## Useful Links

- [How to Work with SQLite in Python – A Handbook for Beginners](https://www.freecodecamp.org/news/work-with-sqlite-in-python-handbook)
- [Python SQLite](https://www.geeksforgeeks.org/python-sqlite/)
- [sqlite3 documentation](https://docs.python.org/3/library/sqlite3.html#sqlite3.Connection)

## Hands on SQLite with Python

### How to Create Database Tables


### How to Insert Data into a Table
Now that we have our Students table created, it’s time to start inserting data into the database.


#### How to Insert a Single Record

SQL syntax for inserting a single record:

~~~~sql
INSERT INTO Students (name, age, email)
VALUES ('John Doe', 20, 'johndoe@example.com');
~~~~


Programmatically

~~~~python
import sqlite3

# Use 'with' to open and close the connection automatically
with sqlite3.connect('my_database.db') as connection:
    cursor = connection.cursor()

    # Insert a record into the Students table
    query = """
        INSERT INTO Students (name, age, email)
        VALUES (?, ?, ?);
    """

    value = ('Jane Doe', 23, 'jane@example.com')

    cursor.execute(query, value)

    # Commit the changes automatically
    connection.commit()
~~~~
The ? placeholders represent the values to be inserted into the table.


#### How to Insert Multiple Records
~~~~sql
INSERT INTO Students (name, age, email)
    VALUES
      ('Bahadurjit Sabharwal', 18, 'tristanupadhyay@example.net'),
      ('Zayyan Arya', 20, 'yashawinibhakta@example.org'),
      ('Hemani Shukla', 18, 'gaurikanarula@example.com');
~~~~

Programmatically: `cursor.executemany()`: This method allows us to insert multiple records at once, making the code more
efficient.

~~~~python
import sqlite3

# Use 'with' to open and close the connection automatically
with sqlite3.connect('my_database.db') as connection:
    cursor = connection.cursor()

    # Insert a record into the Students table
    query = '''
    INSERT INTO Students (name, age, email)
    VALUES (?, ?, ?);
    '''
    values = [
        ['Bahadurjit Sabharwal', 18, 'tristanupadhyay@example.net'],
        ['Zayyan Arya', 20, 'yashawinibhakta@example.org'],
        ['Hemani Shukla', 18, 'gaurikanarula@example.com']
    ]
    # Execute the query for multiple records
    cursor.executemany(query, values)

    # Commit the changes
    connection.commit()
~~~~

### How to Handle Common Issues: SQL Injection

SQL Injection is a security vulnerability that occurs when attackers manipulate SQL queries by injecting malicious
input. This can lead to unauthorized access, data breaches, or even complete database deletion. For example, an attacker
might try to inject code like `DROP TABLE Students;` to delete the table.

By using parameterized queries, we avoid this issue. The ? placeholders in parameterized queries
ensure that input values are treated as data, not as part of the SQL command. This makes it impossible for malicious
code to be executed.

### How to Query Data

### Data Types in SQLite and Their Mapping to Python

![data_type.png](img/data_type.png)