit . . . . . . . . . . . . . . . . . . 62

CONTENTS 8

5 Keyless Entry 65

5.1 Objective: Simplify Database Architecture . . . . . . . . 66

5.2 Antipattern: Leave Out the Constraints . . . . . . . . . 66

5.3 How to Recognize the Antipattern . . . . . . . . . . . . 69

5.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 70

5.5 Solution: Declare Constraints . . . . . . . . . . . . . . . 70

6 Entity-Attribute-Value 73

6.1 Objective: Support Variable Attributes . . . . . . . . . . 73

6.2 Antipattern: Use a Generic Attribute Table . . . . . . . 74

6.3 How to Recognize the Antipattern . . . . . . . . . . . . 80

6.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 80

6.5 Solution: Model the Subtypes . . . . . . . . . . . . . . . 82

7 Polymorphic Associations 89

7.1 Objective: Reference Multiple Parents . . . . . . . . . . 90

7.2 Antipattern: Use Dual-Purpose Foreign Key . . . . . . . 91

7.3 How to Recognize the Antipattern . . . . . . . . . . . . 94

7.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 95

7.5 Solution: Simplify the Relationship . . . . . . . . . . . . 96

8 Multicolumn Attributes 102

8.1 Objective: Store Multivalue Attributes . . . . . . . . . . 102

8.2 Antipattern: Create Multiple Columns . . . . . . . . . . 103

8.3 How to Recognize the Antipattern . . . . . . . . . . . . 106

8.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 107

8.5 Solution: Create Dependent Table . . . . . . . . . . . . 108

9 Metadata Tribbles 110

9.1 Objective: Support Scalability . . . . . . . . . . . . . . . 111

9.2 Antipattern: Clone Tables or Columns . . . . . . . . . . 111

9.3 How to Recognize the Antipattern . . . . . . . . . . . . 116

9.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 117

9.5 Solution: Partition and Normalize . . . . . . . . . . . . 118

Report erratum

this copy is (P1.0 printing, May 2010)

CONTENTS 9

II Physical Database Design Antipatterns 122

10 Rounding Errors 123

10.1 Objective: Use Fractional Numbers Instead of Integers 124

10.2 Antipattern: Use FLOAT Data Type . . . . . . . . . . . . 124

10.3 How to Recognize the Antipattern . . . . . . . . . . . . 128

10.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 128

10.5 Solution: Use NUMERIC Data Type . . . . . . . . . . . . 128

11 31 Flavors 131

11.1 Objective: Restrict a Column to Specific Values . . . . 131

11.2 Antipattern: Specify Values in the Column Definition . 132

11.3 How to Recognize the Antipattern . . . . . . . . . . . . 135

11.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 136

11.5 Solution: Specify Values in Data . . . . . . . . . . . . . 136

12 Phantom Files 139

12.1 Objective: Store Images or Other Bulky Media . . . . . 140

12.2 Antipattern: Assume You Must Use Files . . . . . . . . 140

12.3 How to Recognize the Antipattern . . . . . . . . . . . . 143

12.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 144

12.5 Solution: Use BLOB Data Types As Needed . . . . . . . 145

13 Index Shotgun 148

13.1 Objective: Optimize Performance . . . . . . . . . . . . . 149

13.2 Antipattern: Using Indexes Without a Plan . . . . . . . 149

13.3 How to Recognize the Antipattern . . . . . . . . . . . . 153

13.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 154

13.5 Solution: MENTOR Your Indexes . . . . . . . . . . . . . 154

III Query Antipatterns 161

14 Fear of the Unknown 162

14.1 Objective: Distinguish Missing Values . . . . . . . . . . 163

14.2 Antipattern: Use Null as an Ordinary Value, or Vice Versa163

14.3 How to Recognize the Antipattern . . . . . . . . . . . . 166

14.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 168

14.5 Solution: Use Null as a Unique Value . . . . . . . . . . 168

Report erratum

this copy is (P1.0 printing, May 2010)

CONTENTS 10

15 Ambiguous Groups 173

15.1 Objective: Get Row with Greatest Value per Group . . . 174

15.2 Antipattern: Reference Nongrouped Columns . . . . . . 174

15.3 How to Recognize the Antipattern . . . . . . . . . . . . 176

15.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 178

15.5 Solution: Use Columns Unambiguously . . . . . . . . . 179

16 Random Selection 183

16.1 Objective: Fetch a Sample Row . . . . . . . . . . . . . . 184

16.2 Antipattern: Sort Data Randomly . . . . . . . . . . . . . 184

16.3 How to Recognize the Antipattern . . . . . . . . . . . . 185

16.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 186

16.5 Solution: In No Particular Order. . . . . . . . . . . . . . 186

17 Poor Man’s Search Engine 190

17.1 Objective: Full-Text Search . . . . . . . . . . . . . . . . 191

17.2 Antipattern: Pattern Matching Predicates . . . . . . . . 191

17.3 How to Recognize the Antipattern . . . . . . . . . . . . 192

17.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 193

17.5 Solution: Use the Right Tool for the Job . . . . . . . . . 193

18 Spaghetti Query 204

18.1 Objective: Decrease SQL Queries . . . . . . . . . . . . . 205

18.2 Antipattern: Solve a Complex Problem in One Step . . 205

18.3 How to Recognize the Antipattern . . . . . . . . . . . . 207

18.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 208

18.5 Solution: Divide and Conquer . . . . . . . . . . . . . . . 209

19 Implicit Columns 214

19.1 Objective: Reduce Typing . . . . . . . . . . . . . . . . . 215

19.2 Antipattern: a Shortcut That Gets You Lost . . . . . . . 215

19.3 How to Recognize the Antipattern . . . . . . . . . . . . 217

19.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 218

19.5 Solution: Name Columns Explicitly . . . . . . . . . . . . 219

Report erratum

this copy is (P1.0 printing, May 2010)

CONTENTS 11

IV Application Development Antipatterns 221

20 Readable Passwords 222

20.1 Objective: Recover or Reset Passwords . . . . . . . . . . 222

20.2 Antipattern: Store Password in Plain Text . . . . . . . . 223

20.3 How to Recognize the Antipattern . . . . . . . . . . . . 225

20.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 225

20.5 Solution: Store a Salted Hash of the Password . . . . . 227

21 SQL Injection 234

21.1 Objective: Write Dynamic SQL Queries . . . . . . . . . 235

21.2 Antipattern: Execute Unverified Input As Code . . . . . 235

21.3 How to Recognize the Antipattern . . . . . . . . . . . . 242

21.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 243

21.5 Solution: Trust No One . . . . . . . . . . . . . . . . . . . 243

22 Pseudokey Neat-Freak 250

22.1 Objective: Tidy Up the Data . . . . . . . . . . . . . . . . 251

22.2 Antipattern: Filling in the Corners . . . . . . . . . . . . 251

22.3 How to Recognize the Antipattern . . . . . . . . . . . . 254

22.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 254

22.5 Solution: Get Over It . . . . . . . . . . . . . . . . . . . . 254

23 See No Evil 259

23.1 Objective: Write Less Code . . . . . . . . . . . . . . . . . 260

23.2 Antipattern: Making Bricks Without Straw . . . . . . . 260

23.3 How to Recognize the Antipattern . . . . . . . . . . . . 262

23.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 263

23.5 Solution: Recover from Errors Gracefully . . . . . . . . 264

24 Diplomatic Immunity 266

24.1 Objective: Employ Best Practices . . . . . . . . . . . . . 267

24.2 Antipattern: Make SQL a Second-Class Citizen . . . . . 267

24.3 How to Recognize the Antipattern . . . . . . . . . . . . 268

24.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 269

24.5 Solution: Establish a Big-Tent Culture of Quality . . . 269

25 Magic Beans 278

25.1 Objective: Simplify Models in MVC . . . . . . . . . . . . 279

25.2 Antipattern: The Model Is an Active Record . . . . . . . 280

25.3 How to Recognize the Antipattern . . . . . . . . . . . . 286

25.4 Legitimate Uses of the Antipattern . . . . . . . . . . . . 287

25.5 Solution: The Model Has an Active Record . . . . . . . 287

Report erratum

this copy is (P1.0 printing, May 2010)

CONTENTS 12

V Appendixes 293

A Rules of Normalization 294

A.1 What Does Relational Mean? . . . . . . . . . . . . . . . 294

A.2 Myths About Normalization . . . . . . . . . . . . . . . . 296

A.3 What Is Normalization? . . . . . . . . . . . . . . . . . . 298

A.4 Common Sense . . . . . . . . . . . . . . . . . . . . . . . 308

B Bibliography 309

Index 311

Report erratum

this copy is (P1.0 printing, May 2010)

An expert is a person who has made all the mistakes that

can be made in a very narrow field.

Niels Bohr

Chapter 1

Introduction

I turned down my first SQL job.

Shortly after I finished my college degree in computer and information

science at the University of California, I was approached by a manager

who worked at the university and knew me through campus activi￾ties. He had his own software startup company on the side that was

developing a database management system portable between various

UNIX platforms using shell scripts and related tools such as awk (at this

time, modern dynamic languages like Ruby, Python, PHP, and even Perl

weren’t popular yet). The manager approached me because he needed a

programmer to write the code to recognize and execute a limited version

of the SQL language.

He said, “I don’t need to support the full language—that would be too

much work. I need only one SQL statement: SELECT.”

I hadn’t been taught SQL in school. Databases weren’t as ubiquitous

as they are today, and open source brands like MySQL and PostgreSQL

didn’t exist yet. But I had developed complete applications in shell,

and I knew something about parsers, having done projects in classes

like compiler design and computational linguistics. So, I thought about

taking the job. How hard could it be to parse a single statement of a

specialized language like SQL?

I found a reference for SQL and noticed immediately that this was a

different sort of language from those that support statements like if( )

and while( ), variable assignments and expressions, and perhaps func￾tions. To call SELECT only one statement in that language is like calling

an engine only one part of an automobile. Both sentences are literally

true, but they certainly belie the complexity and depth of their subjects.

To support execution of that single SQL statement, I realized I would

WHO THIS BOOK IS FOR 14

have to develop all the code for a fully functional relational database

management system and query engine.

I declined this opportunity to code an SQL parser and RDBMS engine

in shell script. The manager underrepresented the scope of his project,

perhaps because he didn’t understand what an RDBMS does.

My early experience with SQL seems to be a common one for software

developers, even those who have a college degree in computer science.

Most people are self-taught in SQL, learning it out of self-defense when

they find themselves working on a project that requires it, instead

of studying it explicitly as they would most programming languages.

Regardless of whether the person is a hobbyist or a professional pro￾grammer or an accomplished researcher with a PhD, SQL seems to be

a software skill that programmers learn without training.

Once I learned something about SQL, I was surprised how different

it is from procedural programming languages such as C, Pascal, and

shell, or object-oriented languages like C++, Java, Ruby, or Python.

SQL is a declarative programming language like LISP, Haskell, or XSLT.

SQL uses sets as a fundamental data structure, while object-oriented

languages use objects. Traditionally trained software developers are

turned off by this so-called impedance mismatch, so many program￾mers are drawn to object-oriented libraries to avoid learning how to

use SQL effectively.

Since 1992, I’ve worked with SQL a lot. I’ve used it when developing

applications, I’ve provided technical support and developed training

and documentation for the InterBase RDBMS product, and I’ve devel￾oped libraries for SQL programming in Perl and PHP. I’ve answered

thousands of questions on Internet mailing lists and newsgroups. I see

a lot of repeat business—frequently asked questions that show that

software developers make the same mistakes over and over again.

1.1 Who This Book Is For

I’m writing SQL Antipatterns for software developers who need to use

SQL so I can help you use the language more effectively. It doesn’t

matter whether you’re a beginner or a seasoned professional. I’ve talked

to people of all levels of experience who would benefit from the subjects

in this book.

Report erratum

this copy is (P1.0 printing, May 2010)

WHAT’S IN THIS BOOK 15

You may have read a reference on SQL syntax. Now you know all the

clauses of a SELECT statement, and you can get some work done. Gradu￾ally, you may increase your SQL skills by inspecting other applications

and reading articles. But how can you tell good examples from bad

examples? How can you be sure you’re learning best practices, instead

of yet another way to paint yourself into a corner?

You may find some topics in SQL Antipatterns that are well-known to

you. You’ll see new ways of looking at the problems, even if you’re

already aware of the solutions. It’s good to confirm and reinforce your

good practices by reviewing widespread programmer misconceptions.

Other topics may be new to you. I hope you can improve your SQL

programming habits by reading them.

If you are a trained database administrator, you may already know

the best ways to avoid the SQL pitfalls described in this book. This

book can help you by introducing you to the perspective of software

developers. It’s not uncommon for the relationship between developers

and DBAs to be contentious, but mutual respect and teamwork can

help us to work together more effectively. Use SQL Antipatterns to help

explain good practices to the software developers you work with and

the consequences of straying from that path.

1.2 What’s in This Book

What is an antipattern? An antipattern is a technique that is intended

to solve a problem but that often leads to other problems. An antipat￾tern is practiced widely in different ways, but with a thread of common￾ality. People may come up with an idea that fits an antipattern inde￾pendently or with help from a colleague, a book, or an article. Many

antipatterns of object-oriented software design and project manage￾ment are documented at the Portland Pattern Repository,1 as well as

in the 1998 book AntiPatterns [BMMM98] by William J. Brown et al.

SQL Antipatterns describes the most frequently made missteps I’ve seen

people naively make while using SQL as I’ve talked to them in techni￾cal support and training sessions, worked alongside them developing

software, and answered their questions on Internet forums. Many of

these blunders I’ve made myself; there’s no better teacher than spend￾ing many hours late at night making up for one’s own errors.

1. Portland Pattern Repository: http://c2.com/cgi-bin/wiki?AntiPattern

Report erratum

this copy is (P1.0 printing, May 2010)