## In order to connect to any database, we need 5 things üñê: 

In [1]:
HOST = 'localhost' # remote would be something like cs-dasbhboard.34789fhui3fh8f.amazo....
DB = 'northwind'
PORT = '5432'
##PASSWORD = 'postgres'
#USERNAME = 'postgres'
# Constants (not changing) in capital letters


## Excurse: Setting an environment variable

You might not want to hardcode your password in your Jupyter Notebook, especially if you upload it to git. Instead, export the variable to your operating system as an "environment variable" so it's stored in your computer; not in your python code.  
- On Mac / Linux: include `PGPASSWORD='mypassword'` in your `.bash_profile` or `.bashrc` or `.zshrc` file in the root directory (~) of your computer.  
- In Windows, there's a graphical interface for this: search for `Environment Variables` in your File Explorer (or go to: Advanced System Settings).

In [2]:
import os

In [3]:
USERNAME = os.getenv('PGUSER')

In [4]:
PASSWORD = os.getenv('PGPASSWORD')

# Postgres from Python with SQL-Alchemy

### Installations and imports

In [5]:
# Install SQLAlchemy
#!pip install SQLAlchemy

In [2]:
# you also need to install this postgres-specific "adapter":
!pip install psycopg2-binary
# OR: !pip install psycopg2



## 1. Connect to postgres

To connect to a database with SQL-Alchemy, we need a **connection string** (like a URL).   
Typical form of a database URL: `dialect://username:password@host:port/database`

In [5]:
#conn_string = f'postgres://{USERNAME}:{PASSWORD}@{HOST}:{PORT}/{DB}'  
conn_string_mac = f'postgres://{HOST}:{PORT}/{DB}'

In [6]:
conn_string_mac

'postgres://localhost:5432/northwind'

In [7]:
from sqlalchemy import create_engine   

In [9]:
conn = create_engine(conn_string_mac).connect()

Done with the setup! Now we can access the database. 

## 2. Create, insert and read

### Create

In [10]:
query = """CREATE TABLE newproducts (      
    newproduct_id SERIAL PRIMARY KEY,
    productname VARCHAR(100),
    price FLOAT);"""
# triple quotes: so the string can go over multiple lines

In [11]:
conn.execute(query)

<sqlalchemy.engine.result.ResultProxy at 0x7f9dd17d7630>

### Insert

In [12]:
query2 = """INSERT INTO newproducts (productname, price) 
    VALUES ('Gouda', 5), ('Gorgonzola', 7), ('Mozzarella', 3), ('Cheddar', 4), ('Camembert', '5');"""

In [13]:
conn.execute(query2)

<sqlalchemy.engine.result.ResultProxy at 0x7f9dd2189b38>

### Read

In [14]:
query3 = """SELECT * FROM newproducts WHERE price >= 4;"""

In [28]:
result = conn.execute(query3)

In [17]:
result

<sqlalchemy.engine.result.ResultProxy at 0x7f9dd2189eb8>

### How to get the data out of the Resultproxy? 
1. use methods .first(), .fetchall(), .fetchmany(no_records), rowcount...
2. Loop through the result
3. with pandas

In [29]:
# Method 1 
res1 = result.fetchall()    # list of rowproxies (can be accessed like tuples)

In [30]:
res1[1]

(2, 'Gorgonzola', 7.0)

In [34]:
# Method 2 
result = conn.execute(query3)

In [35]:
for row in result: 
    print(row['productname'])

Gouda
Gorgonzola
Cheddar
Camembert


In [38]:
# Method 3 üêº
import pandas as pd
result = conn.execute(query3)

In [39]:
df = pd.DataFrame(result, columns=result.keys())   #result.keys(). -> returns column names of the table

In [40]:
df  # implicit datatype conversions

Unnamed: 0,newproduct_id,productname,price
0,1,Gouda,5.0
1,2,Gorgonzola,7.0
2,4,Cheddar,4.0
3,5,Camembert,5.0


In [41]:
df.dtypes

newproduct_id      int64
productname       object
price            float64
dtype: object

#### Also possible: reading data into postgres with pandas: 

In [43]:
df2 = pd.read_csv('../data/northwind_data_clean/orders.csv')

In [44]:
df2.head()

Unnamed: 0,orderID,customerID,employeeID,orderDate,requiredDate,shippedDate,shipVia,freight,shipName,shipAddress,shipCity,shipRegion,shipPostalCode,shipCountry
0,10248,VINET,5,1996-07-04 00:00:00.000,1996-08-01 00:00:00.000,1996-07-16 00:00:00.000,3,32.38,Vins et alcools Chevalier,59 rue de l'Abbaye,Reims,,51100,France
1,10249,TOMSP,6,1996-07-05 00:00:00.000,1996-08-16 00:00:00.000,1996-07-10 00:00:00.000,1,11.61,Toms Spezialit√§ten,Luisenstr. 48,M√ºnster,,44087,Germany
2,10250,HANAR,4,1996-07-08 00:00:00.000,1996-08-05 00:00:00.000,1996-07-12 00:00:00.000,2,65.83,Hanari Carnes,Rua do Pa√ßo 67,Rio de Janeiro,RJ,05454-876,Brazil
3,10251,VICTE,3,1996-07-08 00:00:00.000,1996-08-05 00:00:00.000,1996-07-15 00:00:00.000,1,41.34,Victuailles en stock,2 rue du Commerce,Lyon,,69004,France
4,10252,SUPRD,4,1996-07-09 00:00:00.000,1996-08-06 00:00:00.000,1996-07-11 00:00:00.000,2,51.3,Supr√™mes d√©lices,Boulevard Tirou 255,Charleroi,,B-6000,Belgium


In [46]:
from sqlalchemy.types import VARCHAR  #import all datatypes that you might need

In [47]:
df2.to_sql('orders', conn, dtype={'customerID': VARCHAR(50)})   # implicit datatype-conversions

In [None]:
# df2.to_sql('name_of_table', connection, if_exists='append', dtype={'customerID': VARCHAR(50)}) 

Some useful parameters: 
   - if_exists = 'append', ' replace', 'fail'
   - dtype: specifying datatypes for columns as dict  (import from sqlalchemy.types)
   - chunksize: number of rows written simultaniously     

## 3. SQL-injection

In [53]:
query4 = """SELECT * FROM orders WHERE "customerID" = """  + user_input

In [None]:
# SELECT * FROM orders WHERE customerid = TRUE

In [54]:
# SELECT * FROM orders WHERE customerid = TRUE
user_input = """'WELLI' OR TRUE"""
conn.execute(query4).fetchall()

In [55]:
conn.execute(query4).fetchall()

[(0, 10248, 'VINET', 5, '1996-07-04 00:00:00.000', '1996-08-01 00:00:00.000', '1996-07-16 00:00:00.000', 3, 32.38, 'Vins et alcools Chevalier', "59 rue de l'Abbaye", 'Reims', None, '51100', 'France'),
 (1, 10249, 'TOMSP', 6, '1996-07-05 00:00:00.000', '1996-08-16 00:00:00.000', '1996-07-10 00:00:00.000', 1, 11.61, 'Toms Spezialit√§ten', 'Luisenstr. 48', 'M√ºnster', None, '44087', 'Germany'),
 (2, 10250, 'HANAR', 4, '1996-07-08 00:00:00.000', '1996-08-05 00:00:00.000', '1996-07-12 00:00:00.000', 2, 65.83, 'Hanari Carnes', 'Rua do Pa√ßo 67', 'Rio de Janeiro', 'RJ', '05454-876', 'Brazil'),
 (3, 10251, 'VICTE', 3, '1996-07-08 00:00:00.000', '1996-08-05 00:00:00.000', '1996-07-15 00:00:00.000', 1, 41.34, 'Victuailles en stock', '2 rue du Commerce', 'Lyon', None, '69004', 'France'),
 (4, 10252, 'SUPRD', 4, '1996-07-09 00:00:00.000', '1996-08-06 00:00:00.000', '1996-07-11 00:00:00.000', 2, 51.3, 'Supr√™mes d√©lices', 'Boulevard Tirou 255', 'Charleroi', None, 'B-6000', 'Belgium'),
 (5, 10253, 

In [None]:
# validate your user input

In [None]:
# validate your user input
# parametrized queries in sqlalchemy
from sqlalchemy.sql import text
rep_statement = text("""SELECT * FROM orders WHERE "customerID" :x""")   # to check string case insensitive: ILIKE
user_input2 = 'WELLI'

In [61]:
from sqlalchemy.sql import text

In [62]:
prep_statement = text("""SELECT * FROM orders WHERE "customerID" :x""")   # to check string case insensitive: ILIKE

In [72]:
user_input2 = 'WELLI'

In [73]:
conn.execute(prep_statement, x=user_input2).fetchall()

[(8, 10256, 'WELLI', 3, '1996-07-15 00:00:00.000', '1996-08-12 00:00:00.000', '1996-07-17 00:00:00.000', 2, 13.97, 'Wellington Importadora', 'Rua do Mercado 12', 'Resende', 'SP', '08737-363', 'Brazil'),
 (172, 10420, 'WELLI', 3, '1997-01-21 00:00:00.000', '1997-02-18 00:00:00.000', '1997-01-27 00:00:00.000', 1, 44.12, 'Wellington Importadora', 'Rua do Mercado 12', 'Resende', 'SP', '08737-363', 'Brazil'),
 (337, 10585, 'WELLI', 7, '1997-07-01 00:00:00.000', '1997-07-29 00:00:00.000', '1997-07-10 00:00:00.000', 1, 13.41, 'Wellington Importadora', 'Rua do Mercado 12', 'Resende', 'SP', '08737-363', 'Brazil'),
 (396, 10644, 'WELLI', 3, '1997-08-25 00:00:00.000', '1997-09-22 00:00:00.000', '1997-09-01 00:00:00.000', 2, 0.14, 'Wellington Importadora', 'Rua do Mercado 12', 'Resende', 'SP', '08737-363', 'Brazil'),
 (555, 10803, 'WELLI', 4, '1997-12-30 00:00:00.000', '1998-01-27 00:00:00.000', '1998-01-06 00:00:00.000', 1, 55.23, 'Wellington Importadora', 'Rua do Mercado 12', 'Resende', 'SP', '0

In [None]:
# SELECT * FROM orders WHERE customerid ILIKE 'W%';

### Further reading/watching/listening:
https://www.sqlalchemy.org/library.html  
https://talkpython.fm/episodes/show/5/sqlalchemy-and-data-access-in-python