SQLite rox your sox! Let's get down to business!

# Connecting to a data base
Let's connect to the SQLite database, which means, actually, specifying the name of the file in which the database is/will be stored.

In [1]:
import sqlite3
connection = sqlite3.connect('my_database.db')

Now let's create a cursor, which is the object we use to execute sql statements.

In [2]:
cursor = connection.cursor()

And now it's pure SQL madness! Let's have some fun.

# Issuing SQL statements

Let's create a table.

In [7]:
sql = """
    CREATE TABLE IF NOT EXISTS employees(
        id INTEGER,
        name VARCHAR(64),
        department VARCHAR(32),
        phone VARCHAR(16),
        email VARCHAR(32)
    );
"""

cursor.execute(sql)
connection.commit()
connection.close()

Above we used the <code>execute()</code> method. It accepts only one SQL statement at a time. Bellow we'll use the <code>executescript()</code> method, that accepts various SQL statetments at once.

Now let's insert some data into our new table!

In [18]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

sql = """
    INSERT INTO employees(id, name, department, phone, email) VALUES (1, "John Smith", "IT", "+55(41)3266-8568", "spamail@gmail.com");
    INSERT INTO employees VALUES(2, "Anne Barker", "Accounting", "+45(33)6548-8521", "anne@barker.com");
    INSERT INTO employees VALUES(3, "Luiza Lípio", "Cleaning", "+69(24)2469-2424", "veio@mala.com");
"""

cursor.executescript(sql)
connection.commit()
connection.close()

Let's select data from our table!

In [26]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

sql = "SELECT * FROM employees;"

cursor.execute(sql)

#fetchall() is optional. It's possible to iterate directly over cursor too.
for row in cursor.fetchall():
    print(row)
    
connection.close()

(1, 'John Smith', 'IT', '+55(41)3266-8568', 'spamail@gmail.com')
(2, 'Anne Barker', 'Accounting', '+45(33)6548-8521', 'anne@barker.com')
(3, 'Luiza Lípio', 'Cleaning', '+69(24)2469-2424', 'veio@mala.com')


In [31]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

sql = "SELECT name, phone FROM employees WHERE name LIKE 'A%';"

cursor.execute(sql)

for row in cursor:
    print(row)
    
connection.close()

('Anne Barker', '+45(33)6548-8521')


In [32]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

sql = "SELECT * FROM employees ORDER BY id DESC;"

cursor.execute(sql)

for row in cursor:
    print(row)
    
connection.close()

(3, 'Luiza Lípio', 'Cleaning', '+69(24)2469-2424', 'veio@mala.com')
(2, 'Anne Barker', 'Accounting', '+45(33)6548-8521', 'anne@barker.com')
(1, 'John Smith', 'IT', '+55(41)3266-8568', 'spamail@gmail.com')


In [33]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

sql = "SELECT * FROM employees WHERE id=1;"

cursor.execute(sql)

for row in cursor:
    print(row)
    
connection.close()

(1, 'John Smith', 'IT', '+55(41)3266-8568', 'spamail@gmail.com')


If you know that only one record will be returned, it's possible to use the <code>fetchone()</code> method.

In [34]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

sql = "SELECT * FROM employees WHERE id=1;"

cursor.execute(sql)
row = cursor.fetchone()
print(row)
    
connection.close()

(1, 'John Smith', 'IT', '+55(41)3266-8568', 'spamail@gmail.com')


# Parameterized SQL statements
Mark the parts in your SQL statements where parameters will be passed with <code>?</code> and then provide these parameters inside a tuple that will be passed as a second argument in <code>execute()</code> method or the cursor object.

<B><U>SUPER IMPORTANT:</U> in order to avoid SQL injection, always sanitize inputs that will be inserted into an SQL statement. This means taking off any ?s out of them before using the input in the SQL commands!

In [35]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

min_id = input('Enter ID: ')

sql = 'SELECT * FROM employees WHERE id >= ?;'
cursor.execute(sql, (min_id,))
for row in cursor:
    print(row)
    
connection.close()

Enter ID:  2


(2, 'Anne Barker', 'Accounting', '+45(33)6548-8521', 'anne@barker.com')
(3, 'Luiza Lípio', 'Cleaning', '+69(24)2469-2424', 'veio@mala.com')


In [39]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

new_row = (4, 'Ale Sandra', 'Sales', '+55(41)3254-8752', 'aless@ndra.com')

sql = 'INSERT INTO employees VALUES (?, ?, ?, ?, ?);'
cursor.execute(sql, new_row)


sql = 'SELECT * FROM employees;'
cursor.execute(sql)
for row in cursor:
    print(row)

connection.commit()
connection.close()

(1, 'John Smith', 'IT', '+55(41)3266-8568', 'spamail@gmail.com')
(2, 'Anne Barker', 'Accounting', '+45(33)6548-8521', 'anne@barker.com')
(3, 'Luiza Lípio', 'Cleaning', '+69(24)2469-2424', 'veio@mala.com')
(4, 'Ale Sandra', 'Sales', '+55(41)3254-8752', 'aless@ndra.com')


# Update and delete
Just some more SQL fun.

In [46]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

sql = "UPDATE employees SET phone='+99(99)9999-9999' WHERE id=2;"
cursor.execute(sql)
connection.commit()

sql = "SELECT * FROM employees;"
cursor.execute(sql)

for row in cursor:
    print(row)

connection.close()

(1, 'John Smith', 'IT', '+55(41)3266-8568', 'spamail@gmail.com')
(2, 'Anne Barker', 'Accounting', '+99(99)9999-9999', 'anne@barker.com')
(3, 'Luiza Lípio', 'Cleaning', '+69(24)2469-2424', 'veio@mala.com')
(4, 'Ale Sandra', 'Sales', '+55(41)3254-8752', 'aless@ndra.com')


Let's get rid of Mrs. Luiza, shall we!?

In [49]:
connection = sqlite3.connect('my_database.db')
cursor = connection.cursor()

sql = "DELETE FROM employees WHERE name LIKE 'Luiza%';"
cursor.execute(sql)
connection.commit()

sql = "SELECT * FROM employees;"
cursor.execute(sql)
for row in cursor:
    print(row)
    
connection.close()

(1, 'John Smith', 'IT', '+55(41)3266-8568', 'spamail@gmail.com')
(2, 'Anne Barker', 'Accounting', '+99(99)9999-9999', 'anne@barker.com')
(4, 'Ale Sandra', 'Sales', '+55(41)3254-8752', 'aless@ndra.com')
