# SQLite & SQL Implementation

## First steps

1. Create database: Create a text file `<db_name>.db`

2. Connect to database:

In [2]:
import sqlite3

# create database file if not exists
connection = sqlite3.connect("test_db.db")
connection

<sqlite3.Connection at 0x1046bb030>

## Table operations
* Create table
* Alter table
* Drop table

### Create table


1. Determine entities and their respective attributes
* Entity: `Skin`
  * `name`: `TEXT`
  * `sell_price`: `REAL`
  * `sell_listings`: `INTEGER` (how many people are selling this)

2. Create table using SQL command

In [75]:
# SQL command
command = """
CREATE TABLE skins ( -- Table name should be in snake_case
    -- list attributes here
    name TEXT,
    sell_price REAL,
    sell_listings INTEGER
)
"""

cursor = connection.cursor()
cursor.execute(command)

<sqlite3.Cursor at 0x10aaca1f0>

### Alter table
Modify the table's structure without changing existing data. Refer to: https://sqlite.org/lang_altertable.html

### Drop table

In [5]:
command = """
DROP TABLE skins
"""

cursor.execute(command)

<sqlite3.Cursor at 0x10aaedea0>

## Data operations
* Insert
* Select
* Update
* Delete

### Select data

In [11]:
command = """
SELECT
  name, sell_price, sell_listings
FROM
  skins
"""

# execute query
skins = cursor.execute(command).fetchall()
print(skins)

[('skin 1', 0.99, 100), ('skin 2', 0.98, 100)]


### Insert data

In [65]:
command = """
INSERT INTO skins (name, sell_price, sell_listings)
VALUES
("skin 1", 0.99, 100),
("skin 2", 0.98, 100),
("skinaqua", 0.95, 101)
"""

cursor.execute(command)

<sqlite3.Cursor at 0x10aaca260>

In [76]:
data = [
    ("skin 1", 0.99, 100),
    ("skin 2", 0.98, 100),
    ("skinaqua", 0.95, 101)
]

for item in data:
    name, sell_price, sell_listings = item
    command = f"""
    INSERT INTO skins (name, sell_price, sell_listings)
    VALUES ("{name}", {sell_price}, {sell_listings})
    """
    cursor.execute(command)

print("--- Finished insertion ---")

command = """
SELECT
  name, sell_price, sell_listings
FROM
  skins
"""

# execute query
skins = cursor.execute(command).fetchall()
print(skins)

--- Finished insertion ---
[('skin 1', 0.99, 100), ('skin 2', 0.98, 100), ('skinaqua', 0.95, 101)]


### Update data
Refer to this guide: https://sqlite.org/lang_update.html

In [63]:
increment = 0.01
command = f"""
UPDATE skins
SET
  sell_price = sell_price + {increment},
  sell_listings = 200
-- WHERE name = "skin 1"
"""

cursor.execute(command)
print("--- Updated ---")

command = """
SELECT
  name, sell_price, sell_listings
FROM
  skins
"""

# execute query
skins = cursor.execute(command).fetchall()
print(skins)

--- Updated ---
[('skin 2', 1.3300000000000003, 200), ('skinaqua', 1.3000000000000003, 200)]


### Delete data

In [29]:
# delete with condition
command = """
DELETE FROM skins
WHERE name = "skin 1"
"""

cursor.execute(command)
print("--- Deleted ---")

command = """
SELECT
  name, sell_price, sell_listings
FROM
  skins
"""

# execute query
skins = cursor.execute(command).fetchall()
print(skins)

--- Deleted ---
[('skin 2', 0.99, 200), ('skinaqua', 0.96, 200)]


In [66]:
# delete with NO condition
command = """
DELETE FROM skins
"""

cursor.execute(command)
print("--- Deleted ---")

command = """
SELECT
  name, sell_price, sell_listings
FROM
  skins
"""

# execute query
skins = cursor.execute(command).fetchall()
print(skins)

--- Deleted ---
[]


### Select with filtering

In [24]:
# some operations supported by SQLITE WHERE: =, <, >, <>, <=, >=, LIKE
command = """
SELECT name, sell_price, sell_listings
FROM skins
WHERE sell_price < 0.99
"""

skins = cursor.execute(command).fetchall()
print(skins)

[('skin 2', 0.98, 100), ('skinaqua', 0.95, 101)]


In [26]:
command = """
SELECT name, sell_price, sell_listings
FROM skins
WHERE name LIKE "%Skin %"
"""
# % = any character at any quantity
# LIKE = broad match + case INSENSITIVE

skins = cursor.execute(command).fetchall()
print(skins)

[('skin 1', 0.99, 100), ('skin 2', 0.98, 100)]


In [73]:
# Susceptible to SQL INJECTION
# threshold = "0 AND 1 = 1; DROP TABLE skins;" => use SQL PARAMETER
threshold = 0.99
command = f"""
SELECT name, sell_price, sell_listings
FROM skins
WHERE sell_price > {threshold}
"""

skins = cursor.executescript(command).fetchall()
print(skins)

OperationalError: no such table: skins

In [83]:
threshold = "0 AND 1 = 1; DROP TABLE skins;" # => use SQL PARAMETER
command = f"""
SELECT name, sell_price, sell_listings
FROM skins
WHERE sell_price > ?
"""
# => resolved SQL INJECTION
skins = cursor.execute(command, (threshold, )).fetchall()
print(skins)

[]


Homework:
1. Update your project to use `SQLite` for data store