# Lesson 9: Python Database Integration

**Duration:** 20 minutes  
**Prerequisites:** Complete Lessons 1-8  
**Learning Mode:** Read explanations, then run each Python code cell

---

## üéØ Learning Objectives

By the end of this lesson, you will be able to:
- Connect to SQLite databases from Python
- Execute SQL queries programmatically
- Fetch and process query results
- Use parameterised queries to prevent SQL injection
- Handle database errors gracefully
- Close connections properly
- Build simple database-driven applications


## üìö Why Use Python with Databases?

Writing SQL queries in `.sql` files is great for learning, but real applications need to:

- ‚úÖ Accept user input dynamically
- ‚úÖ Process query results with programming logic
- ‚úÖ Display results in custom formats
- ‚úÖ Integrate databases with web apps, APIs, GUIs
- ‚úÖ Automate database operations
- ‚úÖ Handle errors and edge cases

**Python's `sqlite3` module** (built-in!) lets you do all of this.

### Real-World Use Cases:

- **Web Applications:** Store user accounts, posts, products
- **Data Analysis:** Query databases, process results with pandas
- **Automation Scripts:** Backup data, generate reports
- **Desktop Apps:** Save application settings, user data
- **APIs:** Serve database content as JSON


## üîß Part 1: Connecting to a Database

### Import the sqlite3 Module

**Note:** This notebook uses standard Python (not `%%sql` magic from previous lessons).


In [None]:
import sqlite3
from pathlib import Path
import sys

print(f"Python version: {sys.version}")
print(f"sqlite3 version: {sqlite3.version}")


### Create a Database Connection

**Function to connect to our Star Wars database:**


In [None]:
# We use context managers (with statements) for database connections!
# They automatically handle closing connections and committing/rolling back transactions

def get_database_info(db_file='database/starwars.db'):
    """
    Display database connection information
    
    Args:
        db_file: Path to database file
    """
    try:
        with sqlite3.connect(db_file) as conn:
            print(f"‚úì Connected to database: {db_file}")
            print(f"‚úì SQLite version: {sqlite3.sqlite_version}")
            # Connection automatically closes when exiting this block
    except sqlite3.Error as e:
        print(f"‚úó Error connecting to database: {e}")


### Test the Connection

**Run this cell to verify the database connection works:**


In [None]:
# Test connection using context manager
get_database_info()
print("‚úì Connection automatically closed")


**Important Concepts:**

- `sqlite3.connect(filename)` - Creates/opens a database file
- `with sqlite3.connect(db) as conn:` - Context manager automatically closes connection
- Context managers handle cleanup even if errors occur

**Best Practice:** Always use `with` statements (context managers) for database connections.


## üìä Part 2: Executing Queries

### Create a Cursor

A **cursor** is like a pointer that executes SQL and fetches results.


In [None]:
def get_all_characters():
    """Retrieve all characters from the database"""
    # TODO: Use 'with sqlite3.connect()' to create connection
    # TODO: Create cursor and execute query
    # TODO: Fetch and display results
    # Connection will close automatically when 'with' block ends
    pass

# Run the function
get_all_characters()


**Key Methods:**

| Method | Purpose | Returns |
|--------|---------|---------|
| `cursor.execute(sql)` | Run SQL query | Cursor object |
| `cursor.fetchall()` | Get all rows | List of tuples |
| `cursor.fetchone()` | Get one row | Tuple or None |
| `cursor.fetchmany(n)` | Get n rows | List of tuples |

**Each tuple represents one row** - access values by index.


### Different Fetch Methods

**Three ways to retrieve query results:**


In [None]:
def get_character_by_name(name: str):
    """Find a specific character by name"""
    # TODO: Use 'with sqlite3.connect()' as conn:
    # TODO: Execute parameterized query with ? placeholder
    # TODO: Fetch and display result
    # Connection automatically closes
    pass

# Test the function
get_character_by_name("Luke Skywalker")


**When to use each:**

- `fetchone()` - Process one row at a time (memory efficient for huge results)
- `fetchmany(n)` - Process in batches (balance between memory and speed)
- `fetchall()` - Get everything at once (convenient for small result sets)


### Using Row Factory for Named Columns

**Problem:** `row[0]`, `row[1]` is hard to read!

**Solution:** `Row` objects act like dictionaries:


In [None]:
def filter_by_species(species: str):
    """Get all characters of a specific species"""
    # TODO: Use context manager: with sqlite3.connect() as conn:
    # TODO: Set conn.row_factory = sqlite3.Row for named access
    # TODO: Execute filtered query with parameterized ? placeholder
    # TODO: Fetch and display all matching results
    # Connection automatically closes and commits
    pass

# Test the function
filter_by_species("Human")


**Much better!** `char['name']` is clearer than `char[0]`.

**Tip:** Always use `conn.row_factory = sqlite3.Row` for readable code.


## üõ°Ô∏è Part 3: Parameterised Queries (SQL Injection Prevention)

### The Danger of String Formatting

**NEVER do this:**

```python
# ‚ùå DANGEROUS - Vulnerable to SQL injection!
species = input("Enter species: ")
query = f"SELECT * FROM characters WHERE species = '{species}'"
cursor.execute(query)
```

**Why?** A malicious user could enter: `' OR '1'='1`  
**Result:** `SELECT * FROM characters WHERE species = '' OR '1'='1'`  
**Effect:** Returns ALL characters (security breach!)

### Safe Approach: Parameterised Queries

**Use placeholders (`?`) instead:**


In [None]:
def add_new_character(name: str, species: str, homeworld: str, height: int):
    """Insert a new character into the database"""
    # TODO: Use context manager: with sqlite3.connect() as conn:
    # TODO: Execute INSERT statement with ? placeholders
    # TODO: Commit happens automatically on success!
    # Connection and commit handled automatically
    pass

# Test adding a character
add_new_character("Rey", "Human", "Jakku", 170)


**Key Points:**

- `?` is a placeholder for a value
- Pass values as a tuple: `(value,)` or `(val1, val2)`
- SQLite automatically escapes special characters
- **Always use parameterised queries for user input!**

### Multiple Parameters


In [None]:
def update_character_height(name: str, new_height: int):
    """Update a character's height"""
    # TODO: Use context manager: with sqlite3.connect() as conn:
    # TODO: Execute UPDATE statement with ? placeholders
    # TODO: Commit happens automatically!
    # Connection and commit handled automatically
    pass

# Test updating
update_character_height("Rey", 175)


## üîÑ Part 4: Inserting, Updating, and Deleting Data

### Insert Data

**Add a new character:**


In [None]:
def delete_character(name: str):
    """Delete a character from the database"""
    # TODO: Use context manager: with sqlite3.connect() as conn:
    # TODO: Execute DELETE statement with ? placeholder
    # TODO: Commit happens automatically!
    # Connection and commit handled automatically
    pass

# Test deleting
delete_character("Rey")


**Critical:** With context managers, `conn.commit()` happens automatically on success!

**On error:** Context manager automatically rolls back changes.

### Update Data


In [None]:
def get_characters_with_planets():
    """Join characters with their homeworld details"""
    # TODO: Use context manager: with sqlite3.connect() as conn:
    # TODO: Execute JOIN query
    # TODO: Fetch and display results
    # Connection automatically closes
    pass

# Run the function
get_characters_with_planets()


**`cursor.rowcount`** tells you how many rows were affected.

### Delete Data


In [None]:
def get_species_stats():
    """Get statistics by species using aggregation"""
    # TODO: Use context manager: with sqlite3.connect() as conn:
    # TODO: Execute aggregation query with GROUP BY
    # TODO: Fetch and display results
    # Connection automatically closes
    pass

# Run the function
get_species_stats()


## üéØ Part 5: Practical Application

Let's build a simple character search function:


In [None]:
def bulk_insert_characters(characters_data):
    """Insert multiple characters in a single transaction"""
    # TODO: Use context manager: with sqlite3.connect() as conn:
    # TODO: Use cursor.executemany() for bulk insert
    # TODO: Commit happens automatically!
    # Connection and commit handled automatically
    pass

# Test data
new_characters = [
    ("Finn", "Human", "Unknown", 178),
    ("Poe Dameron", "Human", "Yavin 4", 172)
]

# Run the function
bulk_insert_characters(new_characters)


### Build a Character Statistics Function


In [None]:
def safe_transaction_example():
    """Demonstrate transaction with rollback on error"""
    # TODO: Use context manager: with sqlite3.connect() as conn:
    # TODO: Try multiple operations inside try/except
    # TODO: Commit happens automatically on success
    # TODO: Rollback happens automatically on error
    pass

# Run the function
safe_transaction_example()


## üîí Part 6: Error Handling and Best Practices

### Use Context Managers (with statement)

**Best practice:** Use `with` to auto-close connections:


In [None]:
# Exercise 1: Write a function to get characters taller than a given height
def get_tall_characters(min_height: int):
    """Get all characters taller than specified height"""
    # TODO: Implement this function
    pass

# Test it
get_tall_characters(180)


**Benefits:**
- Connection closes automatically (even if error occurs)
- Changes commit automatically on success
- Rollback happens automatically on errors
- Cleaner, more Pythonic code
- No need to track connection lifecycle manually

### Transaction Management


In [None]:
# Exercise 2: Write a function to update multiple fields at once
def update_character(name: str, **kwargs):
    """Update character with flexible field updates"""
    # TODO: Build dynamic UPDATE query
    # TODO: Handle variable number of fields
    pass

# Test it
update_character("Luke Skywalker", height=175, homeworld="Tatooine")


## üéì Practice Exercises

### Exercise 1: Get Tall Characters

**Task:** Write a function that returns all characters taller than a given height using a context manager.


In [None]:
# Exercise 3: Write a function to search characters by partial name match
def search_characters(search_term: str):
    """Search characters using LIKE operator"""
    # TODO: Implement search with LIKE
    pass

# Test it
search_characters("Sky")


### Exercise 2: Update Multiple Fields

**Task:** Write a function that can update any fields of a character using context manager and **kwargs.


In [None]:
# Challenge: Create a class-based database manager
class StarWarsDB:
    """Database manager class for Star Wars characters"""
    
    def __init__(self, db_path='database/starwars.db'):
        """Initialize with database path"""
        # TODO: Store database path
        pass
    
    def get_all(self):
        """Get all characters"""
        # TODO: Implement
        pass
    
    def add(self, name, species, homeworld, height):
        """Add a character"""
        # TODO: Implement
        pass
    
    def update(self, char_id, **kwargs):
        """Update character fields"""
        # TODO: Implement
        pass
    
    def delete(self, char_id):
        """Delete a character"""
        # TODO: Implement
        pass

# Test the class
# db = StarWarsDB()
# db.get_all()


## ‚úÖ Checkpoint & Summary

### What You've Learnt

- ‚úÖ Connect to SQLite databases from Python
- ‚úÖ Execute SQL queries with `cursor.execute()`
- ‚úÖ Fetch results with `fetchone()`, `fetchmany()`, `fetchall()`
- ‚úÖ Use `Row` objects for named column access
- ‚úÖ Write **parameterised queries** to prevent SQL injection
- ‚úÖ INSERT, UPDATE, DELETE data with automatic commit
- ‚úÖ Handle errors with try/except blocks
- ‚úÖ Use **context managers (`with`)** for automatic cleanup
- ‚úÖ Build practical database-driven functions

### Key Python sqlite3 Functions

| Function/Method | Purpose |
|-----------------|---------|
| `with sqlite3.connect(db) as conn:` | Context manager for connection (auto-closes) |
| `conn.cursor()` | Create cursor for executing SQL |
| `cursor.execute(sql, params)` | Execute SQL query |
| `cursor.fetchone()` | Fetch one row |
| `cursor.fetchall()` | Fetch all rows |
| `conn.row_factory = sqlite3.Row` | Enable named column access |
| `cursor.lastrowid` | Get ID of last inserted row |
| `cursor.rowcount` | Get number of affected rows |

### Best Practices Checklist

- [ ] Always use **context managers** (`with` statements)
- [ ] Always use parameterised queries (`?` placeholders)
- [ ] Let context managers handle commit/rollback automatically
- [ ] Use `try/except` for error handling
- [ ] Use `conn.row_factory = sqlite3.Row` for readability
- [ ] Validate input before building dynamic queries
- [ ] Never use f-strings or string formatting with user input

## üéâ Congratulations!

You can now build Python applications that interact with databases! This is a fundamental skill for:
- Web development (Flask, Django, FastAPI)
- Data analysis and reporting
- Automation scripts
- Desktop applications
- And much more!

**Ready for the final lesson?** Open `lesson10_comparison.ipynb`

---

## üíæ Git Commands (for reference)

```bash
git status
git add jupyter_notebook_lessons/lesson9_database.ipynb
git commit -m "Completed Lesson 9: Python database integration"
git push
```
