In [43]:
# SQLite is a database engine in every phone and computer.
# Popular language have SQLite API

<table>
  <tr>
    <th>SQLite Data Types</th>
    <th>Python equivalent</th>
  </tr>
  <tr>
    <td>INEGER</td>
    <td>INT</td>    
  </tr>
  <tr>
    <td>REAL</td>
    <td>FLOAT</td>    
  </tr>
  <tr>
    <td>TEXT</td>
    <td>STRING</td>    
  </tr>
  <tr>
    <td>BLOB</td>
    <td>BYTES</td>    
  </tr>
  <tr>
    <td>NULL</td>
    <td>NONE</td>    
  </tr>
</table>


In [44]:
import sqlite3

# Connect to a (new) database
conn = sqlite3.connect("./DB/alpha.db")

# Create a cursor
cur = conn.cursor()

# Create a 'people' table
# cur.execute(), you need to call conn.commit() after executing your statement to commit the changes made to the database
cur.execute("""CREATE TABLE IF NOT EXISTS people (first_name TEXT, last_name TEXT)""")
conn.commit()

# conn.execute(), you do not need to call conn.commit() as the changes are automatically committed to the database.
# conn.execute("""CREATE TABLE IF NOT EXISTS people (first_name TEXT, last_name TEXT)""")

# Test data
famous_people = [
    ("Albert", "Einstein"),
    ("Isaac", "Newton"),
    ("Marie", "Curie"),
    ("Charles", "Darwin"),
    ("Nikola", "Tesla"),
]

# Insert data into data base
cur.executemany(
    """INSERT INTO people (first_name, last_name) VALUES (?,?)""", famous_people
)
conn.commit()

# Close the cursor
cur.close()

# Close connection
conn.close()

In [45]:
# Connect to or create SQLite database
conn = sqlite3.connect("./DB/members.db")
cur = conn.cursor()

# # Load SQL script from file
# with open("./DB/test.sql") as file:
#     sql_script = file.read()

# # Excecute script
# cur.executescript(sql_script)

# Display data
# member_data = cur.execute("SELECT * FROM members ORDER BY ln")
# # print(member_data)
# for row in member_data:
#     print(row)

# print(cur)
# print(member_data)

cur.execute("SELECT * FROM members ORDER BY ln")
for member in cur:
    print(member)

# It's closing time
cur.close()
conn.close()

(5, 'Ryan', 'Bennett')
(1, 'Steve', 'Coplan')
(4, 'Robert', 'Culling')
(3, 'Ben', 'Shew')
(2, 'Shawn', 'Verzilli')


In [46]:
# SQL injection attacks
user_input = "Ben"
# user_input = "' OR 1=1 --"
# sql = f"SELECT * FROM members WHERE fn='{user_input}'"
# print(sql)

# Connect to or create SQLite database
conn = sqlite3.connect("./DB/members.db")
cur = conn.cursor()

# Display data
# cur.execute(sql)

# Safe: placeholders prevent SQL injection
# By using placeholders, the malicious SQL is escaped and treated as a raw string, not as actual SQL code.
cur.execute("SELECT * FROM members WHERE fn=?", (user_input,))
for member in cur:
    print(member)

# It's closing time
cur.close()
conn.close()

(3, 'Ben', 'Shew')


<pre>
# Essential features of SQLite in Python are:
import sqlite3

conn = sqlite3.connect(filepath) # Connect or create database
cursor = conn.cursor()

# Execute queries first method
results = cursor.execute(query, parameters)
# or
results = cursor.executemany(query, parameters)
# or
results = cursor.executescript(script_as_string)

# when you use cur.execute(), you need to call conn.commit() after executing your statement 
# to commit the changes made to the database.
# READ database do not need conn.commit(), but UPDATE, CREATE, DELETE need to call conn.commit()
conn.commit()

# Execute queries second method
results = conn.execute(query, parameters)
# or
results = conn.executemany(query, parameters)
# or
results = conn.executescript(script_as_string)

# when you use conn.execute(), you do not need to call conn.commit() as 
# the changes are automatically committed to the database


# It's closing time
cur.close()
conn.close()
</pre>


In [47]:
# Create a connection object that represents the database
conn = sqlite3.connect("./DB/stocks.db")

# Create a cursor object that will help you execute all the SQL statements
c = conn.cursor()

# Create a table
c.execute(
    """CREATE TABLE IF NOT EXISTS stocks (date text, trans text, symbol text, qty real, price real)"""
)

# Insert data into the table
c.execute("INSERT INTO stocks VALUES ('2006-01-05','BUY','RHAT',100,35.14)")

# Read data from the table
for row in c.execute("SELECT * FROM stocks ORDER BY price"):
    print(row)

# Update data in the table
c.execute("UPDATE stocks SET qty = 200 WHERE symbol = 'RHAT'")
for row in c.execute("SELECT * FROM stocks ORDER BY price"):
    print(row)

# Delete data from the table
c.execute("DELETE FROM stocks WHERE symbol = 'RHAT'")
for row in c.execute("SELECT * FROM stocks ORDER BY price"):
    print(row)

# Commit your changes to the database
conn.commit()

# Close the cursor and connection objects
c.close()
conn.close()

('2006-01-05', 'BUY', 'RHAT', 100.0, 35.14)
('2006-01-05', 'BUY', 'RHAT', 200.0, 35.14)
