【Teacher Zhao Qiang】 Use database trigger to implement complex security check

1. What is a trigger

A database trigger is a stored PL / SQL statement associated with a table. Whenever a specific data manipulation statement (insert update delete) is issued on the specified table, Oracle automatically executes the sequence of statements defined in the trigger.

The application scenarios of triggers are as follows:

  • Complex security checks
  • Confirmation of data
  • Database audit
  • Data backup and audit

Second, the syntax for creating Oracle triggers

CREATE [OR REPLACE] TRIGGER trigger_name
{BEFORE | AFTER }
{INSERT | DELETE | UPDATE [OF column [, column …]]}
[OR {INSERT | DELETE | UPDATE [OF column [, column …]]}...]
ON [schema.]table_name | [schema.]view_name
[REFERENCING {OLD [AS] old | NEW [AS] new| PARENT as parent}]
[FOR EACH ROW ]
[WHEN condition]
PL/SQL_BLOCK | CALL procedure_name;

among them:

  • BEFORE and AFTER indicate that the trigger timing of the trigger is the pre-trigger and post-trigger modes. The pre-trigger triggers the currently created trigger before executing the trigger event, and the post-trigger triggers the currently created trigger after executing the trigger event.
  • The FOR EACH ROW option indicates that the trigger is a row trigger.
  • The difference between row triggers and statement triggers is: row triggers require that when a DML statement takes away multiple rows of data in the database, for each of the data rows, as long as they meet the trigger constraints, they are activated once. The statement trigger takes the entire statement operation as the trigger event, and when it meets the constraints, the trigger is activated once.
  • When the FOR EACH ROW option is omitted, BEFORE and AFTER triggers are statement triggers, while INSTEAD OF triggers can only be row triggers
  • The REFERENCING clause describes related names. You can use related names in the PL / SQL block and WHEN clause of the row trigger to refer to the current new and old column values. The default related names are OLD and NEW, respectively. When applying related names in the PL / SQL block of the trigger, you must add a colon (:) before them, but you cannot add a colon in the WHEN clause.
  • The WHEN clause specifies the trigger constraint. When Condition is a logical expression, it must contain the relevant name, not the query statement, nor call the PL / SQL function. The trigger constraints specified in the WHEN clause can only be used in BEFORE and AFTER row triggers, not in INSTEAD OF row triggers and other types of triggers.
  • When a base table is modified (INSERT, UPDATE, DELETE), the stored procedure to be executed is automatically triggered according to the change of the base table to which it is attached, so it has nothing to do with the application, and database triggers can ensure data consistency And integrity.

Three, the type of Oracle trigger

  • Row-level trigger : execute once for each row affected by the DML statement. For example, an update statement updates 100 data. If we define a row-level trigger for update, the row-level trigger will be triggered 100 times.
  • Statement-level trigger : executed once for each DML statement, for example, an update statement updates 200 data. If we define a statement-level trigger for update, then the statement-level trigger will be triggered once.

Fourth, the use of database triggers to achieve complex security checks

/ * 
Implement complex security checks. It is 

forbidden to insert new employees during non-working hours. 
Weekend: to_char (sysdate, 'day') in ('Saturday', 'Sunday') 
before and after work: to_number (to_char (sysdate, 'hh24 ')) not between 9 and 18 
* / 
create  or  replace  trigger securityemp 
before insert 
on emp
 begin 
  if to_char (sysdate, ' day ' ) in ( ' Saturday ' , ' Sunday ' ) or 
     to_number (to_char (sysdate, ' hh24 ')) not  between  9  and  18 the then 
     - prohibit insert operation throws an exception 
     RAISE_APPLICATION_ERROR ( - 20001 , ' prohibit the insertion of new employees during non-working time ' );
   End  IF ;
 End ;
 /
  • In the above example, we prohibit the insertion of new employees during non-working hours, thereby implementing security checks when executing insert statements.

Guess you like

Origin www.cnblogs.com/collen7788/p/12735706.html