In [36]:
import psycopg2

import json

import sqlalchemy as sa
from sqlalchemy.orm import sessionmaker, declarative_base, relationship, contains_eager, lazyload, selectinload, load_only

In [53]:
Base = declarative_base()
engine = sa.create_engine('postgresql://postgres:123@localhost:5432/netology_db', echo=True)
Session = sessionmaker(bind=engine)

In [54]:
class Publisher(Base):
    __tablename__ = 'publisher'

    id = sa.Column(sa.Integer, primary_key=True)
    name = sa.Column(sa.String(128), nullable=False)


class Book(Base):
    __tablename__ = 'book'

    id = sa.Column(sa.Integer, primary_key=True)
    title = sa.Column(sa.String(128), nullable=False)
    id_publisher = sa.Column(sa.Integer, sa.ForeignKey('publisher.id'), nullable=False)

    publisher = relationship(Publisher, backref='books')


class Shop(Base):
    __tablename__ = 'shop'

    id = sa.Column(sa.Integer, primary_key=True)
    name = sa.Column(sa.String(128), nullable=False)


class Stock(Base):
    __tablename__ = 'stock'

    id = sa.Column(sa.Integer, primary_key=True)
    id_book = sa.Column(sa.Integer, sa.ForeignKey('book.id'), nullable=False)
    id_shop = sa.Column(sa.Integer, sa.ForeignKey('shop.id'), nullable=False)
    count = sa.Column(sa.Integer, nullable=False)

    book = relationship(Book, backref='stocks')
    shop = relationship(Shop, backref='stocks')


class Sale(Base):
    __tablename__ = 'sale'

    id = sa.Column(sa.Integer, primary_key=True)
    price = sa.Column(sa.Numeric(10, 2), nullable=False)
    date_sale = sa.Column(sa.DateTime, nullable=False)
    id_stock = sa.Column(sa.Integer, sa.ForeignKey('stock.id'))
    count = sa.Column(sa.Integer, nullable=False)

    stock = relationship(Stock, backref='sales')

In [55]:
session = Session()

In [122]:
con_config = dict(host='localhost', dbname='netology_db', user='postgres', password='123')

In [134]:
con = psycopg2.connect(**con_config)

**Сергей**  
<br>
Объяснить почему f-строки `(cursor.execute(f'<SQL query with {var}>'))`  позволяют sql-injection, в отличие от классических (`cursor.execute('''<SQL query with %s>''', (var1, var2))`

```sql
create table transactions (
	id serial primary key,
	user_id int not null,
	value numeric(10, 2) not null,
	comment varchar(255)
)
```

In [163]:
comment = '\'); insert into transactions (user_id, value) values(3, 1000000) --'

In [168]:
with con.cursor() as cur:
    cur.executemany('insert into transactions (user_id, value, comment) values (%s, %s, %s)', [
        (1, 100, comment),
        (5, 500, comment),
        (7, 700, comment),
    ])
    con.commit()

In [166]:
f'insert into transactions (user_id, value, comment) values ({2}, {200}, \'{comment}\')'

"insert into transactions (user_id, value, comment) values (2, 200, ''); insert into transactions (user_id, value) values(3, 1000000) --')"

In [169]:
comment = 'hello, world'

In [170]:
with con.cursor() as cur:
    cur.execute(f'insert into transactions (user_id, value, comment) values ({2}, {200}, {comment})')
    con.commit()

UndefinedColumn: column "hello" does not exist
LINE 1: ...actions (user_id, value, comment) values (2, 200, hello, wor...
                                                             ^


In [171]:
f'insert into transactions (user_id, value, comment) values ({2}, {200}, {comment})'

'insert into transactions (user_id, value, comment) values (2, 200, hello, world)'

In [164]:
con.rollback()

In [None]:
with con.cursor() as cur:
    try:
        con.commit()

    except Exception as e:
        con.rollback()

In [175]:
var = 'xxx'
print(f'{repr(var)}')

'xxx'


In [186]:
con.autocommit = False
with con.cursor() as cur:
    cur.execute('create table xxx (id serial primary key)')

In [187]:
con.commit()

In [185]:
con.rollback()

**Михаил Борисов**  
<br>
настройки postgres в ubuntu:  
команда psql -U postgres  
у меня работает только при указании хоста -h localhost,  
выдаёт ошибку типа: psql: ошибка: подключиться к серверу через сокет ""/var/run/postgresql/.s.PGSQL.5432"" не удалось: ВАЖНО:  пользователь ""postgres"" не прошёл проверку подлинности (Peer)  
с чем это может быть связано и как можно это прописать в конфиге?

In [None]:
# https://dba.stackexchange.com/a/204089
# https://stackoverflow.com/a/18664239

**Михаил Борисов**  
<br>
psycopg2 - почему мы не можем управлять базой методами DDL находясь в контекстном менеджере with.
Будет ошибка типа: psycopg2.errors.ActiveSqlTransaction: ОШИБКА:  DROP DATABASE не может выполняться внутри блока транзакции
приходится самостоятельно создавать подключение и курсор с поcледующим закрытием сессии

In [None]:
# https://www.psycopg.org/docs/usage.html#transactions-control
# https://www.postgresql.org/docs/7.3/sql-createdatabase.html

In [None]:
with psycopg2.connect(**db_config) as con:
    # ...

**Михаил Борисов**	 
<br>

psycopg2 - как можно реализовать и можно ли вообще создание базы, с динамическим названием, например

```
base_name = input()
cur.execute(""""""CREATE DATABASE %s;"""""", (base_name,))
```
так не получится, потому что переменная будет вставляться с кавычками, есть ли варианты?

In [None]:
# https://www.psycopg.org/docs/sql.html

In [92]:
from psycopg2 import sql

In [193]:
tbl_name = 'my_table_2 (id serial primary key); drop table my_table --'

In [194]:
q = sql.SQL('create table {name} (id serial primary key)').format(name=sql.Identifier(tbl_name))

In [195]:
print(q)

Composed([SQL('create table '), Identifier('my_table_2 (id serial primary key); drop table my_table --'), SQL(' (id serial primary key)')])


In [196]:
with con.cursor() as cur:
    cur.execute(q)
    con.commit()

**Мария**  
<br>
Объясните пожалуйста как делается задание из "Домашнее задание к лекции «Python и БД. ORM" https://github.com/netology-code/py-homeworks-db/tree/SQLPY-76/06-orm

## Задание 2

Используя SQLAlchemy, составить запрос выборки магазинов, продающих целевого издателя.

Напишите Python-скрипт, который:

- подключается к БД любого типа на ваш выбор, например, к PostgreSQL;
- импортирует необходимые модели данных;
- принимает имя или идентификатор издателя (publisher), например, через `input()`. Выводит построчно факты покупки книг этого издателя:

```
название книги | название магазина, в котором была куплена эта книга | стоимость покупки | дата покупки
```

Пример (было введено имя автора — `Пушкин`):

```
Капитанская дочка | Буквоед     | 600 | 09-11-2022
Руслан и Людмила  | Буквоед     | 500 | 08-11-2022
Капитанская дочка | Лабиринт    | 580 | 05-11-2022
Евгений Онегин    | Книжный дом | 490 | 02-11-2022
Капитанская дочка | Буквоед     | 600 | 26-10-2022
```

```sql
    SELECT 
        b.title, s.name, sa.price, sa.date_sale
    FROM book b 
        JOIN publisher p ON p.id = b.id_publisher
        JOIN stock st ON st.id_book = b.id
        JOIN shop s ON s.id = st.id_shop
        JOIN sale sa ON sa.id_stock = st.id
        WHERE 
            p.name = :pub_name
```

In [238]:
pub_name = 'O’Reilly'

In [239]:
results = session.query(Book) \
    .with_entities(Book.title, Shop.name, Sale.price, Sale.date_sale) \
        .join(Publisher, Publisher.id == Book.id_publisher) \
        .join(Stock, Stock.id_book == Book.id) \
        .join(Shop, Shop.id == Stock.id_shop) \
        .join(Sale, Sale.id_stock == Stock.id) \
        .filter(Publisher.name == pub_name).all()

2024-03-12 21:39:08,994 INFO sqlalchemy.engine.Engine SELECT book.title AS book_title, shop.name AS shop_name, sale.price AS sale_price, sale.date_sale AS sale_date_sale 
FROM book JOIN publisher ON publisher.id = book.id_publisher JOIN stock ON stock.id_book = book.id JOIN shop ON shop.id = stock.id_shop JOIN sale ON sale.id_stock = stock.id 
WHERE publisher.name = %(name_1)s
2024-03-12 21:39:08,995 INFO sqlalchemy.engine.Engine [generated in 0.00108s] {'name_1': 'O’Reilly'}


In [242]:
results = session.query(Book.title, Shop.name, Sale.price, Sale.date_sale) \
    .join(Publisher, Publisher.id == Book.id_publisher) \
    .join(Stock, Stock.id_book == Book.id) \
    .join(Shop, Shop.id == Stock.id_shop) \
    .join(Sale, Sale.id_stock == Stock.id) \
    .filter(Publisher.name == pub_name).all()

2024-03-12 21:40:52,810 INFO sqlalchemy.engine.Engine SELECT book.title AS book_title, shop.name AS shop_name, sale.price AS sale_price, sale.date_sale AS sale_date_sale 
FROM book JOIN publisher ON publisher.id = book.id_publisher JOIN stock ON stock.id_book = book.id JOIN shop ON shop.id = stock.id_shop JOIN sale ON sale.id_stock = stock.id 
WHERE publisher.name = %(name_1)s
2024-03-12 21:40:52,811 INFO sqlalchemy.engine.Engine [cached since 103.8s ago] {'name_1': 'O’Reilly'}


In [244]:
q = sa.select(Book.title, Shop.name, Sale.price, Sale.date_sale) \
        .select_from(Book) \
        .join(Publisher, Publisher.id == Book.id_publisher) \
        .join(Stock, Stock.id_book == Book.id) \
        .join(Shop, Shop.id == Stock.id_shop) \
        .join(Sale, Sale.id_stock == Stock.id) \
            .where(Publisher.name == pub_name)

In [246]:
results = session.execute(q).all()

2024-03-12 21:43:18,234 INFO sqlalchemy.engine.Engine SELECT book.title, shop.name, sale.price, sale.date_sale 
FROM book JOIN publisher ON publisher.id = book.id_publisher JOIN stock ON stock.id_book = book.id JOIN shop ON shop.id = stock.id_shop JOIN sale ON sale.id_stock = stock.id 
WHERE publisher.name = %(name_1)s
2024-03-12 21:43:18,237 INFO sqlalchemy.engine.Engine [generated in 0.00311s] {'name_1': 'O’Reilly'}


In [247]:
for r in results:
    print(r)

('Programming Python, 4th Edition', 'Labirint', Decimal('50.05'), datetime.datetime(2018, 10, 25, 9, 45, 24, 552000))
('Natural Language Processing with Python', 'Labirint', Decimal('50.05'), datetime.datetime(2018, 10, 25, 9, 51, 4, 113000))
('Programming Python, 4th Edition', 'Amazon', Decimal('16.00'), datetime.datetime(2018, 10, 25, 10, 59, 56, 230000))


**Михаил Борисов**	
<br>

"Python и БД. ORM 
расшифруйте пожалуйста этот блок кода
```
for record in data:
    model = {
        'publisher': Publisher,
        'shop': Shop,
        'book': Book,
        'stock': Stock,
        'sale': Sale,
    }[record.get('model')]
    session.add(model(id=record.get('pk'), **record.get('fields')))
```"

In [41]:
with open('data.json', 'rt') as f:
    data = json.load(f)

In [214]:
model_mapping = {
    'publisher': Publisher,
    'shop': Shop,
    'book': Book,
    'stock': Stock,
    'sale': Sale,
}

In [204]:
p = Publisher 
p1 = p

In [205]:
p1()

<__main__.Publisher at 0x1188c9050>

In [203]:
Publisher()

<__main__.Publisher at 0x10c82ce50>

In [207]:
b = model_mapping['book']

In [213]:
b_obj = b(title='hello', id_publisher=3)
b_obj.__dict__

{'_sa_instance_state': <sqlalchemy.orm.state.InstanceState at 0x1187ccb90>,
 'title': 'hello',
 'id_publisher': 3}

In [227]:
def f(x, y=3, z='hello'):
    print(x, y, z)

In [218]:
f(x=5, y=3, z='hello')

5 3 hello


In [219]:
d = {
    'x': 5,
    'y': 3,
    'z': 'hello'
}

In [221]:
f(**d) # == f(x=5, y=3, z='hello')

5 3 hello


In [222]:
f(**dict(x=5, y=3, z='hello'))

5 3 hello


In [223]:
dict(x=5, y=3, z='hello')

{'x': 5, 'y': 3, 'z': 'hello'}

In [228]:
f(*[5], **{'z': 'good bye'}) # == f(5, z='good bye')

5 3 good bye


In [229]:
f(*[5], **{'z': 'hello'})

5 3 hello


In [232]:
def f2(a, b, *args, w=-1, **kwargs):
    print(a, b, w, args, kwargs)

In [234]:
f2(1, 2, 3, 4, z=10, x=100, w='hello')

1 2 hello (3, 4) {'z': 10, 'x': 100}


In [235]:
def f3(a, b, w=-1, *args, **kwargs):
    print(a, b, w, args, kwargs)

In [236]:
f3(1, 2, 3, 4, z=10, x=100, w='hello')

TypeError: f3() got multiple values for argument 'w'

In [216]:
for record in data:
    m = model_mapping[record.get('model')]
    session.add(
        m(
            id=record.get('pk'), 
            **record.get('fields') # price="50.05", date_sale="2018-10-25T09:45:24.552Z", count=16, id_stock=1 #name='O\u2019Reilly'
        )
    )

TypeError: 'name' is an invalid keyword argument for print()