Developers program their code in a number of different languages, and it can be designed to run just about anywhere. When writing an application, some people follow the philosophy that as much of the logic as possible for the application should be pushed to the client. We see this in the explosion of applications leveraging JavaScript inside browsers. Others like to push the logic into the middle tier, with an application server handling the business rules. These are all valid ways to design an application, so why will you want to program in the database server?
Let's start with a simple example. Many applications include a list of customers who have a balance in their account. We'll use this sample schema and data:
CREATE TABLE accounts(owner text, balance numeric, amount numeric);
INSERT INTO accounts VALUES ('Bob',100);
INSERT INTO accounts VALUES ('Mary',200);Note
Downloading the example code
You can download the example code files for all the Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
When using a database, the most common way to interact with it, is to use SQL queries. If you want to move 14 dollars from Bob's account to Mary's account with simple SQL, you can do so using the following:
UPDATE accounts SET balance = balance - 14.00 WHERE owner = 'Bob'; UPDATE accounts SET balance = balance + 14.00 WHERE owner = 'Mary';
However, you also have to make sure that Bob actually has enough money (or credit) in his account. Note that if anything fails, then none of the transactions will happen. In an application program, this is how the preceding code snippet will be modified:
BEGIN; SELECT amount FROM accounts WHERE owner = 'Bob' FOR UPDATE; -- now in the application check that the amount is actually bigger -- than 14 UPDATE accounts SET amount = amount - 14.00 WHERE owner = 'Bob'; UPDATE accounts SET amount = amount + 14.00 WHERE owner = 'Mary'; COMMIT;
Did Mary actually have an account? If she did not, the last UPDATE command will succeed by updating zero rows. If any of the checks fail, you should do ROLLBACK instead of COMMIT. Once you have done all this for all the clients that transfer money, a new requirement will invariably arrive. Perhaps, the minimum amount that can be transferred is now 5.00. You will need to revisit the code in all your clients again.
So, what can you do to make all of this more manageable, secure, and robust? This is where server programming, executing code on the database server itself, can help. You can move the computations, checks, and data manipulations entirely into a UDF on the server. This not only ensures that you have only one copy of operation logic to manage, but also makes things faster by not requiring several round trips between the client and the server. If required, you can also make sure that only the essential information is given out from the database. For example, there is no business for most client applications to know how much money Bob has in his account. Mostly, they only need to know whether there is enough money to make the transfer, or to be more specific, whether the transaction succeeded.
PostgreSQL includes its own programming language named PL/pgSQL that is aimed to integrate easily with SQL commands. PL stands for procedural language, and this is just one of the many languages available for writing server code. pgSQL is the shorthand for PostgreSQL.
Unlike basic SQL, PL/pgSQL includes procedural elements, such as the ability to use the if/then/else statements and loops. You can easily execute SQL statements, or even loop over the result of a SQL statement in the language.
The integrity checks needed for the application can be done in a PL/pgSQL function that takes three arguments: names of the payer and the recipient and the amount to be paid. This sample also returns the status of the payment:
CREATE OR REPLACE FUNCTION transfer(
i_payer text,
i_recipient text,
i_amount numeric(15,2))
RETURNS text
AS
$$
DECLARE
payer_bal numeric;
BEGIN
SELECT balance INTO payer_bal
FROM accounts
WHERE owner = i_payer FOR UPDATE;
IF NOT FOUND THEN
RETURN 'Payer account not found';
END IF;
IF payer_bal < i_amount THEN
RETURN 'Not enough funds';
END IF;
UPDATE accounts
SET balance = balance + i_amount
WHERE owner = i_recipient;
IF NOT FOUND THEN
RETURN 'Recipient does not exist';
END IF;
UPDATE accounts
SET balance = balance - i_amount
WHERE owner = i_payer;
RETURN 'OK';
END;
$$ LANGUAGE plpgsql;Here are a few examples of the usage of this function, assuming that you haven't executed the previously proposed UPDATE statements yet:
postgres=# SELECT * FROM accounts;
owner | balance
-------+---------
Bob | 100
Mary | 200
(2 rows)
postgres=# SELECT transfer('Bob','Mary',14.00);
transfer
----------
OK
(1 row)
postgres=# SELECT * FROM accounts;
owner | balance
-------+---------
Mary | 214.00
Bob | 86.00
(2 rows)Your application will need to check the return code and decide how to handle these errors. As long as it is written to reject any unexpected value, you can extend this function to do more checking, such as the minimum transferrable amount, and you can be sure it will be prevented. The following three errors can be returned:
postgres=# SELECT * FROM transfer('Fred','Mary',14.00);
transfer
-------------------------
Payer account not found
(1 row)
postgres=# SELECT * FROM transfer('Bob','Fred',14.00);
transfer
--------------------------
Recipient does not exist
(1 row)
postgres=# SELECT * FROM transfer('Bob','Mary',500.00);
transfer
------------------
Not enough funds
(1 row)For these checks to always work, you will need to make all the transfer operations go through the function, rather than manually changing the values with SQL statements. One way to achieve this, is by revoking update privileges from users and from a user with higher privileges that define the transfer function with SECURITY DEFINER. This will allow the restricted users to run the function as if they have higher privileges similar to the function's creator.