Multivalued datatypes considered harmful

How dangerous can a data type be?

The Power of One Infographic

Increasingly developers are required to write applications that interact with database engines – typically Oracle, SQL Server, DB2, MySQL or Access. In many ways the database engine is pretty much immaterial; no matter what the flavour it’s still simply a matter of tables, columns, rows and a variety of data types; text, memo, BLOB, numeric, whatever. However if you work with Access, a completely new data type is on the horizon for 2007 – multi-valued. Unfortunately, this isn’t just-another-data-type; this is a whole different ball game and a dangerous one – more like rollerball than baseball.

As the name suggests, a multi-valued field is one in which you can place more than one value. So, imagine that you design a table to store information about, say, customers.


CustID FName LName Hobbies
1 Fred Smith Fishing, Rollerball, Hockey
2 Sally Jones Sailing
3 Brian Wilson Gliding, Sailing, Singing, Hockey

The hobbies column is a multi-valued field. In some ways this is very neat because we have created a many-to-many join (many different customers can have many different hobbies) using a single table. The alternative, and traditional way, is to use three tables.


CustID FName LName
1 Fred Smith
2 Sally Jones
3 Brian Wilson


HobbyID Hobbies
1 Fishing,
2 Rollerball
3 Hockey
4 Sailing
5 Gliding
6 Singing


CustID HobbyID
1 1
1 2
1 3
2 4
3 5
3 4
3 6
3 3

Clearly, the solution using three tables is more complex and less intuitive; so what is wrong with the multi-valued data type solution? Well, in his initial set of rules defining relational databases, Ted Codd (the originator of the relational model) forbad their use.

Rule 2, the guaranteed access rule.

Each and every datum (atomic value) in a relational data base is guaranteed to be logically accessible by resorting to a combination of table name, primary key value and column name.

If we use the table name (Customer), Primary key value (1) and column name (Hobbies) we don’t get a single atomic value (such as ‘Fishing’); we get multiple pieces of data (Fishing, Rollerball, Hockey).

Now this is a killer argument if you are a database freak like me (“If Ted Codd forbad it, I want no further truck with your multi-valued data types.”) but I quite understand that, if you are an application developer, the finer points of relational database theory often sound like just so much academic nonsense. If a new feature makes life easier, who cares if it happens to break some arbitrary rule written over 20 years ago?

Fair enough. So let’s look at an intensely practical reason why multi-valued fields are so bad. We query databases using SQL. The design of SQL is based entirely on the assumption that each column contains atomic values. If we run a normal SQL query against our single table solution:

WHERE Hobby = “Rollerball”

It will return zero rows; despite the fact that one of our customers plays rollerball, because there is no row with a field just containing “rollerball”.

If you want a challenge, try to construct the SQL necessary to find the names of the customers who both glide and sail. It is, of course, possible, but the solution is more complex than extracting the same information from the three table structure.

And if you are not convinced that we are plunging into deep water here, imagine that I store foreign key values (in the example shown, into a PRODUCT table) in a multi valued field:


OrderID ODate Products
1 1/1/07 1,5,5,5,5,5,67,434,434,5654
2 1/1/07 45,67,454,454,454,65556
3 2/1/07 2,454,5677

Seven Steps to Software Security

More from The Register

next story
That AMAZING Windows comeback: Wow – 0.5% growth in 2015
Whoooah, my face is going all floppy with the speed
Think Google Glass is creepy? Wait until it READS YOUR MIND
Startup penetrates the mind of Glassholes
Google policy wonk patronises Brits over EU search biz probe
Downgrading rivals? Whetstone: 'I just don't think it's really true'
Victim of Tor-hidden revenge smut site sues Tor Project developers
But EFF lawyer says deep-web team 'no more liable' than web server makers
Chrome Remote Desktop adds Linux to supported OS list
Drive Debian from the confines of a Chromebook
Google's lounge room invasion advances with Chromecast upgrade
Your tellie is about to mirror your Android
prev story


Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Eight steps to building an HP BladeSystem
Building your ideal BladeSystem infrastructure solution begins with eight simple steps, outlined in this whitepaper.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.
Build a Business Case: Developing Custom Apps
In this whitepaper learn how to maximize the value of custom applications by accelerating and simplifying their development.