MySQL interview questions accumulation

MySQL

1. What is a transaction and how does MySQL support transactions?

A transaction is a batch of sql statements, but this batch is an atom, indivisible, either executed or rolled back (rollback) is not executed.
The four specific characteristics of transactions, which are often referred to as ACID:
1. Atomicity (all operations are either all successful, or all fail to roll back)
2. Consistency (the transaction must be in a consistent state before and after execution.)
3 .Isolation (transactions initiated by the database for each user cannot be disturbed by the operation of other transactions, and multiple concurrent transactions must be isolated from each other)
4. Durability (once a transaction is committed, then the data in the database The change is permanent.
Even if you encounter a failure , you can still restore the last update through the log. In MySQL, only the database or table using the Innodb database engine supports transactions.
MYSQL transaction processing has two main methods:
1. Use BEGIN, ROLLBACK, COMMIT to achieve BEGIN start a transaction ROLLBACK transaction rollback COMMIT transaction confirmation
2, directly use SET to change the automatic commit mode of MySQL: SET AUTOCOMMIT = 0 prohibit automatic submission SET AUTOCOMMIT = 1 turn on automatic submission

2. Types of database indexes?

   The index is a special file (the index on the InnoDB data table is an integral part of the table space). More generally, the database index is like a directory in front of a book, which can speed up the query speed of the database.
   The type of MySQL index:

   1. Ordinary index: This is the most basic index. It has no restrictions
      . 2. Unique index: The value of the index column must be unique, but null values ​​are allowed. If it is a combined index, the combination of column values ​​must be unique
      　　 . 3. Full text index: Full text Indexes can only be used for MyISAM tables, which can be created from CHAR, VARCHAR, or TEXT columns as part of the CREATE TABLE statement, or subsequently added using ALTER TABLE or CREATE INDEX (remember that for large-volume data tables, generating a full-text index is a Very time-consuming and very hard disk space)
   2. Single-column index, multi-column index: Multiple single-column indexes have different query effects from a single multi-column index, because when executing a query, MySQL can only use one index, and it will choose the most restrictive index from multiple indexes.
      5. Combined index (leftmost prefix): A simple understanding is to only start combining from the leftmost side (a way to further squeeze index efficiency on the basis of a single-column index)

3. Which engine is Mysql and what are the differences between the engines?

   There are two main engines, MyISAM and InnoDB, the main differences are as follows:
   InnoDB supports transactions, but MyISAM does not, which is very important. Transaction is an advanced processing method, such as in some series of additions and deletions, as long as any error can be rolled back and restored, but MyISAM is not possible;
   MyISAM is suitable for query and insertion-based applications, InnoDB is suitable for frequent modification and security
   High- performance applications; InnoDB supports foreign keys, MyISAM does not support;
   MyISAM is the default engine, InnoDB needs to be specified;
   InnoDB does not support FULLTEXT type indexes;
   InnoDB does not save the number of table rows, such as select count () from table, InnoDB; need to scan the entire table to calculate how many rows, but MyISAM simply read the number of saved rows. Note that when the count () statement contains the where condition, MyISAM also needs to scan the entire table;
   for self-growing fields, InnoDB must contain only the index of the field, but in the MyISAM table, you can establish a joint index with other fields; When emptying the entire table, InnoDB deletes line by line, which is very slow. MyISAM will rebuild the table;
   InnoDB supports row locks (in some cases, the entire table is locked, such as update table set a = 1 where user like '% lee%'

4. How is Sql injection generated and how to prevent it?

   During program development, care was not taken to standardize the writing of SQL statements and filtering of special characters, so that the client can
   submit some SQL statements through the global variables POST and GET to execute normally. Generate Sql injection. The following are the prevention methods:
   a. Filter out some common database operation keywords, or filter through system functions.
   b. Set Register_globals = off; in the PHP configuration file to off.
   c. Try not to omit small quotes (the one above the tab key) and single quotes when writing SQL statements.
   d. Improve database naming skills. For some important fields, Name the features of the program, take the hard-to-guess
   e. Encapsulate common methods to avoid directly
   exposing SQL statements f. Turn on PHP safe mode: Safe_mode = on;
   g. Turn on magic_quotes_gpc to prevent SQL injection
   h. Control error messages : Close the error message and write the error message to the system log.
   i. Use mysqli or pdo preprocessing.

5. Three paradigms of database?

   What is a paradigm: In short, the database design has a great relationship with the storage performance of the data and the developer's operation of the data. Therefore, the establishment of a scientific, standardized database needs to meet some specifications to optimize the data storage method. In a relational database, these specifications can be called a paradigm.
   What are the three major paradigms:
   First normal form: When all the attributes of the relational model R cannot be decomposed into more basic data units, it is said that R satisfies the first normal form, which is abbreviated as 1NF. Satisfying the first paradigm is the minimum requirement for the normalization of the relationship model, otherwise, there will be many basic operations that cannot be realized in such a relationship model.
   Second normal form: If the relationship mode R satisfies the first normal form and all non-principal attributes of R completely depend on each candidate key attribute of R, it is said that R satisfies the second normal form and is abbreviated as 2NF.
   Third normal form: Let R be a relational mode that satisfies the conditions of the first normal form, X is any set of attributes of R. If X is not transitively dependent on any candidate keyword of R, it is said that R satisfies the third normal form, abbreviated as 3NF .
   Note: the relationship is essentially a two-dimensional table, where each row is a tuple, and each column is a property

6. mysql the following queries will not use the index

   between, like "c%" , not in, not exists, !=, <, <=, =, >, >=,in

7. The difference between varchar and char in mysql and the meaning of 50 in varchar (50)

   varchar与char的区别char是一种固定长度的类型，varchar则是一种可变长度的类型 
   尽可能的使用 varchar 代替 char ，因为首先变长字段存储空间小，可以节省存储空间，	
   其次对于查询来说，在一个相对较小的字段内搜索效率显然要高些。
   
   varchar(50)代表的含义：
   varchar(50)中50的涵义最多存放50个字符，varchar(50)和(200)存储hello所占空间一样，但后者在排序时会消耗更多内存，
   因为order by col采用fixed_length计算col长度(memory引擎也一样) 
   

8. Describe the principle of mysql semi-synchronous replication

   mysql的主备库通过binlog日志保持一致，主库本地执行完事务，binlog日志落盘后即返回给用户；备库通过拉取主库binlog日志来同步主库的操作。默认情况下，主库与备库并没有严格的同步，因此存在一定的概率备库与主库的数据是不对等的。半同步特性的出现，就是为了保证在任何时刻主备数据一致的问题。相对于异步复制，半同步复制要求执行的每一个事务，都要求至少有一个备库成功接收后，才返回给用户。实现原理也很简单，主库本地执行完毕后，等待备库的响应消息(包含最新备库接收到的binlog(file,pos))，接收到备库响应消息后，再返回给用户，这样一个事务才算真正完成。在主库实例上，有一个专门的线程(ack_receiver)接收备库的响应消息，并以通知机制告知主库备库已经接收的日志，可以继续执行。
   

9. Please briefly describe the attack principle of SQL injection and how to prevent SQL injection at the code level?

   所谓SQL注入，就是通过把SQL命令插入到Web表单提交或输入域名或页面请求的查询字符串，最终达到欺骗服务器执行恶意的SQL命令。具体来说，它是利用现有应用程序，将（恶意）的SQL命令注入到后台数据库引擎执行的能力，它可以通过在Web表单中输入（恶意）SQL语句得到一个存在安全漏洞的网站上的数据库，而不是按照设计者意图去执行SQL语句。[1] 比如先前的很多影视网站泄露VIP会员密码大多就是通过WEB表单递交查询字符暴出的，这类表单特别容易受到SQL注入式攻击．
   
   根据相关技术原理，SQL注入可以分为平台层注入和代码层注入。前者由不安全的数据库配置或数据库平台的漏洞所致；后者主要是由于程序员对输入未进行细致地过滤，从而执行了非法的数据查询。基于此，SQL注入的产生原因通常表现在以下几方面：
   ①不当的类型处理；
   ②不安全的数据库配置；
   ③不合理的查询集处理；
   ④不当的错误处理；
   ⑤转义字符处理不合适；
   ⑥多个提交处理不当。
   
   预防措施：
   
   1.永远不要信任用户的输入。对用户的输入进行校验，可以通过正则表达式，或限制长度；对单引号和
   双"-"进行转换等。
   2.永远不要使用动态拼装sql，可以使用参数化的sql或者直接使用存储过程进行数据查询存取。
   3.永远不要使用管理员权限的数据库连接，为每个应用使用单独的权限有限的数据库连接。
   4.不要把机密信息直接存放，加密或者hash掉密码和敏感的信息。
   5.应用的异常信息应该给出尽可能少的提示，最好使用自定义的错误信息对原始错误信息进行包装
   6.sql注入的检测方法一般采取辅助软件或网站平台来检测，软件一般采用sql注入检测工具jsky，网站平台就有亿思网站安全平台检测工具。MDCSOFT SCAN等。采用MDCSOFT-IPS可以有效的防御SQL注入，XSS攻击等
   

10. Briefly describe the difference between leftjoin and rightjoin?

    left join:外链接之左连接：优先显示左表全部记录
    					#以左表为准，即找出所有员工信息，当然包括没有部门的员工
    					#本质就是：在内连接的基础上增加左边有右边没有的结果
    right join:外链接之右连接：优先显示右表全部记录
              #以右表为准，即找出所有部门信息，包括没有员工的部门
              #本质就是：在内连接的基础上增加右边有左边没有的结果
    

11. What is MySQL slow log?

    慢日志查询的主要功能就是，记录sql语句中超过设定的时间阈值的查询语句。例如，一条查询sql语句，我们设置的阈值为1s，当这条查询语句的执行时间超过了1s，则将被写入到慢查询配置的日志中.
    慢查询主要是为了我们做sql语句的优化功能.
    
    配置项说明：
    	登陆mysql服务：
    	> show variables like '%query%';
    	关注三个配置项即可。
      1.slow_query_log
      该配置项是决定是否开启慢日志查询功能，配置的值有ON或者OFF.
      2.slow_query_log_file
      该配置项是慢日志查询的记录文件,需要手动创建.
      3.long_query_time
      该配置项是设置慢日志查询的时间阈值，当超过这个阈值时，慢日志才会被记录.配置的值有0(任何的sql语句都记录下来)，或者>0(具体的阈值).该配置项是以秒为单位的，并且可以设置为小数.
      4.log-queries-not-using-indexes
      该配置项是为了记录未使用到索引的sql语句.
    

12. How to create an index in mysql?

    建表时创建
    CREATE TABLE 表名(
    字段名 数据类型 [完整性约束条件],
           ……，
    [UNIQUE | FULLTEXT | SPATIAL] INDEX | KEY
    [索引名](字段名1 [(长度)] [ASC | DESC]) [USING 索引方法]
    );
    说明:
    UNIQUE:可选。表示索引为唯一性索引。
    FULLTEXT:可选。表示索引为全文索引。
    SPATIAL:可选。表示索引为空间索引。
    INDEX和KEY:用于指定字段为索引，两者选择其中之一就可以了，作用是    一样的。
    索引名:可选。给创建的索引取一个新名称。
    字段名1:指定索引对应的字段的名称，该字段必须是前面定义好的字段。
    长度:可选。指索引的长度，必须是字符串类型才可以使用。
    ASC:可选。表示升序排列。
    DESC:可选。表示降序排列。
    注:索引方法默认使用BTREE。
    

13. Dirty read, non-repeatable read, phantom read of database

    • Dirty Reads: A transaction is modifying a record. Before the transaction is completed and committed, the data of this record is in an inconsistent state; at this time, another transaction also reads the same record. Adding control, the second transaction reads these "dirty" data, and according to this for further processing, it will produce uncommitted data dependencies. This phenomenon is called "dirty reading".
    • Non-Repeatable Reads: A transaction reads the previously read data at some time after reading some data, but finds that the data it has read has changed, or some records have been Was deleted! This phenomenon is called "non-repeatable reading".
    • Phantom Reads (Phantom Reads): A transaction re-reads the previously retrieved data according to the same query conditions, but finds that other transactions have inserted new data that meets its query conditions. This phenomenon is called "phantom reads."

    Transaction isolation level

    The stricter the transaction isolation of the database, the smaller the side effects of concurrency, but the greater the cost, because transaction isolation is essentially to make transactions "serialized" to a certain extent, which is obviously contradictory to "concurrency". At the same time, different applications have different requirements for read consistency and transaction isolation. For example, many applications are not sensitive to "non-repeatable reads" and "phantom reads" and may be more concerned about the ability to concurrently access data.

    Four isolation levels of transactions

    Read data consistency and isolation level of concurrent side effects allowed	Read data consistency	Dirty reading	Non-repeatable	Phantom reading
    Read uncommitted	The lowest level can only guarantee not to read physically damaged data	Yes	Yes	Yes
    Read committed	Statement level	no	Yes	Yes
    Repeatable read (Repeatable read)	Transaction level	no	no	Yes
    Serializable (Serializable)	Highest level, transaction level	no	no	no

14. Turn on slow logging

    1 Execute SHOW VARIABLES LIKE "% slow%" to know whether mysql is enabled slow query slow_query_log slow query on OFF OFF not enabled ON is to enable slow_query_log_file slow query log storage location (this directory requires write permission for the MySQL running account, general settings For MySQL data storage directory)
    2 Modify the configuration file (put under [mysqld]), restart long_query_time query how many seconds to record
    3 test is successful
    4 slow query log file information format

    SQL statement optimization

    1. Optimization of statements
       ① In the program, ensure that the number of accesses to the database is minimized based on the realization of the function;
       through the search parameters, the number of rows accessed to the table is minimized, and the result set is minimized, thereby reducing the network burden;
       ② can Separate operations should be handled separately to improve the response speed of each time; when using SQL in the data window, try to put the index used in the first column of selection; the structure of the algorithm is as simple as possible;
       ③ Do not use wildcards too much when querying Such as SELECT * FROM T1 statement, if you want to use several columns, select a few columns such as:
       SELECT COL1, COL2 FROM T1;
       ④ Try to limit the number of rows in the result set as much as possible: SELECT TOP 300 COL1, COL2, COL3 FROM T1 , Because in some cases users do not need so much data.
       ⑤ Don't use database cursors in your application. Cursors are very useful tools, but require more overhead than using regular, set-oriented SQL statements; search for data in a specific order.
    2. Avoid using incompatible data types
       such as float and int, char and varchar, binary and varbinary are incompatible.
       Incompatible data types may prevent the optimizer from performing some optimization operations that could have been done.
       For example:
       SELECT name FROM employee WHERE salary> 60000
       In this statement, if the salary field is money type, it is difficult for the optimizer to optimize it, because 60000 is an integer number. We should convert integers into numismatics during programming, rather than waiting for runtime conversions. If the conversion is forced during the query, the query speed will be significantly slowed down.
    3. Avoid performing function or expression operations on fields in the WHERE clause.
       If you perform a function or expression operation, it will cause the engine to give up using the index and perform a full table scan.
    4. Avoid using! = Or <>, IS NULL or IS NOT NULL, IN, NOT IN and other operators
    5. Use numeric fields whenever possible
    6. Use EXISTS and NOT EXISTS clauses reasonably.
    7. Try to avoid using non-leading letters in the indexed character data.
    8. Connection conditions
    9. Eliminate sequential access to row data in large tables
    10. Avoid difficult regular expressions
    11. Use views to speed up queries
    12. Do n’t use IN if you can use BETWEEN
    13. DISTINCT does not need GROUP BY
    14. Partial use index
    15. Don't use UNION if you can use UNION ALL
    16. Don't write queries that do nothing
    17. Try not to use the SELECT INTO statement
    18. Force the query optimizer to use an index if necessary
    19. Although the writing of UPDATE and DELETE statements is basically fixed, we still give some suggestions for UPDATE statements:
        a) Try not to modify the primary key field.
        b) When modifying a VARCHAR type field, try to use the value of the same length instead.
        c) Minimize the UPDATE operation on the table containing the UPDATE trigger.
        d) Avoid UPDATE columns that will be copied to other databases.
        e) Avoid UPDATE columns with many indexes.
        f) Avoid UPDATE columns in WHERE clause conditions.