Physical Database Design is the process of converting a logical data model into a physical schema that can be implemented on a specific DBMS. It deals with how data is actually stored, organized, and accessed on hardware.

• Selecting storage structures (heap, clustered, hash)
• Choosing file organizations for tables
• Defining indexes to speed up queries
• Partitioning large tables horizontally or vertically
• Choosing storage engine (InnoDB, MyISAM, etc.)
• Deciding on buffer pool / cache sizes

Consider a Students table with millions of rows. Physical design decisions:

Here, InnoDB stores rows in B+ tree order of student_id. The secondary index on dept speeds up queries like "find all CS students" without full table scan.

SQL commands are classified into sub-languages based on their purpose:

Used to define and modify database structure (schema). Changes are auto-committed.

• CREATE — create table/db/view/index
• ALTER — modify existing structure
• DROP — delete schema object
• TRUNCATE — remove all rows (no rollback)
• RENAME — rename an object

Used to insert, update, delete, and retrieve data. Can be rolled back.

• SELECT — query/read data
• INSERT — add new rows
• UPDATE — modify existing rows
• DELETE — remove rows

Used to control access permissions to database objects.

• GRANT — give privileges to a user
• REVOKE — take back privileges

Combine rows from two or more tables based on related columns.

A virtual table based on a SELECT query.

Perform calculations across rows related to current row without collapsing them.

A cursor is a database object that allows row-by-row processing of a result set. Used in stored procedures/PL-SQL.

Steps: DECLARE → OPEN → FETCH → CLOSE

Handle runtime errors gracefully using DECLARE ... HANDLER in MySQL.

In Oracle PL/SQL: EXCEPTION WHEN NO_DATA_FOUND THEN ...

A trigger is a stored procedure that automatically fires in response to an event (INSERT / UPDATE / DELETE) on a table.

A stored procedure is a precompiled set of SQL statements stored in the DB. Called explicitly; may or may not return a value.

Types of parameters: IN (input), OUT (output), INOUT (both).

A function always returns a single value. Can be used directly in SQL expressions.

Database tuning is the process of improving the performance of a database system by optimizing queries, schema, indexes, and server configuration.

• Use EXPLAIN to analyze query execution plan
• Avoid SELECT *; select only needed columns
• Avoid functions on indexed columns in WHERE clause
• Use joins instead of correlated subqueries

• Create indexes on frequently searched / filtered columns
• Use composite indexes for multi-column WHERE clauses
• Remove unused indexes (they slow down writes)
• Use covering indexes to avoid table lookups

• Choose appropriate data types (INT vs BIGINT, CHAR vs VARCHAR)
• Normalize to reduce redundancy; denormalize for read performance
• Partition large tables

• Increase innodb_buffer_pool_size (cache hot data)
• Tune query_cache_size
• Set optimal max_connections
• Enable slow query log to find bottlenecks

Reuse existing DB connections instead of creating new ones for each request. Reduces overhead significantly in high-traffic apps.

Clustering means physically storing related rows together on disk based on their key values. This minimizes disk I/O for range queries.

Types of clustering:

• Intra-file clustering — related rows of one table stored together
• Inter-file clustering — rows from multiple related tables stored together (joined data co-located)

Example: In InnoDB, the primary key is the clustered index. Rows are stored in B+ tree order of primary key. So queries like:

are fast because those rows are contiguous on disk.

An index is a separate data structure (usually B+ tree or hash) that speeds up data retrieval.

• Dense Index: One index entry per data record
• Sparse Index: One entry per block (only for sorted files)

Database Security refers to protecting the database from unauthorized access, corruption, or theft.

Controls who can access what data. Two types:

• DAC (Discretionary Access Control) — object owner grants permissions (SQL GRANT/REVOKE)
• MAC (Mandatory Access Control) — system-defined labels (Top Secret, Confidential, etc.)
• RBAC (Role-Based Access Control) — permissions assigned to roles, roles to users

Verify identity of users. Methods: username/password, SSL certificates, Kerberos, LDAP, two-factor auth.

• Data-at-rest encryption — encrypt stored files (InnoDB tablespace encryption)
• Data-in-transit encryption — SSL/TLS for DB connections
• Column-level encryption — AES_ENCRYPT() for sensitive fields like passwords

Track who did what and when. Enable MySQL general log / audit plugin. Store in AuditLog table.

• Use prepared statements / parameterized queries
• Validate and sanitize all user inputs
• Principle of least privilege (don't use root account in app)

Regular backups (full, incremental) protect against data loss. Use point-in-time recovery with binary logs.

Denormalization is the intentional introduction of redundancy into a database schema to improve read performance. It's the reverse of normalization.

Fully normalized databases require many JOINs for queries, which are expensive for large datasets. Denormalization trades write efficiency for read speed.

• Storing derived data — store computed column (e.g., total_price = qty × unit_price)
• Pre-joining tables — merge frequently joined tables into one
• Duplicating columns — copy dept_name from Dept into Emp to avoid join
• Materialized views — persist result of complex query
• Partitioning / Summary tables — store aggregated data separately

Normalized: Orders(order_id, cust_id) + Customers(cust_id, cust_name, city)

Denormalized: Orders(order_id, cust_id, cust_name, city) — city & name stored in Orders to avoid JOIN.