Developers program their code in a number of different languages and it could be designed to run just about anywhere. When writing an application, some people follow the philosophy that as much of the logic as possible for the application, should be pushed to the client. We see this in the explosion of applications leveraging JavaScript inside browsers. Others like to push the logic into the middle tier with an application server handling the business rules. These are all valid ways to design an application, so why would you want to program in the database server?
Let's start with a simple example. Many applications include a list of customers who have a balance in their account. We'll use this sample schema and data:
CREATE TABLE accounts(owner text, balance numeric);
INSERT INTO accounts VALUES ('Bob',100);
INSERT INTO accounts VALUES ('Mary',200);Tip
Downloading the example code
You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
When using a database, the most common way to interact with it is to use SQL queries. If you want to move 14 dollars from Bob's account to Mary's account, with simple SQL it would look like this:
UPDATE accounts SET balance = balance - 14.00 WHERE owner = 'Bob'; UPDATE accounts SET balance = balance + 14.00 WHERE owner = 'Mary';
But you have to also make sure that Bob actually has enough money (or credit) on his account. It's also important that if anything fails then none of the transactions happen. In an application program, the preceding code snippet becomes:
BEGIN; SELECT amount FROM accounts WHERE owner = 'Bob' FOR UPDATE; -- now in the application check that the amount is actually bigger than 14 UPDATE accounts SET amount = amount - 14.00 WHERE owner = 'Bob'; UPDATE accounts SET amount = amount + 14.00 WHERE owner = 'Mary'; COMMIT;
But did Mary actually have an account? If she did not, the last UPDATE will succeed by updating zero rows. If any of the checks fail, you should do a ROLLBACK instead of COMMIT. Once you have done all this for all the clients that transfer money, a new requirement will invariably arrive. Perhaps, the minimum amount that can be transferred is now 5.00. You will need to revisit all your code in all your clients again.
So what can you do to make all of this more manageable, more secure, and more robust? This is where server programming, executing code on the database server itself, can help. You can move the computations, checks, and data manipulations entirely into a User-defined function (UDF) on the server. This does not just ensure that you have only one copy of operation logic to manage, but also makes things faster by not needing several round-trips between client and server. If required, you can also make sure that only as much information as needed is given out of the database. For example, there is no business for most client applications to know how much money Bob has on his account. Mostly, they only need to know if there is enough money to make the transfer, or more to the point, if the transaction succeeded.
PostgreSQL includes its own programming language named PL/pgSQL that is aimed to integrate easily with SQL commands. PL stands for programming language, and this is just one of the many languages available for writing server code. pgSQL is shorthand for PostgreSQL.
Unlike basic SQL, PL/pgSQL includes procedural elements, like the ability to use if/then/else statements and loops. You can easily execute SQL statements, or even loop over the result of a SQL statement in the language.
The integrity checks needed for the application can be done in a PL/pgSQL function which takes three arguments: names of the payer and recipient, and the amount to pay. This sample also returns the status of the payment:
CREATE OR REPLACE FUNCTION transfer(
i_payer text,
i_recipient text,
i_amount numeric(15,2))
RETURNS text
AS
$$
DECLARE
payer_bal numeric;
BEGIN
SELECT balance INTO payer_bal
FROM accounts
WHERE owner = i_payer FOR UPDATE;
IF NOT FOUND THEN
RETURN 'Payer account not found';
END IF;
IF payer_bal < i_amount THEN
RETURN 'Not enough funds';
END IF;
UPDATE accounts
SET balance = balance + i_amount
WHERE owner = i_recipient;
IF NOT FOUND THEN
RETURN 'Recipient does not exist';
END IF;
UPDATE accounts
SET balance = balance - i_amount
WHERE owner = i_payer;
RETURN 'OK';
END;
$$ LANGUAGE plpgsql;Here are a few examples of using this function, assuming you haven't executed the previously proposed UPDATE statements yet:
postgres=# SELECT * FROM accounts;
owner | balance
-------+---------
Bob | 100
Mary | 200
(2 rows)
postgres=# SELECT * FROM transfer('Bob','Mary',14.00);
transfer
----------
OK
(1 row)
postgres=# SELECT * FROM accounts;
owner | balance
-------+---------
Mary | 214.00
Bob | 86.00
(2 rows)Your application would need to check the return code and decide how to handle these errors. As long as it was written to reject any unexpected value, you could extend this function to do more checking, such as minimum transferrable amount, and be sure it would be prevented. There are three errors this can return:
postgres=# SELECT * FROM transfer('Fred','Mary',14.00);
transfer
-------------------------
Payer account not found
(1 row)
postgres=# SELECT * FROM transfer('Bob','Fred',14.00);
transfer
--------------------------
Recipient does not exist
(1 row)
postgres=# SELECT * FROM transfer('Bob','Mary',500.00);
transfer
------------------
Not enough funds
(1 row)For these checks to always work, you would need to make all transfer operations go through the function, rather than manually changing the values with SQL statements.