# Base de Données Relationnelles

In [90]:
import psycopg2 as pg
from sqlalchemy import create_engine, text
import pandas as pd

In [7]:
user = 'movie'
password = 'mysecretpassword'
host = 'localhost'
port = 5432
dbname = 'dbmovie'

## Connexion directe en DB API 2

In [42]:
conn = pg.connect(host=host, port=port, dbname=dbname, user=user, password=password)
conn

<connection object at 0x00000236A7FC2790; dsn: 'user=movie password=xxx dbname=dbmovie host=localhost port=5432', closed: 0>

In [43]:
conn.closed

0

In [53]:
cursor = conn.cursor()
cursor

<cursor object at 0x00000236A8438200; closed: 0>

In [54]:
sql_movie_1983 = """SELECT
    id,
    title,
    year,
    duration
FROM movie
WHERE year = 1983
ORDER BY title"""  

In [55]:
cursor.execute(sql_movie_1983)

In [56]:
for row in cursor:
    print(row)

(173893, "Hefty's", 1983, None)
(86006, 'Never Say Never Again', 1983, 134)
(86034, 'Octopussy', 1983, 131)
(86250, 'Scarface', 1983, 170)
(86190, 'Star Wars: Episode VI - Return of the Jedi', 1983, 131)
(86361, 'Staying Alive', 1983, 93)
(86383, 'Sudden Impact', 1983, 117)
(86491, 'Twilight Zone: The Movie', 1983, 101)


In [57]:
cursor.close()

In [58]:
conn.close()
conn.closed

1

In [65]:
with pg.connect(host=host, port=port, dbname=dbname, user=user, password=password) as conn2:
    # use resource conn
    with conn2.cursor() as cursor:
        cursor.execute(sql_movie_1983)
        data = list(cursor)
    # cursor.close()
# free resource: fin de transaction (TODO: encapsuler l'objet pour un auto close)
data

[(173893, "Hefty's", 1983, None),
 (86006, 'Never Say Never Again', 1983, 134),
 (86034, 'Octopussy', 1983, 131),
 (86250, 'Scarface', 1983, 170),
 (86190, 'Star Wars: Episode VI - Return of the Jedi', 1983, 131),
 (86361, 'Staying Alive', 1983, 93),
 (86383, 'Sudden Impact', 1983, 117),
 (86491, 'Twilight Zone: The Movie', 1983, 101)]

In [67]:
# SQL with params year (1) and min duration (2)
sql_movie_year_duration = """SELECT
    id,
    title,
    year,
    duration
FROM movie
WHERE 
    year = %s
    AND duration >= %s
ORDER BY title"""  

In [68]:
with conn2.cursor() as cursor:
    cursor.execute(sql_movie_year_duration, (1983, 120))
    data = list(cursor)
# cursor.close()
data

[(86006, 'Never Say Never Again', 1983, 134),
 (86034, 'Octopussy', 1983, 131),
 (86250, 'Scarface', 1983, 170),
 (86190, 'Star Wars: Episode VI - Return of the Jedi', 1983, 131)]

In [69]:
# params: year et min_duration
sql_movie_year_duration2 = """SELECT
    id,
    title,
    year,
    duration
FROM movie
WHERE 
    year = %(year)s
    AND duration >= %(min_duration)s
ORDER BY title"""  

In [70]:
with conn2.cursor() as cursor:
    cursor.execute(sql_movie_year_duration2, {'year':1984, 'min_duration': 100})
    data = list(cursor)
# cursor.close()
data

[(86927, 'Bachelor Party', 1984, 105),
 (86984, 'Body Double', 1984, 114),
 (87078, 'Conan the Destroyer', 1984, 103),
 (87363, 'Gremlins', 1984, 106),
 (87469, 'Indiana Jones and the Temple of Doom', 1984, 118),
 (87727, 'Missing in Action', 1984, 101),
 (88001, 'Rhinestone', 1984, 111),
 (88161, 'Splash', 1984, 111),
 (84750,
  'Sword of the Valiant: The Legend of Sir Gawain and the Green Knight',
  1984,
  102),
 (88247, 'The Terminator', 1984, 107),
 (88272, 'Tightrope', 1984, 114)]

In [74]:
# MAUVAISE PRATIQUE: risque attaque par injection SQL
year = '1990 OR 1=1'
min_duration = '100 OR 1=1'
sql_movie_year_duration3 = f"""SELECT
    id,
    title,
    year,
    duration
FROM movie
WHERE 
    year = {year}
    AND duration >= {min_duration}
ORDER BY title""" 
with conn2.cursor() as cursor:
    cursor.execute(sql_movie_year_duration3)
    data = list(cursor)
# cursor.close()
data

[(1542344, '127 Hours', 2010, 94),
 (2024544, '12 Years a Slave', 2013, 134),
 (103594, '1492: Conquest of Paradise', 1992, 154),
 (78723, '1941', 1979, 118),
 (289043, '28 Days Later...', 2002, 113),
 (1825784, '3 Geezers!', 2013, 81),
 (40064, '3 Godfathers', 1948, 106),
 (453562, '42', 2013, 128),
 (1975249, '6 Bullets', 2012, 115),
 (134273, '8MM', 1999, 123),
 (3224458, 'A Beautiful Day in the Neighborhood', 2019, 109),
 (92263, 'A Better Tomorrow', 1986, 95),
 (94357, 'A Better Tomorrow II', 1987, 105),
 (18710, 'A Blonde for a Night', 1928, 60),
 (75784, 'A Bridge Too Far', 1977, 175),
 (118548, 'Absolute Power', 1997, 121),
 (50099, 'Action of the Tiger', 1957, 93),
 (28554, "Adventure's End", 1937, 60),
 (60414, 'A Fine Madness', 1966, 104),
 (58461, 'A Fistful of Dollars', 1964, 99),
 (14918, "A Fool's Awakening", 1924, 60),
 (1815862, 'After Earth', 2013, 100),
 (88680, 'After Hours', 1985, 97),
 (4581576, 'Aftermath', 2017, 94),
 (109920, 'A Good Man in Africa', 1994, 94),


In [76]:
# attaque evitée => erreur soit effet nul
# with conn2.cursor() as cursor:
#     cursor.execute(sql_movie_year_duration2, {'year': '1990 OR 1=1', 'min_duration': '100 OR 1=1'})
#     data = list(cursor)
# data

## Connexion via SQLAlchemy

In [80]:
url = f'postgresql+psycopg2://{user}:{password}@{host}:{port}/{dbname}'
engine = create_engine(url)
engine

Engine(postgresql+psycopg2://movie:***@localhost:5432/dbmovie)

In [82]:
movies = pd.read_sql_table('movie', con=engine)
movies

Unnamed: 0,id,title,year,duration,synopsis,poster_uri,color,pg,director_id
0,5257,Excuse Me,1915,50.0,"Henry Mallory, U.S.A., receives orders to join...",https://m.media-amazon.com/images/M/MV5BMmVmMG...,,R,767303
1,6366,Anton the Terrible,1916,50.0,"Presumably, the first woman ever to appear in ...",https://m.media-amazon.com/images/M/MV5BMWZiZj...,,R,210352
2,8351,The Mysterious Mrs. Musslewhite,1917,50.0,"Raymond Van Seer, wealthy, has become morose a...",https://m.media-amazon.com/images/M/MV5BMTA0Nj...,,R,916665
3,8384,On the Level,1917,50.0,"Merlin Warner, a sheep rancher's only child, e...",https://m.media-amazon.com/images/M/MV5BMTE5ZT...,,R,577654
4,8642,The Sunset Trail,1917,50.0,Tomboy Bess Aiken grows up quickly when her mo...,https://m.media-amazon.com/images/M/MV5BYjk3OT...,,R,577654
...,...,...,...,...,...,...,...,...,...
1182,7763324,Amazing Stories,1986,111.0,,https://m.media-amazon.com/images/M/MV5BMGZkZj...,,R,213100
1183,7816392,The Bouncer,2018,94.0,The hero independently raises his little daugh...,https://m.media-amazon.com/images/M/MV5BNzU3Mz...,,R,2182866
1184,7903530,We Die Young,2019,92.0,,https://m.media-amazon.com/images/M/MV5BZWRjYz...,,R,1942069
1185,7959026,The Mule,2018,116.0,"Clint Eastwood stars as Earl Stone, a man who ...",https://m.media-amazon.com/images/M/MV5BMTc1OT...,,R,142


In [84]:
# params: year et min_duration
sql_movie_year_duration4 = """SELECT
    id,
    title,
    year,
    duration
FROM movie
WHERE 
    year = :year
    AND duration >= :min_duration
ORDER BY title""" 

In [93]:
params={
    'year': 1990, 
    'min_duration': 120
}
movie_selection = pd.read_sql_query(text(sql_movie_year_duration4), con=engine, params=params)
movie_selection

Unnamed: 0,id,title,year,duration
0,99077,Awakenings,1990,121
1,99426,Bullet in the Head,1990,136
2,99685,Goodfellas,1990,146
3,100404,Presumed Innocent,1990,127
4,99165,The Bonfire of the Vanities,1990,125
5,99810,The Hunt for Red October,1990,135
6,100514,The Rookie,1990,120
7,100530,The Russia House,1990,123


In [92]:
with engine.connect() as conn:
    data = list(conn.execute(text(sql_movie_year_duration4), params))
data

[(99077, 'Awakenings', 1990, 121),
 (99426, 'Bullet in the Head', 1990, 136),
 (99685, 'Goodfellas', 1990, 146),
 (100404, 'Presumed Innocent', 1990, 127),
 (99165, 'The Bonfire of the Vanities', 1990, 125),
 (99810, 'The Hunt for Red October', 1990, 135),
 (100514, 'The Rookie', 1990, 120),
 (100530, 'The Russia House', 1990, 123)]