### SQL Demo
Adapted from: https://docs.python.org/3/library/sqlite3.html

In [4]:
import sqlite3

conn = sqlite3.connect('example.db')

In [5]:
c = conn.cursor()

# We want to start clean. Delete table if exists.
c.execute('DROP TABLE IF EXISTS stocks')

# Create table
c.execute('CREATE TABLE stocks (date text, trans text, symbol text, qty real, price real)')

# Insert a row of data
c.execute("INSERT INTO stocks VALUES ('2006-01-05', 'BUY', 'RHAT', 100, 35.14)")

# Save (commit) the changes
conn.commit()

# We can also close the connection if we are done with it.
# Just be sure any changes have been committed or they will be lost.
conn.close()

In [6]:
# Check that the data is still there
conn = sqlite3.connect('example.db')
c = conn.cursor()
c.execute("SELECT * FROM stocks")
print(c.fetchall())

[('2006-01-05', 'BUY', 'RHAT', 100.0, 35.14)]


In [7]:
# We can use WHERE to select specific tuples
c.execute("SELECT * FROM stocks WHERE symbol = 'RHAT'")
print(c.fetchall())

[('2006-01-05', 'BUY', 'RHAT', 100.0, 35.14)]


In [8]:
# Never do this -- insecure!
symbol = input()
c.execute(f"SELECT * FROM stocks WHERE symbol = '{symbol}'")
print(c.fetchall())

# We'll come back to this later.

[('2006-01-05', 'BUY', 'RHAT', 100.0, 35.14)]


In [9]:
# Do this instead
symbol = input()
c.execute('SELECT * FROM stocks WHERE symbol=?', (symbol, ))
print(c.fetchone())

None


In [10]:
# Larger example that inserts many records at a time
purchases = [('2006-03-28', 'BUY', 'IBM', 1000, 45.00),
             ('2006-04-05', 'BUY', 'MSFT', 1000, 72.00),
             ('2006-04-06', 'SELL', 'IBM', 500, 53.00),
            ]
c.executemany('INSERT INTO stocks VALUES (?,?,?,?,?)', purchases)

<sqlite3.Cursor at 0x1062424c0>

In [11]:
c.execute("SELECT * from stocks")
print(c.fetchall())

[('2006-01-05', 'BUY', 'RHAT', 100.0, 35.14), ('2006-03-28', 'BUY', 'IBM', 1000.0, 45.0), ('2006-04-05', 'BUY', 'MSFT', 1000.0, 72.0), ('2006-04-06', 'SELL', 'IBM', 500.0, 53.0)]


In [12]:
# You can iterate over the result of a select statement

for row in c.execute('SELECT * FROM stocks ORDER BY price'):
        print(row)
        
# Notice the ORDER BY. That is how we sort the results.

('2006-01-05', 'BUY', 'RHAT', 100.0, 35.14)
('2006-03-28', 'BUY', 'IBM', 1000.0, 45.0)
('2006-04-06', 'SELL', 'IBM', 500.0, 53.0)
('2006-04-05', 'BUY', 'MSFT', 1000.0, 72.0)


In [13]:
conn.close()

### More SQL Syntax
Adapted from https://www.w3schools.com/sql/

In [16]:
# Let's create a new database

import pandas as pd
from IPython.core.display import HTML
from IPython.display import display

d = display(HTML("<style>.container { width:100% !important; }</style>"))

# Make table printing more readable

pd.set_option('display.width', 0)
pd.set_option('display.max_columns', None)


def pprint_helper(q):
    out_table = pd.read_sql_query(q, conn)
    # Don't display any cat pics
    dont_show = ('pic',)
    for col in dont_show:
        if col in out_table:
            del out_table[col]
    print(out_table.to_string(index=False))

    
def pprint_query(q):
    print(q)
    print()
    if q.startswith(('INSERT', 'UPDATE', 'DELETE')):
        conn.cursor().execute(q)
        show_result = 'SELECT * FROM Customers;'
        print(show_result)
        print()
        pprint_helper(show_result)
    else:
        pprint_helper(q)
    

# Initialize
conn = sqlite3.connect('slides.db')
c = conn.cursor()

# Drop table
c.execute('DROP TABLE IF EXISTS Customers')

# Create table
c.execute('''CREATE TABLE Customers
             (CustomerID integer primary key, CustomerName text, ContactName text, Address text, City text, PostalCode text, Country text)''')
# Insert data
data = [
    (1, 'Alfreds Futterkiste', 'Maria Anders', 'Obere Str. 57', 'Berlin', '12209', 'Germany'),
    (2, 'Ana Trujillo Emparedados y helados', 'Ana Trujillo', 'Avda. de la Constitución 2222', 'México D.F.', '5021', 'Mexico'),
    (3, 'Antonio Moreno Taquería', 'Antonio Moreno', 'Mataderos 2312', 'México D.F.', '5023', 'Mexico'),
    (4, 'Around the Horn', 'Thomas Hardy', '120 Hanover Sq.', 'London', 'WA1 1DP', 'UK'),
    (5, 'Berglunds snabbköp', 'Christina Berglund', 'Berguvsvägen 8', 'Luleå', 'S-958 22', 'Sweden')
]
c.executemany('INSERT INTO Customers VALUES (?,?,?,?,?,?,?)', data)
conn.commit()

NameError: name 'pd' is not defined

In [None]:
pprint_query("SELECT * FROM Customers;")

In [None]:
pprint_query("SELECT CustomerName, City FROM Customers;")

In [None]:
pprint_query("SELECT Country FROM Customers;")

In [None]:
pprint_query("SELECT DISTINCT Country FROM Customers;")

In [None]:
pprint_query("SELECT COUNT(DISTINCT Country) FROM Customers;")

In [None]:
pprint_query("SELECT COUNT(DISTINCT Country) AS NumCountries FROM Customers;")

In [None]:
pprint_query("SELECT * FROM Customers WHERE Country='Mexico';")

In [None]:
pprint_query("SELECT * FROM Customers WHERE CustomerID=1;")  # = > < >= <= != <> BETWEEN LIKE IN

In [None]:
pprint_query("SELECT * FROM Customers WHERE Country='Germany' AND City='Berlin';")

In [None]:
pprint_query("SELECT * FROM Customers ORDER BY Country;")

In [None]:
pprint_query("SELECT * FROM Customers ORDER BY Country DESC;")

In [None]:
pprint_query("SELECT * FROM Customers ORDER BY Country ASC, CustomerName DESC;")

In [None]:
pprint_query("""INSERT INTO Customers 
                (CustomerName, ContactName, Address, City, PostalCode, Country) 
                VALUES ('Cardinal', 'Tom B. Erichsen', 'Skagen 21', 'Stavanger', '4006', 'Norway');""")

In [None]:
pprint_query("""INSERT INTO Customers 
                (CustomerName, ContactName) 
                VALUES ('Cardinal', 'Tom B. Erichsen');""")

In [None]:
pprint_query("INSERT INTO Customers (CustomerID, CustomerName, City, Country) VALUES (1, 'Cardinal', 'Stavanger', 'Norway');")

In [None]:
pprint_query("UPDATE Customers SET ContactName = 'Alfred Schmidt', City= 'Frankfurt' WHERE CustomerID = 1;")

In [None]:
pprint_query("UPDATE Customers SET ContactName='Juan' WHERE Country='Mexico';")

In [None]:
# Don't forget the WHERE!
# pprint_query("UPDATE Customers SET ContactName='Juan';")

In [None]:
pprint_query("DELETE FROM Customers WHERE CustomerName='Alfreds Futterkiste';")

In [None]:
pprint_query("SELECT * FROM Customers LIMIT 2;")

In [None]:
pprint_query("SELECT MIN(CustomerName) AS SmallestName FROM Customers;")  # Also COUNT(), AVG(), SUM()

In [None]:
pprint_query("SELECT * FROM Customers WHERE CustomerName NOT LIKE 'a%';")  # % and _ similar to * and ? for filename wildcards

In [None]:
conn.close()

### JOIN

In [None]:
conn = sqlite3.connect('uprising.db')

In [None]:
pprint_query("SELECT * FROM Humans")

In [None]:
pprint_query("SELECT * FROM Cats")

In [None]:
pprint_query("SELECT * FROM Humans CROSS JOIN Cats;")

In [None]:
pprint_query("SELECT * FROM Humans INNER JOIN Cats ON owner=Cats.id;")  # INNER is the default

In [None]:
pprint_query("SELECT * FROM Humans;")
print()
pprint_query("SELECT * FROM Humans LEFT JOIN Cats ON owner=Cats.id;")

In [None]:
pprint_query("SELECT * FROM Cats;")
print()
pprint_query("SELECT * FROM Cats LEFT JOIN Humans ON owner=Cats.id;")

In [None]:
pprint_query("SELECT DISTINCT Cats.name FROM Humans INNER JOIN Cats ON owner=Cats.id;")

### GROUP BY

In [None]:
pprint_query("SELECT * FROM Humans;")
print()
pprint_query("SELECT name, count(*) FROM Humans GROUP BY name;")

In [None]:
pprint_query("SELECT name, lang, count(*) FROM Humans GROUP BY name;")  # somewhat meaningless, might produce an error

In [None]:
pprint_query("SELECT name, lang, count(*) FROM Humans GROUP BY name, lang;")

In [None]:
pprint_query("SELECT age AS a, birthyear AS b, count(*) FROM Humans GROUP BY age, birthyear;")

### Nesting

In [None]:
inner_query = "SELECT name, count(*) AS c FROM Humans GROUP BY name" 
pprint_query(inner_query)
print()
pprint_query(f"SELECT length(name) * c FROM ({inner_query});")

#pprint_query(f"SELECT length(name) * c FROM (SELECT name, count(*) AS c FROM Humans GROUP BY name);")

### Views

In [None]:
conn.cursor().execute("DROP VIEW IF EXISTS InnerSelect;")
conn.cursor().execute("CREATE VIEW InnerSelect AS SELECT name, count(*) as c FROM Humans GROUP BY name;")

pprint_query("SELECT * FROM InnerSelect;")

In [None]:
pprint_query("SELECT length(name) * c FROM InnerSelect;")

In [None]:
conn.close()

### SQL Injection

In [None]:
import sqlite3
conn = sqlite3.connect(":memory:")

# Create table
conn.execute('CREATE TABLE Stocks (date text, trans text, symbol text, qty real, price real)')
# Insert a row of data
conn.execute("INSERT INTO Stocks VALUES ('2006-01-05','BUY','RHAT',100,35.14)")
# Save (commit) the changes
conn.commit()

In [None]:
# Print the table
for row in conn.execute("SELECT * FROM Stocks"):
    print(row)

In [None]:
# Never do this -- insecure!
symbol = input()

# symbol = "'; drop table Stocks; --"
conn.executescript(f"SELECT * FROM Stocks WHERE symbol = '{symbol}';")
conn.commit()

# SELECT * FROM Stocks WHERE symbol = 'RHAT'
# SELECT * FROM Stocks WHERE symbol = ''; drop table Stocks; --'

In [None]:
# Print the table
for row in conn.execute("SELECT * FROM Stocks"):
    print(row)

In [None]:
# Always do this!

symbol = "'; drop table stocks; --"
#symbol = "RHAT"

conn.execute("SELECT * FROM stocks WHERE symbol=?", (symbol, ))
conn.commit()

In [None]:
# Print the table
for row in conn.execute("SELECT * FROM Stocks"):
    print(row)

In [None]:
conn.close()