Motivations for Using a DBMS

We will now look at why we would want to use a modern database engine and take a quick look at its performance and advantages.

The Case Against Simple Files or Spreadsheets

We touched on a few of these briefly, but there are a number of reasons we do not want to "roll our own" database engine with a text (or binary) file and self-written functions or classes.

• Performance We are unlikely to have the ability to write code that will efficiently scan the files searching for data, insert or delete records, or otherwise manage amounts of data beyond a few hundred records.

• Security As we will see in Chapters 16," Securing Your Web Applications: Planning and Code Security," and 17, "Securing your Web Applications: Software and Hardware Security," we must always be paranoid about keeping our data safe. If we have our data sitting in a file on the local file system, we have little granularity in our ability to control who accesses it. We cannot grant some people only a subset of permissions (such as the ability to insert more data, but not the ability to delete it).

  Worse, if we are running a web site on a web server that supports virtual servers and runs them with the same user account (for example, it is not uncommon to see multiple sites running in the same instance of Apache's httpd server as the user nobody), your files are not protected from being accessed by malicious code in other virtual hosts.

• Integrity Most web sites can be accessed by many people at a time, meaning that we could have multiple requests to insert or delete data from our database at the same time. Without efforts being made to deal with concurrency, we could end up corrupting our data file.

• Access In the absence of a standardized way to access our data, we are likely to fall into the trap of writing code in our specialized library that is specific to our particular database. When we then try to take this code to our next web application project, we are likely to struggle with making it work.

Database Servers

By selecting a modern RDBMS, we are going to see solutions to all of these problems, including a few for which we might not have a need yet. Most database servers run as a background process (sometimes known as a service or daemon) on some server in your datacenter, perhaps even on the computer running your web server. You connect to the server by using a software library that knows how to make the connection, or via a client that will typically ship with the server software (though many people write more useful clients later). Figure 8-2 shows an example of this client-server interaction.

Performance

The performance of the RDBMSes ranges from very good to spectacular. Large Internet sites with billions of records and complicated data relationships are using these database systems, and they can transfer data to and from storage at staggering rates.

Security

All of the systems we will look at have robust systems for creating users and assigning to those users specific permissions for specific databases. Thus, some users might only have the ability to fetch data from a table, while others might have the ability to add or remove data, and some might even have the ability to create and destroy entire tables. Most systems will also let you specify from which hosts people may connect, further improving your security situation.

Integrity

The ability to handle multiple requests or connections from multiple clients is critical in a production environment where multiple web servers or different web applications are trying to access the same data concurrently. In addition, most web servers support the concept of transactions, which you can use to group entire sequences of operations on the data as a logically atomic action.

Access

All of the software we discuss in this book makes use of a standardized programming language for accessing the data in the databases. This language is called Structured Query Language (SQL, or "see-quel" for short); all of the servers support a common standard of the language known as ANSI SQL.

While there are wide variations in the full versions of the various SQL implementations, we are able to use most of our SQL code for our sample applications interchangeably between the different servers.

Analysis

By having all of our data in a powerful DBMS, we open new doors for data analysis. Many of these systems come with features, tools, and other means by which we can analyze our data to look for trends, anomalies, or problems.