OraForm:
Generically FORM'ing a multi-table query for the Oracle RDBMS
Rocqueforte O'Leary & Anthony Pollard
{r.oleary
| a.pollard}@st.nepean.uws.edu.au
Department of Computing
Faculty of Science and Technology
University of Western Sydney - Nepean
P.O. Box 10 Kingswood
New South Wales 2747
Australia
Phone +61 47 360 156 Fax: +61 47 360 770
Keywords: World Wide Web, WWW, Oracle, Database, RDBMS, User-Interface,
OraForm
Introduction
The
University of Western Sydney - Nepean [HREF 5] recently
coded a Job Tracking System using Oracle as the database, with the interfacing
between Oracle and the web client being done via C programs. At the completion of
the project, it became apparent that there was a significant amount of redundancy in
these programs, as each of them performed the same database tasks (insert, update,
delete and select) on different tables . What was needed was some sort of generic way
of manipulating these database tables. There have already been several methods
proposed for generic WWW front-ends to Oracle, the more notable ones being
GSQL & oraywww. However these were not suitable for our
installation, since oraywww needed the scripting language oraperl, and
GSQL did not provide the right level of sophistication. It was theorised that a
WWW- Oracle interface could be constructed with just two generic programs. The
first program, sql-build, would take the query string generated by the web
browser, turn it into an SQL statement and then pass this statement on to the second
program, sql-result. sql-result would be a modified version of Oracle
Corp.'s sample9.pc program, which is a C program that mimics Oracleís
standard query interpreter. sql-result would take the generated SQL
statement, executes it on the Oracle database, and returns the result to the WWW
client. With the success of sql-build and sql-result, a generic database
browsing system called OraForm was developed.
How OraForm Works
OraForm consists of 6 programs (oraform.html, oraform1.pc, oraform2.pc, cleaner.sh,
sql-build.c and sql-result.pc). Each of these programs are called sequentially, unless
one program terminates due to an error (in which case it reports the appropriate Oracle
error message to the web client). oraform1.pc, oraform2.pc and sql-result.pc are
written in C with embedded SQL, with the executable programs being compiled using
Oracle's Pro*C precompiler and a standard C compiler. sql-builder.c is written in
standard C, and oraform.html and cleaner.sh are a HTML file and a C shell script
respectively.
oraform.html
{figure 1}
oraform.html forms the entry point to the OraForm system. It
prompts the user to enter their Oracle username and password, and then calls the
first program, oraform1.
oraform1.pc
{figure 2}
oraform1 retrieves all the tables and views that the user has access to in
the Oracle
database , and presents these as a multicolumn select form to the web client. Once
the user has selected one or more tables, oraform2 is called.
oraform2
{figure 3}
oraform2 selects all the unique columns from the tables selected in
oraform1 and presents them to the web client as a fill-in form. Uniqueness
of a column is determined by its name, its datatype and precision. For example,
consider the two tables below:
_________________________________________
| EMP | DEPT |
|-------------------|-------------------|
| empno N(4) | deptno N(2) |
| ename C(10) | dname C(14) |
| job C(9) | loc C(13) |
| mgr N(4) | |
| hiredate date | |
| sal N(7,2) | |
| comm N(7,2) | |
| deptno N(2) | |
|-------------------|-------------------|
{table 1}
By comparing the columns in each table against each other, we can see that deptno
is not unique since it occurs in both tables with the same datatype and precision.
Therefore, oraform2 would present to the user only emp.empno,
emp.ename, emp.job, emp.mgr, emp.hiredate, emp.sal, emp.comm, emp.deptno,
dept.dname and dept.loc. When filling in the form, the user may select multiple data
values to retrieve, and may also use Oracle wildcards and equivalence operators.
For example, figure 3 shows a filled-in form for the tables from table 1, where the
user wishes to see all employee numbers (empno), employee names (ename) and the
department names (dname) for all employeeís who work in department 20, have an
employee number greater than 6000 and less than 8000, and who are either clerks
or analysts.
cleaner.sh
Once the filled-in form is submitted, the shell script cleaner.sh is called.
cleaner.sh translates escaped characters such as % and < to ASCII, and
then passes the edited query string to sql-build.c, the SQL statement
generator.
sql-build.c
The purpose of sql-build.c is to break the query string generated by the
web client into a meaningful SQL statement. At present, sql-build is coded
only to handle select type statements, but future developments will incorporate the
ability to handle insert, delete and update operations as well.
A SQL select statement is made up of three blocks, which I have called the "select",
"where" and "join" blocks. The "select" block selects the required display records
from the relevant tables, the "where" block applies the search conditions to the
statement, and the "join" block attempts to avoid Cartesian joins between tables by
matching the primary and foreign keys between tables. The "select", "where" and
"join" blocks for the query specified in figure 3 are shown in table 2 below:
_______________________________________________________
| SQL Statement | Block |
|------------------------------------------|----------|
| SELECT dept.dname, emp.empno, emp.ename | Select |
| from dept, emp | |
|------------------------------------------|----------|
| WHERE (dept.deptno = '20') AND | |
| (emp.empno > = '6000' OR | |
| emp.empno < = '8000') AND | Where |
| (emp.job = 'CLERK' OR | |
| emp.job = 'ANALYST') | |
|------------------------------------------|----------|
| AND (dept.deptno = emp.deptno) | Join |
|------------------------------------------|----------|
{table 2}
Once sql-build.c has generated the select statement, it calls sql-
result.pc, passing to it the userís Oracle username, password and the generated
select statement.
sql-result.pc
{figure 4}
sql-result.pc is Oracle's sample9.pc program, with the SQL statement
module modified to accept the username, password and SQL statement from
sql-build.pc rather than getting this information from the
keyboard. Providing that the search conditions were properly entered at
oraform2.pc, and the search conditions find matching records in the data
base, a screen like figure 4 will be produced. Should the search conditions not find
any matching data, the same screen will be displayed, with no records retrieved and
the message "0 records processed".
Further Work
OraForm currently works as specified, however there are significant
improvements to be made. These are:
OraForm can currently only build select statements. sql-result
has the facility for
handling insert, update, delete as well as select type statements, but sql-
build needs to be modified to generate these type of statements. Such work is
not of any great complexity and is currently being worked on.
The database query browser relies upon the user knowing what type of data
resides in the data base. This manifests itself in two ways. Firstly, the column
names displayed to the user are merely the table column names, and can be (at
best) rather bland and (at worst) cryptic. This can resolved either by using the data
dictionary table user_col_comments to record ìfullî column names (acceptable,
providing user_col_comments are not used for actual comments!), or by
setting up a table in the user's Oracle account called oraform_col_names, which
records the tablename, the column name and the "full" column name for each
table the user owns. A program to automate and maintain this would be highly
useful. Secondly, the user has to know what sort of data each column refers to and
what data is in that record. For example, when presented with the Job field in figure
3, the user has to know that valid options are either "CLERK", "ANALYST",
"MANAGER", "SALESMAN" or "PRESIDENT". It is proposed to solve this
dilemma by giving the user the option of selecting either the existing form (called a
"fastform") or using a more detailed form (called a "detailed form"), which would
retrieve all the fields from the database and display them as a multiple choice list
next to the field. A prototype detailed form is shown below in figure 5.
{figure 5}
At present, only the join between tables is user defined (the OR part of the
generated sql statement). Whilst this is adequate for single data values, it reduces
the flexibility of the system when the user is performing a task on multiple data
values. For example, say we wish to find name of all employees who have a
manager number greater than 7600 excluding all those employees with a manager
number of 7782. The form line for this would look like figure 6. The current
version of OraForm would equate this to "where emp.mgr > = '7600'
OR emp.mgr != '7782'", which would return 13 rows. What is required is a line that
includes the join condition at the end, as shown in figure 7, or by allowing the
user to explicitly state the join condition on the line itself, as shown in figure 8. By
allowing user control over the join between data values, OraForm would
equate this to "where emp.mgr > '7600' AND emp.mgr != '7782'", which would
return 10 rows. This requires a small amount of reworking of both oraform2 and
sql-build, and is currently being worked on.
{figure 6}
{figure 7}
{figure 8}
The security of OraForm needs to be tightened up. Currently, the Oracle
username and password can be viewed via looking at the ìshow locationî option
(see figure 9). We have attempt to get around this by using the ìpostî method on
forms, but this causes the programs to crash. As the ìpostî method has been used
successfully before, further investigation of this error is necessary.
{figure 9}
Conclusion
At the completion of the Job Tracking System project, it became apparent that a more
generic way of manipulating Oracle databases via the WWW was required. From this
requirement sprang the OraForm project. At the heart of the
OraForm system are two programs, sql-build.c and sql-result.pc.
sql-build is a C program that processes a WWW query string into a SQL
statement, and then calls sql-result. sql-result is a C program with embedded
SQL for processing the SQL statement and reporting its results to the WWW client.
Following the successful implementation of the two programs, a simple data browsing
utility called OraForm was created using a HTML file, a UNIX shell script
and two furthur embedded SQL C programs.
The paper has presented a number of further developments for OraForm, all
of which should be implemented by June 1995, when OraForm will be
released to the public domain.
Acknowledgments
We would like to thank the following people and organizations for their help and
advice during the duration of this project : Andrew ìAlfî Leahy, David Minard, Paul
English and Oracle Corp. (Australia).
Hypertext References
- HREF 1
- http://www.ncsa.uiuc.edu/SDG/People/jason/pub/gsql/ <- Home of GSQL
- HREF 2
- http://www.nofc.forrestrt.ca/oraywww/ <- Home of oraywww
- HREF 3
- http://www.st.nepean.uws.edu.au/users/rocky/oraform/ <- Home of OraForm
- HREF 4
- http://www.st.nepean.uws.edu.au/index.html <- Dept. Of Computing Web Server @ UWS Nepean
- HREF 5
- http://www.nepean.uws.edu.au/index.html <- UWS Nepean Web Server
Copyright
© Southern Cross
University, 1995. Permission is hereby granted to use this document for
personal use and in courses of instruction at educational institutions provided
that the article is used in full and this copyright statement is reproduced.
Permission is also given to mirror this document on WorldWideWeb servers. Any
other usage is expressly prohibited without the express permission of Southern
Cross University.
Return to the AusWeb95 Table of Contents
AusWeb95 The First Australian WorldWideWeb Conference 
