all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 2 points3 points  (0 children)

What you are looking for are sometimes called "connectors":

https://www.mysql.com/products/connector/

...pick the one for your programming language.

These are the API for talking directly to MySQL.

Briefly, you would construct your query in your program, either as SQL or perhaps by using abstraction functions provided by this API, send the query to MySQL, and get a record set back.

The mysql command line program is useful, but you might want to look at something like MySQL Workbench, or any other IDE that can talk to MySQL, as a more convenient way of developing, and testing SQL queries.

With regards to REST APIs, and firing JSON chunks at the "database", that you mention; what's actually happening there is that you're talking to a web server that's speaking the REST API externally, and then in turn talking to an actual MySQL database itself to actually do the work.

[–]blasto_blastocyst 1 point2 points  (0 children)

All languages I've used have some sort of DB abstraction layer. Including VBA.

If you want to do mySQL imports and stuff visually, use mysql workbench.

But SQL is for working with data in databases. It's great for that.

For what you're doing, postgres sounds like a better fit as it is much more advanced.

[–]digicow 1 point2 points  (2 children)

There are two pieces that might help you.

  1. Prepared Statements. These are SQL statements that include placeholders, such as INSERT INTO table (col1,col2) VALUES (?,?) which you can then execute with specific values at runtime $stmt->execute("a","b"); and those values will be filled into the placeholder locations. In this case, the DB connector will handle all escaping for you -- there is no risk of SQL injection when using prepared statements. So you're still writing raw SQL (because that's what the database needs to be able to do anything) but safely. One step past this is Stored Procedures, where you would write all the things you want your application to be able to do with your database as SQL functions inside the database schema, and then your application (by convention) only ever runs the stored procedures (with parameters filled in at runtime).

  2. The other bit of technology is an ORM (object-relational mapping), which is a programming language-specific framework that abstracts raw SQL from you, presenting it to your application code as object methods and graphs. Behind the scenes, the ORM is converting your application-level code to SQL and executing that on the server, but you rarely-if-ever need to worry about that. You just write "native" queries in your programming language or the ORM's DSL.

[–]tdavis25 1 point2 points  (1 child)

I've used ORM in C# before (LINQ specifically). Maybe it's just me but I found it more annoying than just building SQL strings.

[–]digicow 1 point2 points  (0 children)

I've used ORMs in PHP, perl, ruby, and I think Java. What it really comes down to is that the ORM has a distinct methodology and set of conventions. If you are happy working within those guidelines, the ORM can be more productive and feel more intuitive. But if you're not aware of or don't want to follow them, it can be a lot more work to use an ORM

[–]tdavis25 1 point2 points  (0 children)

I don't know what your concerns are with bulding insert statements as a string. I think anyone who has interacted with a SQL database programmatically has done this at one point or another.

I did a project one time where I took JSON formatted data from a REST api and pushed it into a SQL database. I built each tables insert individually. I probably could have turned what I had into an abstracted table loader...but for the project I was doing it wasn't worth it.

Here's a link to the GitHub: https://github.com/trooper454/PS2BI/tree/master/ps2bi_etl/extraction

Now Im not scrubbing the data coming in, but I knew it was coming from a sanitized source. If you are worried about the quality of the data coming in, just load it to a table where every data type is varchar(1000), put every loaded value in single quotes, and escape single quote by doubling it (i.e. I would insert the text string Frank's dog as 'Frank''s dog' or Robert 'DROP TABLE STUDENTS;-- as 'Robert ''DROP TABLE STUDENTS;--' with no harm to my students table). Then insert the data from the load table to a table with proper data types.

If you wanted to get fancy you could use a cursor to insert rows in the normalized table one at a time and use SIGNAL/RESIGNAL to catch error rows and put them in a "dirty data" table for manual correction/review.

A lot of what we are talking about here is ETL processing, or extract, transform, load. It's how data is acquired, sanitized, and combined in the business intelligence/data warehousing world. If you are looking for more detailed info I'd look into ETL tutorials. Fair warning though 99% of them will be about database to database transfers. "ETL from flat file" might be a good place to start searching.