In [1]:
import sqlite3
import datetime as dt

In [None]:
# Connect to an in-memory database.
connection = sqlite3.connect(":memory:")
connection

In [None]:
# Create a Cursor object.
cursor = connection.cursor()
cursor

## Create table

In [None]:
# Create a customer table.
cursor.execute("""
    CREATE TABLE Klanten (
        KlantId INTEGER PRIMARY KEY,
        Voornaam TEXT,
        Achternaam TEXT NOT NULL,
        Geboortedatum DATE
    );
""")

In [None]:
# Insert two new customers.
cursor.execute("""
    INSERT INTO Klanten
        (Voornaam, Achternaam, Geboortedatum)
    VALUES
        ('Ingrid', 'Jansen', '1984-09-06'),
        ('Henk', 'Knol', '1957-08-23')
    ;
""")

### Insert data from Python

In [26]:
# Customer data as dict.
customer = {
    "Voornaam": "Maria",
    "Achternaam": "Klomp",
    "GeboorteDatum": dt.date(1990, 5, 7)
}


In [27]:
# Define query as a string template...
template = """
    INSERT INTO Klanten
        (Voornaam, Achternaam, GeboorteDatum)
    VALUES (
        '{Voornaam}', '{Achternaam}', '{GeboorteDatum}'
    );
"""

In [None]:
# Insert values using Python formatting...
print(template.format(**customer))

In [29]:
# Customer data with missing value.
customer = {
    "Voornaam": "Maria",
    "Achternaam": "Klomp",
    "GeboorteDatum": None,
}

In [None]:
# Bad idea...
print(template.format(**customer))

In [34]:
# Customer selection query template.
template = "SELECT * FROM Klanten WHERE Achternaam = '{lastname}'"

In [None]:
# Craft a condition that is always true...
lastname = "x' OR 1 = 1 OR 'x"
formatted = template.format(lastname=lastname)
formatted


In [None]:
# Query returns all our customer data!
for row in cursor.execute(formatted).fetchall():
    print(dict(row))

In [None]:
# Good idea: Use a parametrized query.
cursor.execute(
    """
    INSERT INTO Klanten
        (Voornaam, Achternaam, GeboorteDatum)
    VALUES (:Voornaam, :Achternaam, :GeboorteDatum);
    """,
    customer
)
cursor.rowcount

In [None]:
# Using positional parameters.
cursor.execute(
    """
    INSERT INTO Klanten
        (Voornaam, Achternaam, GeboorteDatum)
    VALUES (?, ?, ?);
    """,
    ("Piet", "Klaassen", dt.date(1978, 9, 4))
)
cursor.rowcount

In [None]:
# List of customer records.
customers = [
    {"Voornaam": "Noah", "Achternaam": "Versteeg", "GeboorteDatum": None},
    {"Voornaam": "Mark", "Achternaam": "Vos", "GeboorteDatum": dt.date(1998, 1, 4)},
    {"Voornaam": "Bart", "Achternaam": "Poot", "GeboorteDatum": dt.date(1955, 8, 21)},
]

In [None]:
# Insert all customers in one go!
cursor.executemany(
    """
    INSERT INTO Klanten
        (Voornaam, Achternaam, GeboorteDatum)
    VALUES (:Voornaam, :Achternaam, :GeboorteDatum);
    """,
    customers
)
cursor.rowcount