If you think that a PostgreSQL Server is just a storage system and the only way to communicate with it is by executing SQL statements, you are limiting yourself tremendously. That is, you are using just a tiny part of the database's features.
A PostgreSQL Server is a powerful framework that can be used for all kinds of data processing, and even some non-data server tasks. It is a server platform that allows you to easily mix and match functions and libraries from several popular languages.
Consider this complicated, multilanguage sequence of work:
- Call a string parsing function in Perl
- Convert the string to XSLT and process the result using JavaScript
- Ask for a secure stamp from an external timestamping service, such as http://guardtime.com/, using their SDK for C
- Write a Python function to digitally sign the result
This multilanguage sequence of work can be implemented as a series of simple function calls using several of the available server programming languages. The developer who needs to accomplish all this work can just call a single PostgreSQL function without the need to be aware of how the data is being passed between languages and libraries:
SELECT convert_to_xslt_and_sign(raw_data_string);
In this book, we will discuss several facets of PostgreSQL Server programming. PostgreSQL has all of the native server-side programming features available in most larger database systems such as triggers, which are automated actions invoked automatically each time data is changed. However, it has uniquely deep abilities to override the built-in behavior down to very basic operators. This unique PostgreSQL ability comes from its catalog-driven design, which stores information about data types, functions, and access methods. The ability of PostgreSQL to load user-defined functions via dynamic loading makes it rapidly changeable without having to recompile the database itself. There are several things you can do with this flexibility of customization. Some examples of this customization include the following:
- Writing user-defined functions (UDF) to carry out complex computations
- Adding complicated constraints to make sure that the data in the server meets guidelines
- Creating triggers in many languages to make related changes to other tables, audit changes, forbid the action from taking place if it does not meet certain criteria, prevent changes to the database, enforce and execute business rules, or replicate data
- Defining new data types and operators in the database
- Using the geography types defined in the PostGIS package
- Adding your own index access methods for either the existing or new data types, making some queries much more efficient
What sort of things can you do with these features? There are limitless possibilities, such as the ones listed here:
- Write data extractor functions to get just the interesting parts from structured data, such as XML or JSON, without needing to ship the whole, possibly huge, document to the client application.
- Process events asynchronously, such as sending mails without slowing down the main application. You can create a mail queue for changes to user information, populated by a trigger. A separate mail-sending process can consume this data whenever it is notified by an application process.
- Implement a new data type to custom hash the passwords.
- Write functions, which provide inside information about the server, for example, cache contents, table-wise lock information, or the SSL certificate information of a client connection for a monitoring dashboard.
The rest of this chapter is presented as a series of descriptions of common data management tasks, showing how they can be solved in a robust and elegant way via server programming.
Developers program their code in a number of different languages, and it can be designed to run just about anywhere. When writing an application, some people follow the philosophy that as much of the logic as possible for the application should be pushed to the client. We see this in the explosion of applications leveraging JavaScript inside browsers. Others like to push the logic into the middle tier, with an application server handling the business rules. These are all valid ways to design an application, so why will you want to program in the database server?
Let's start with a simple example. Many applications include a list of customers who have a balance in their account. We'll use this sample schema and data:
CREATE TABLE accounts(owner text, balance numeric, amount numeric);
INSERT INTO accounts VALUES ('Bob',100);
INSERT INTO accounts VALUES ('Mary',200);Tip
Downloading the example code
You can download the example code files for all the Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
When using a database, the most common way to interact with it, is to use SQL queries. If you want to move 14 dollars from Bob's account to Mary's account with simple SQL, you can do so using the following:
UPDATE accounts SET balance = balance - 14.00 WHERE owner = 'Bob'; UPDATE accounts SET balance = balance + 14.00 WHERE owner = 'Mary';
However, you also have to make sure that Bob actually has enough money (or credit) in his account. Note that if anything fails, then none of the transactions will happen. In an application program, this is how the preceding code snippet will be modified:
BEGIN; SELECT amount FROM accounts WHERE owner = 'Bob' FOR UPDATE; -- now in the application check that the amount is actually bigger -- than 14 UPDATE accounts SET amount = amount - 14.00 WHERE owner = 'Bob'; UPDATE accounts SET amount = amount + 14.00 WHERE owner = 'Mary'; COMMIT;
Did Mary actually have an account? If she did not, the last UPDATE command will succeed by updating zero rows. If any of the checks fail, you should do ROLLBACK instead of COMMIT. Once you have done all this for all the clients that transfer money, a new requirement will invariably arrive. Perhaps, the minimum amount that can be transferred is now 5.00. You will need to revisit the code in all your clients again.
So, what can you do to make all of this more manageable, secure, and robust? This is where server programming, executing code on the database server itself, can help. You can move the computations, checks, and data manipulations entirely into a UDF on the server. This not only ensures that you have only one copy of operation logic to manage, but also makes things faster by not requiring several round trips between the client and the server. If required, you can also make sure that only the essential information is given out from the database. For example, there is no business for most client applications to know how much money Bob has in his account. Mostly, they only need to know whether there is enough money to make the transfer, or to be more specific, whether the transaction succeeded.
PostgreSQL includes its own programming language named PL/pgSQL that is aimed to integrate easily with SQL commands. PL stands for procedural language, and this is just one of the many languages available for writing server code. pgSQL is the shorthand for PostgreSQL.
Unlike basic SQL, PL/pgSQL includes procedural elements, such as the ability to use the if/then/else statements and loops. You can easily execute SQL statements, or even loop over the result of a SQL statement in the language.
The integrity checks needed for the application can be done in a PL/pgSQL function that takes three arguments: names of the payer and the recipient and the amount to be paid. This sample also returns the status of the payment:
CREATE OR REPLACE FUNCTION transfer(
i_payer text,
i_recipient text,
i_amount numeric(15,2))
RETURNS text
AS
$$
DECLARE
payer_bal numeric;
BEGIN
SELECT balance INTO payer_bal
FROM accounts
WHERE owner = i_payer FOR UPDATE;
IF NOT FOUND THEN
RETURN 'Payer account not found';
END IF;
IF payer_bal < i_amount THEN
RETURN 'Not enough funds';
END IF;
UPDATE accounts
SET balance = balance + i_amount
WHERE owner = i_recipient;
IF NOT FOUND THEN
RETURN 'Recipient does not exist';
END IF;
UPDATE accounts
SET balance = balance - i_amount
WHERE owner = i_payer;
RETURN 'OK';
END;
$$ LANGUAGE plpgsql;Here are a few examples of the usage of this function, assuming that you haven't executed the previously proposed UPDATE statements yet:
postgres=# SELECT * FROM accounts;
owner | balance
-------+---------
Bob | 100
Mary | 200
(2 rows)
postgres=# SELECT transfer('Bob','Mary',14.00);
transfer
----------
OK
(1 row)
postgres=# SELECT * FROM accounts;
owner | balance
-------+---------
Mary | 214.00
Bob | 86.00
(2 rows)Your application will need to check the return code and decide how to handle these errors. As long as it is written to reject any unexpected value, you can extend this function to do more checking, such as the minimum transferrable amount, and you can be sure it will be prevented. The following three errors can be returned:
postgres=# SELECT * FROM transfer('Fred','Mary',14.00);
transfer
-------------------------
Payer account not found
(1 row)
postgres=# SELECT * FROM transfer('Bob','Fred',14.00);
transfer
--------------------------
Recipient does not exist
(1 row)
postgres=# SELECT * FROM transfer('Bob','Mary',500.00);
transfer
------------------
Not enough funds
(1 row)For these checks to always work, you will need to make all the transfer operations go through the function, rather than manually changing the values with SQL statements. One way to achieve this, is by revoking update privileges from users and from a user with higher privileges that define the transfer function with SECURITY DEFINER. This will allow the restricted users to run the function as if they have higher privileges similar to the function's creator.