# SQLITE3 MODULE / SQL DATABASES


The sqlite3 module in Python provides an interface to work with SQLite databases. SQLite is a lightweight, serverless, self-contained, and file-based database engine, making it easy to integrate into Python applications. The sqlite3 module allows you to create, manage, and interact with SQLite databases using SQL commands.

### 1) Constructing a Database and Tables

connect() method:<br>
The connect() method is used to establish a connection to an SQLite database. It takes the database file path as an argument and returns a connection object that allows you to interact with the database.

In [None]:
import sqlite3

# Connect to an SQLite database (creates the database if it doesn't exist)
conn = sqlite3.connect("my_database.db")

cursor() method:<br>
The cursor() method is used to create a cursor object that allows you to execute SQL commands and fetch results from the database.

In [None]:
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

close() method:<br>
The close() method is used to close the database connection and release any associated resources. The process is like what we do when working with files. When creating a database,
do not forget to close it.

In [None]:
import sqlite3
# This example is a general structrue of database processes

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# ... Perform operations ...

# Close the connection
conn.close()

execute() method:<br>
The execute() method is used to execute an SQL query or command. It takes an SQL query string as an argument and can be used to create tables, insert data, update data, and more.

In [None]:
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Execute an SQL query to create a table
cursor.execute("CREATE TABLE students (id INTEGER PRIMARY KEY, name TEXT, age INTEGER)")

 You can also create table in that way:

In [None]:
# You can also create table in that way: 
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Execute an SQL query to create a table
cursor.execute("""CREATE TABLE students (
                  id INTEGER PRIMARY KEY,
                  name TEXT,
                  age INTEGER
                  )""")

### 2) Inserting, Deleting, and Updating Data 

execute() method:<br>
The execute() method is used to execute an SQL query or command. It takes an SQL query string as an argument and can be used to create tables, insert data, update data, and more.

In [None]:
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Execute an SQL query to create a table
cursor.execute("CREATE TABLE students (id INTEGER PRIMARY KEY, name TEXT, age INTEGER)")

Here are some of the common SQL statements you can use with the execute() method:

In [None]:
# You can use the CREATE TABLE statement to create a new table in the database.
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Execute an SQL query to create a table
cursor.execute("CREATE TABLE students (id INTEGER PRIMARY KEY, name TEXT, age INTEGER)")
# You can use CREATE TABLE IF NOT EXIST command to escape from name errors. 
-------------------------------------

# You can use the INSERT INTO statement to insert data into a table.
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Execute an SQL query to insert data into the table
cursor.execute("INSERT INTO students (name, age) VALUES ('Alice', 25)")
-------------------------------------

# You can use the UPDATE statement to modify existing data in a table.
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Execute an SQL query to update data in the table
cursor.execute("UPDATE students SET age = 26 WHERE name = 'Alice'")  

# An alternative way:
age = 26
name = 'Alice'"
cursor.execute("UPDATE students SET age = ? WHERE name = ?", (age, name)) 
-------------------------------------

# You can use the DELETE FROM statement to remove data from a table.
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Execute an SQL query to delete data from the table
cursor.execute("DELETE FROM students WHERE age > 30")

# An alternative way:
age = 30
cursor.execute("DELETE FROM students WHERE age > ?", (age,))
-------------------------------------

METHODS FOR INSERTING FROM ARGUMENTS

When inserting data into a database using SQL queries, you have two common approaches: using parameterized queries with placeholders (often represented by ?), or using string formatting (such as f-strings). The choice between these two approaches depends on security, efficiency, and readability considerations.

1) String Formatting (f-strings):<br>
String formatting using f-strings can also be used to insert data into an SQL query. However, this approach is less recommended because it may expose your code to SQL injection attacks if the data is not properly sanitized. When using string formatting, you need to be cautious and ensure that the data is sanitized and properly escaped before inserting it into the query.

In [None]:
import sqlite3
# not recommended for inserting data
# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Data to be inserted
name = "Alice"
age = 25

# Not recommended (vulnerable to SQL injection)
cursor.execute(f"INSERT INTO students (name, age) VALUES ('{name}', {age})")

# Commit the changes
conn.commit()

2) Parameterized Queries with Placeholders (?):<br>
Parameterized queries use placeholders like ? in the SQL statement to represent values that will be supplied later. This approach is also known as parameter binding or prepared statements. It helps prevent SQL injection attacks and ensures proper escaping and handling of special characters in the data. Using parameterized queries is generally more secure and recommended when dealing with user inputs or external data.

In [None]:
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Data to be inserted
name = "Alice"
age = 25

# Execute an SQL query with placeholders
cursor.execute("INSERT INTO students (name, age) VALUES (?, ?)", (name, age))

# Commit the changes
conn.commit()

### 3) Pulling Data From a Database

You can use the SELECT statement to retrieve data from a table.

SELECT * FROM : selects all data<br>
SELECT arg1, arg2 FROM: selects arguments we want<br>
SELECT * FROM database WHERE condition: selects arguments under a condition

fetchall() method:<br>
The fetchall() method is used to retrieve all the rows resulting from an SQL query as a list of tuples

In [None]:
import sqlite3

# Connect to the database
conn = sqlite3.connect("my_database.db")

# Create a cursor object
cursor = conn.cursor()

# Execute an SQL query to fetch data from the table
cursor.execute("SELECT * FROM students")

# Fetch all rows
rows = cursor.fetchall()

# Print the results
for row in rows:
    print(row)

Fetch Methods:<br>

fetchall() method:<br>
The fetchall() method is used to retrieve all the rows resulting from an SQL query. It returns a list of tuples, where each tuple represents a row in the query result.

fetchone() method:<br>
The fetchone() method is used to retrieve a single row from the query result. It returns a tuple representing the first row returned by the query. If there are no more rows to fetch, it returns None.

fetchmany(size) method:<br>
The fetchmany() method is used to retrieve a specific number of rows from the query result. It takes an optional size parameter that specifies the maximum number of rows to fetch. If no size is specified, it fetches the number of rows defined by the arraysize attribute of the cursor (which is 1 by default).

A General Example

In [None]:
import sqlite3
con = sqlite3.connect('sample.db')
c = con.curser()

def creating_table(table_name):
    c.execute('CREATE TABLE IF NOT EXISTS ' + table_name + '(id INT, name TEXT, age INT)')

def insert_to_table(id, name, age, table_name):
    c.execute('INSERT INTO ' + table_name + ' VALUES(?, ?, ?)', (id, name, age))
    con.commit()

def delete_from_table(id, table_name):
    c.execute('DELETE FROM ' + table_name + ' WHERE id=?', (id,))
    con.commit()

def update_table(id, name, age, table_name):
    c.execute('UPDATE ' + table_name + ' SET name=?, age=? WHERE id=?', (name, age, id))
    con.commit()

def read_from_table(table_name):
    c.execute('SELECT * FROM ' + table_name)
    data = c.fetchall()
    for row in data:
        print(row)
        
def find_name(table_name, name):
    c.execute('SELECT * FROM ' + table_name + ' WHERE name=?', (name,))
    data = c.fetchall()
    for row in data:
        print(row)