# Learning Objectives

- [ ] 3.3.1 Determine the attributes of a database: table, record and field.
- [ ] 3.3.2 Explain the purpose of and use primary, secondary, composite and foreign keys in tables.
- [ ] 3.3.3 Explain with examples, the concept of data redundancy and data dependency.
- [ ] 3.3.4 Reduce data redundancy to third normal form (3NF).
- [ ] 3.3.5 Draw entity-relationship (ER) diagrams to show the relationship between tables.
- [ ] 3.3.6 *Understand how NoSQL database management system addresses the shortcomings of relational database management system (SQL). (NoSQL will be addressed in later chapter)
- [ ] 3.3.7 *Explain the applications of SQL and NoSQL. (NoSQL will be addressed in later chapter)
- [ ] 3.3.8 *Use a programming language to work with both SQL and NoSQL databases. (NoSQL will be addressed in later chapter)
- [ ] 3.3.9 Understand the need for privacy and integrity of data.
- [ ] 3.3.10 Describe methods to protect data.
- [ ] 3.3.11 Explain the difference between backup and archive.
- [ ] 3.3.12 Describe the need for version control and naming convention.
- [ ] 3.3.13 Explain how data in Singapore is protected under the Personal Data Protection Act to govern the collection, use and disclosure of personal data. 

# References

1. Leadbetter, C., Blackford, R., & Piper, T. (2012). Cambridge international AS and A level computing coursebook. Cambridge: Cambridge University Press.
2. https://www.sparknotes.com/cs/sorting/bubble/section1/#:~:text=The%20total%20number%20of%20comparisons,since%20no%20swaps%20were%20made.
3. https://visualgo.net/en
4. https://www.youtube.com/watch?v=o9nW0uBqvEo
5. Six-Step Relational Database Design™ by Fidel A. Captain
6. https://portswigger.net/web-security/sql-injection
7. https://xkcd.com/327/

A **database** is a collection of related data where all records have the same structure or  collection of data stored in an organised or logical manner.

# 13.1 Flat Files Database
When referred as a medium of storing data, a **flat file** is usually a plain text file or spreadsheet document, where records usually follow a uniform format, but there are no structures for indexing or recognizing relationships between records. E.g, consider a text file with the following content

>```
Name, Gender, Age
Alex, M, 25
Ben, M, 29
Cindy, F, eighteen
Damian, M, 22
Erica, F, 23
Fanny, F, don't know
Gopal, M, 29
Damian, M, 22
>```

Such approach of storing data using flat files have the following limitations:
- data isolation: different information that is to be retrieved being stored in different files
- data duplication: repeated data item. Duplication is wasteful as it costs time and money. Data has to be entered more than once, therefore it takes up user time and storage space. Duplication is also likely to lead to a loss of data integrity and inconsistent data (copies of data item which should be the same but are not.)
- data dependence: program that need to use specific data formats might have to be changed to work with data from the flat files.
- difficulty in changing applications programs.

# 13.2 Relational Database

A **table** (also called **relation** in relational database) is a two-dimensional representation of data stored in rows and columns. A table stores data about an **entity** – i.e. some “thing” about which data are stored, for example, a customer or a product.

**Relational database** is a database where data are organised in one or more tables with relationships between them, i.e. a collection of relational tables.

In each table, a complete set of data about a single item is called a **record**, i.e. it's a row in a table.

On the other hand, a column in a table is called an **field**. **Attributes** are the describing characteristics or properties that define all items pertaining to a certain category applied to all cells of a column.

<center>
<img src="images/field-record-value.png" width="600" align="center"/>
</center>

A database management system (DBMS) is a piece of software that provides the following features :
- basic database design, including tables, relationship and user queries
- a **data definition language (DDL)** that the database designer uses to define the tables of the database
- a data dictionary that includes:
    - the descriptions of tables, relationships and all design information such as indexing
    - the rules about data integrity including validation rules for all attributes.
- a **data manipulation language (DML)** called SQL:
    - for inserting, amending and deleting data records
    - backup of the database data 
- control of multi-user access to the data.

## Example 1

The following table has 5 records and 3 fields, and the attributes are `Colour`, `Price` and `Stock`.

<center>

| `Colour` | `Price` | `Stock` |
|-|-|-|
| Red | 0.50 | 30 |
| Green | 0.50 | 18 |
| Yellow | 0.80 | 43 |
| Blue | 0.90 | 66 |
| White | 0.85 | 39 |

</center>

## Example 2

Attributes can be used to describe a table. The following table has the following description:

>```
>Student (RegNo, Name, Gender, MobileNo)
>```

<center>

| RegNo | Name | Gender | MobileNo |
|-|-|-|-|
| 1 | Adam | M | 92313291 |
| 2 | Adrian | M | 92585955 |
| 3 | Agnes | F | 83324112 |
| 4 | Aisha | F | 88851896 |
| 5 | Ajay | M | 94191061 |
| 6 | Alex | M | 98671715 |
| 7 | Alice | F | 95029176 |
| 8 | Amy | F | 98640883 |
| 9 | Andrew | M | 95172444 |
| 10 | Andy | M | 95888639 |

</center>

In general, a table in a relational database can be described as:

>```
>TABLE_NAME(ATTRIBUTE_1, ATTRIBUTE_2, ATTRIBUTE_3, ATTRIBUTE_4,....)
>```

Usually, the description of the entity are used for `TABLE_NAME` as well. 

## Exercise 3

Provide the table description of the following table on number of balloons sold and in stock.

<center>

| `Colour` | `Price` | `AmountSold`| `Stock` |
|-|-|-|-|
| Red | 0.50 |40| 30 |
| Green | 0.50 |17| 18 |
| Yellow | 0.80 |57| 43 |
| Blue | 0.90 |24| 66 |
| White | 0.85 |36| 39 |

</center>

In [None]:
#YOUR_ANSWER_HERE

## 13.2.1 Properties of a table

Table in a relational database if it fulfills the following conditions:

- Values are **atomic**, i.e., for each record, each entry contains only 1 piece of information, e.g. in Example 2, a student cannot have 2 mobile phone numbers in the table.
- Columns are of the same kind
- Rows are unique, i.e no repeated rows
- The order of columns is insignificant
- Each column must have a unique name

## 13.2.2 Key Fields
When we consider a database, it is important to be able to able to identify each record in table given some information in the fields, e.g., being able to identify the name of the person given some phone number. 

A **key field**, or **key** in short, is either a column or a combination of columns in a database that uniquely identifies the specific record in question.

There are different types of keys.
- A **candidate key** is defined as a **minimal** set of fields which can uniquely identify each record in a table. A candidate key should never be NULL or empty
- A **primary key** is a candidate key that is most appropriate to become the main key for a table. It uniquely identifies each record in a table. It is a special case of the candidate key. It is used to uniquely identify a record or row in a table. In the table description, the primary key is denoted with an underline on the attribute, e.g. $$\text{Student}\left(\underline{\text{MatricNo}},\text{ Name, Gender, CivicsClass}\right)$$
- A **secondary key** is a candidate key that is not chosen as the primary key, i.e. an alternative to the primary key. A user often wants to search the database using the secondary key. However, it is up to the designer of the database which of the attributes will form the secondary key. The setting up of these secondary keys is called *indexing*. 
- A **composite key** is a combination of two or more fields in a table that can be used to uniquely identify each record in a table. Uniqueness is only guaranteed when the fields are combined.
- A **foreign key** is an attribute (field) in one table that refers to the primary key in another table, i.e. it links to a primary key in a second table and form relationships between the tables. Foreign keys is indicated by using a dashed underline (instead of overline like below. $\LaTeX$ can't handle dashed underline without packages :/ ) within our convention. E.g.,
$$\text{Student}\left(\underline{\text{MatricNo}},\text{ Name, Gender, },\overline{\text{CivicsClass}}\right)$$
$$\text{Civics}\left(\overline{\underline{\text{CivicsClass}}},\text{ CivicsTutor, Homeroom}\right)$$

## Exercise 4

Consider the following table.

<center>

| RegNo | Name | Gender | MobileNo |
|-|-|-|-|
| 1 | Adam | M | 92313291 |
| 2 | Adrian | M | 92585955 |
| 3 | Agnes | F | 83324112 |
| 4 | Aisha | F | 88851896 |
| 5 | Ajay | M | 94191061 |
| 6 | Alex | M | 98671715 |
| 7 | Alice | F | 95029176 |
| 8 | Amy | F | 98640883 |
| 9 | Andrew | M | 95172444 |
| 10 | Andy | M | 95888639 |

</center>

- What is/are the candidate key(s)?
- What is the primary key?

In [None]:
#YOUR_ANSWER_HERE

## Exercise 5

Consider the following table.

<center>

| RegNo | Name | Gender | CivicsClass |
|-|-|-|-|
| 1 | Adam | M | 18S12 |
| 2 | Adrian | M | 18S12 |
| 3 | Agnes | F | 18S12 |
| 4 | Aisha | F | 18S12 |
| 5 | Ajay | M | 18S12 |
| 6 | Alex | M | 18S12 |
| 7 | Alice | F | 18S12 |
| 8 | Amy | F | 18S12 |
| 9 | Andrew | M | 18S12 |
| 10 | Andy | M | 18S12 |
| 1 | Adam | M | 18A10 |
| 2 | bala | M | 18A10 |
| 3 | Bee Lay | F | 18A10 |
| 4 | Ben | M | 18A10 |
| 5 | Boon Kiat | M | 18A10 |
| 6 | Boon Lim | M | 18A10 |
| 7 | Charles | M | 18A10 |
| 8 | Chee Seng | M | 18A10 |
| 9 | Cher Leng | F | 18A10 |
| 10 | Choo Tuan | M | 18A10 |

</center>

- What is/are the composite key(s)?

In [None]:
#YOUR_ANSWER_HERE

## Example 6

Consider the following tables `Student` and `ClassInfo` respectively.

<center>

| RegNo | Name | Gender| CivicsClass |
|-|-|-|-|
| 1 | Adam | M | 18S12 |
| 2 | Adrian | M | 18S12 |

</center>

<center>

| CivicsClass | CivicsTutor | HomeRoom|
|-|-|-|
| 18S12 | Mr Tan | CR1 | 
| 18A10 | Ms Aishya | CR2 | 

</center>

- What is/are the primary key(s) in each table?
- What is the attribute in the table `ClassInfo` that is the foreign key in the `Student` table?

In [None]:
#YOUR_ANSWER_HERE

# 13.3 Designing Relational Database

Consider the following example of a `ORDER` table.

<center>

| Num | CustName | City | Country | ProdID | Description|
|-|-|-|-|-|-|
| 005 | Bill Jones | London | England | 1| Table
| 005 | Bill Jones | London | England | 2| Desk
| 005 | Bill Jones | London | England | 3| Chair
| 008 | Amber Arif | Lahore | Pakistan | 2| Desk|
| 008 | Amber Arif | Lahore | Pakistan | 7| Cupboard|
| 014 | M. Ali | Kathmandu | Nepal | 5| Cabinet|
| 002 | Omar Norton | Cairo | Egypt | 7| Cupboard|
| 002 | Omar Norton | Cairo | Egypt | 1| Table|
| 002 | Omar Norton | Cairo | Egypt | 2| Desk|

</center>

If we look back at Exercise 5, we see that same data being stored more than once. This repetition of entry in a database is termed **data redundancy**.

## 13.3.1 Normalisation
**Normalisation** is the process of organising the tables in a database to reduce data redundancy and prevent inconsistent data. During normalisation, a table is usually separated to two or more tables, but still linked to each other via keys. The separated tables can be of the following type:

### 13.3.1.1 First Normal Form (1NF)

For a table to be in 1NF:
- all columns must be atomic, i.e.in the database, entities (objects of interest, e.g. person, item, place) do not contain repeated groups of attributes.
- Columns would not hold a collection such as an array or another table. This means the information in each column cannot be broken down further.

We remove the repeating groups by:
- moving the some of attributes to a new table
- linking the new table to the original table with a foreign key.

### Example 7
Using the `ORDER` table as an example. The following `ORDER(1NF)` and `ORDER-PRODUCTS` is in the first normal form.
<center>

| Num | CustName | City | Country | 
|-|-|-|-|
| 005 | Bill Jones | London | England |
| 008 | Amber Arif | Lahore | Pakistan | 
| 014 | M. Ali | Kathmandu | Nepal |
| 002 | Omar Norton | Cairo | Egypt | 


</center>

<center>

| Num | ProdID | Description |
|-|-|-|
| 005 | 1 | Table | 
| 005 | 2 | Desk | 
| 005 | 3 | Chair | 
| 008 | 2 | Desk | 
| 008 | 7 | Cupboard | 
| 014 | 5 | Cabinet | 
| 002 | 1 | Table | 
| 002 | 2 | Desk | 
| 002 | 7 | Cupboard | 
|...|   |

</center>

The primary key in `ORDER(1NF)` is **Num**, while the primary key in `ORDER-PRODUCTS` is **Num and ProdID**. In other words, **Num** is a foreign key in `ORDER-PRODUCTS` table.

### Example 8

Give reason(s) why the table below is not in 1NF. Convert the tables into 1NF form.

<center>

| MatricNo | Name | Gender | CivicsClass | CivicsTutor| HomeRoom|CCAInfo
|-|-|-|-|-|-|-|
|1|Adam|M|18S12|Peter Lim|TR1| Tennis Teacher IC = Adrian Tan
|2|Adrian|M|18S12|Peter Lim|TR1| Choir Teacher IC = Adeline Wong, Student Council Teacher IC = David Leong
|3|Adam|M|18A10|Pauline Lee|TR2| Rugby Teacher IC = Andrew Quah
|4|Bala|M|18A10|Pauline Lee|TR2| Badminton Teacher IC = Lilian Lim
|6|Bee Lay|F|18A10|Pauline Lee|TR2| Choir Teacher IC = Adeline Wong, Chess Club Teacher IC = Edison Poh

</center>

In [None]:
#YOUR_ANSWER_HERE

### 13.3.1.2 Second Normal Form (2NF)

To continue with our process of normalisation, we first introduce the following definitions.

Let $x,y$ be attributes in a table. We say that attribute $y$ is **functionally dependent** on attribute $x$ (usually the primary key), if for every valid instance of $x$, the value of $x$ **uniquely determines** the value of $y$ ($x \rightarrow y$). 

Let $y$ be an attribute and $S$ be a set of attributes of a table. $y$ is **fully dependent** on $S$ if all the attributes in $S$ are required to **uniquely determine** the value of $y$. If not all the attributes are required, we say that $y$ is **partially dependent** on $S$.

### Example 9
In the `ORDER(1NF)` table,
- $\text{Num}\rightarrow \text{CustName}$
- $\text{City}\rightarrow \text{Country}$.

In `ORDER-PRODUCTS` table, $\text{Description}$ is *partially dependent* on the primary key $(\text{Num},\text{ProdID})$.

For a table to be in 2NF:
- it has to be in 1NF
- every non-key attribute must be **fully** dependent on **all** of the primary key. This means no attribute can depend on part of the primary key only

We remove the partial dependencies by:
- moving the partially dependent attribute to a new table
- linking the new table to the table with a foreign key.

### Example 10
From the definitions above, `ORDER-PRODUCTS` table is not 2NF. To make it 2NF, we move the attribute $\text{Description}$ to a new table to get the following tables `ORDER-PRODUCTS(2NF)` and `PRODUCT`. Furthermore, $\text{ProdID}$ is a foreign key in the `Product` table.

<center>

| Num | ProdID | 
|-|-|
| 005 | 1 | 
| 005 | 2 | 
| 005 | 3 | 
| 008 | 2 | 
| 008 | 7 | 
| 014 | 5 | 
| 002 | 1 | 
| 002 | 2 | 
| 002 | 7 | 
|...|   |

</center>

<center>

| ProdID | Description |
|-|-|
| 1 | Table | 
| 2 | Desk | 
| 3 | Chair | 
| 5 | Cabinet | 
| 7 | Cupboard | 
|...|   |

</center>

### Exercise 11

Reduce the following table into 2NF tables. You may use answer from the 1NF table in earlier exercise.

<center>

| MatricNo | Name | Gender | CivicsClass | CivicsTutor| HomeRoom|CCAInfo
|-|-|-|-|-|-|-|
|1|Adam|M|18S12|Peter Lim|TR1| Tennis Teacher IC = Adrian Tan
|2|Adrian|M|18S12|Peter Lim|TR1| Choir Teacher IC = Adeline Wong, Student Council Teacher IC = David Leong
|3|Adam|M|18A10|Pauline Lee|TR2| Rugby Teacher IC = Andrew Quah
|4|Bala|M|18A10|Pauline Lee|TR2| Badminton Teacher IC = Lilian Lim
|6|Bee Lay|F|18A10|Pauline Lee|TR2| Choir Teacher IC = Adeline Wong, Chess Club Teacher IC = Edison Poh

</center>


In [None]:
#YOUR_ANSWER_HERE

### 13.3.1.3 Third Normal Form (3NF)

For the last form, we will introduce yet another definition.

Let $x,y,z$ be attributes in a table. A functional dependency $x\rightarrow z$ is said to be **transitive** if there exists an attribute $y$ such that $x\rightarrow y$ and $y\rightarrow z$. 

Note that $x\rightarrow y$ **does not** necessarily implies the converse  $y \rightarrow x$.

For a table to be in 3NF:
- it has to be in 2NF
- The table should not have transitive dependencies between the non-key attributes.

#### Example 14
 Consider the `ORDER(1NF)` table.
 
 <center>

| Num | CustName | City | Country | 
|-|-|-|-|
| 005 | Bill Jones | London | England |
| 008 | Amber Arif | Lahore | Pakistan | 
| 014 | M. Ali | Kathmandu | Nepal |
| 002 | Omar Norton | Cairo | Egypt | 

</center>

Note that the table is in 2NF but not in 3NF as the attribute City determines the attribute Country, so we have two non-key attributes which are dependent. 

To make it 3NF, we break the table down further into the following tables `ORDER(3NF)` and `CITY-COUNTRIES`.

<center>

| Num | CustName | City | 
|-|-|-|
| 005 | Bill Jones | London | 
| 008 | Amber Arif | Lahore | 
| 014 | M. Ali | Kathmandu | 
| 002 | Omar Norton | Cairo | 
|...|||

</center>

<center>

| City | Country | 
|-|-|
| London | England |
| Lahore | Pakistan | 
| Kathmandu | Nepal |
| Cairo | Egypt | 
|...|

</center>

To summarize, during the normalization process we end up with more tables, but each table is small enough to enable us to retrieve the information that we want and by that, we avoid data redundancy.

### Exercise 14

Reduce the following table into 3NF tables. You may use answer from the 2NF tables in earlier exercise.

<center>

| MatricNo | Name | Gender | CivicsClass | CivicsTutor| HomeRoom|CCAInfo
|-|-|-|-|-|-|-|
|1|Adam|M|18S12|Peter Lim|TR1| Tennis Teacher IC = Adrian Tan
|2|Adrian|M|18S12|Peter Lim|TR1| Choir Teacher IC = Adeline Wong, Student Council Teacher IC = David Leong
|3|Adam|M|18A10|Pauline Lee|TR2| Rugby Teacher IC = Andrew Quah
|4|Bala|M|18A10|Pauline Lee|TR2| Badminton Teacher IC = Lilian Lim
|6|Bee Lay|F|18A10|Pauline Lee|TR2| Choir Teacher IC = Adeline Wong, Chess Club Teacher IC = Edison Poh

</center>


In [1]:
#YOUR_CODE_HERE

# 13.4 Entity-Relationship Diagram

Recall that entities are objects of which data are stored in the database. To illustrate the relationship between entities, an **entity–relationship diagram (E–R diagram)** can be used. 

In an E-R diagram, 
- entities are represented as rectangles, e.g the diagram below represent the entity customer
    <center>
    <img src="images/database-entity.png" height="100" align="center"/>
    </center>
- relationships, which are the between two entities, are represented therefore by specific lines connecting the rectangles. There are 3 types of relationships
    - **one to one** : when a single instance of an entity is associated with a single instance of another entity, e.g. a person (legally) has only one NRIC number. Represented by a line with single ends between the entities.
    <center>
    <img src="images/database-one-to-one.png" height="100" align="center"/>
    </center>
    
    - **one to many** : When a single instance of an entity is associated with more than one instances of another entity, e.g. many students study in a school but a student cannot be under multiple school at the same time. Represented by a line with a single end on the entity with a single instance and a "crow's feet" on the entity having multiple instances. 
    <center>
    <img src="images/database-one-to-many.png" height="100" align="center"/>
    </center>
    
    - **many to many** : when more than one instances of an entity is associated with more than one instances of another entity, e.g. a student can be assigned to many projects and a project can be assigned to many students. Represented by a line with "crow's feet" on both ends.
    <center>
    <img src="images/database-many-to-many.png" height="100" align="center"/>
    </center>

#### Example 15

A small library wants to keep track of its <u>collections</u> (e.g., fiction, non-fiction, journals, etc.), the <u>items</u> in those collections, the physical <u>location</u> in the library of these collections, the <u>members</u> of the library and the <u>items</u> they borrow from the various collections.
- A collection must contain at least one item
- An item must be contained in one collection
- A collection must be housed in one location
- A location can house at least one collection
- A member can borrow at least one item
- An item can be borrowed by at least one member

<center>
<img src="images/database-library-example.png" height="100" align="center"/>
</center>

# 13.5 Advantages of Relational Database Over Flat Files

There are two main areas where using relational database is more advantegous over flat files.
## 13.5.1 Data Storage

<center>

| Flat Files | Relational Database | 
|-|-|
| Data are stored in a number of files. | Data are contained in a single software application – the relational database or DBMS software. |
| Data are highly likely to be duplicated and may become inconsistent – it can never be certain that all copies of a piece of data have been updated. | Duplication of data is minimised and so the chance of data inconsistency is reduced. As long as there is a link to the table storing the data, they can always be accessed via the link rather than repeating the data. Good database design avoids data duplication. | 
| Because of data duplication, the volume of data stored is large. | Because data duplication is minimised, the volume of data is reduced, leading to faster searching and sorting of data.

</center>

## 13.5.2 Program-data independence

<center>

| Flat Files | Relational Database | 
|-|-|
| When data structures need to be altered, the software must be re-written. | Data structures remain the same even when the tables are altered. Existing programs do not need to be altered when a table design is changed.|
| Views of the data are governed by the different files used to control the data and produced by individual departments. All views of the data have to be programmed and this is very time-consuming. |  Queries and reports can be set up with simple “point and click” features or using the data manipulation language. A novice user can write queries quickly. |
</center>


# 13.6 SQLite Database

**Structured Query Language** (SQL) is a standard computer language for the operation and management of relational databases. It is a language used to query, insert, update and modify data.

There are many variants of SQL Engines, e.g. MySQL, Microsoft SQL, SQLite, PostgreSQL etc. However, for your syllabus, you are required to be able to work with **SQLite Databases**.

Each value stored in an SQLite database (or manipulated by the database engine) has one of the following storage classes:
- `NULL`: The value is a NULL value.
- `INTEGER`: used for a signed integer, stored in 1, 2, 3, 4, 6, or 8 bytes depending on the magnitude of the value.
- `REAL`: used for a floating point value, stored as an 8-byte IEEE floating point number.
- `TEXT`: used for a text string, stored using the database encoding (UTF-8, UTF-16BE or UTF-16LE).
- `BLOB`: used for large binary data, such as images or multimedia in a database.

For the most part, "storage class" is indistinguishable from "datatype" and the two terms can be used interchangeably.

SQLite supports the concept of type affinity on columns/fields. Type affinity refers to the preferred data type stored in a column. This means that you can store any type of data in a column with the recommended types, but they are not enforced.

Each column in a SQLite table is assigned one of the following type affinities:
- `INTEGER` 
- `TEXT` 
- `REAL` 
- `BLOB` 
- `NUMERIC` : A column with `NUMERIC` affinity may contain values using all five storage classes mentioned previously. TLDR, it tries to accomodate the values entered, make a guess on its type when the value is stored in the database.

To work with databases, it is imperative to get familiar with CRUD operations,
- <u>C</u>reate
- <u>R</u>ead(Retrieve)
- <u>U</u>pdate(Modify)
- <u>D</u>elete(Destroy)

## 13.6.1 DBBrowser for SQLite
[DB Browser for SQLite(DB4S)](https://sqlitebrowser.org/) is a simple and easy to use Graphical User Interface (GUI) - based software for the creation and editing of database files compatible with SQLite. It abstracts and hides the details of complex SQL commands while providing an easy to user interface for performing the same database operations.

In DB4S, when we create tables, we can set **constraints**. Constraints are the rules enforced on data columns or table. These are used to limit the type of data that can go into a column or table. This ensures the accuracy and reliability of the data in the database. Constraints could be at a column level or table level. Column level constraints are applied only to one column, whereas table level constraints are applied to the whole table.

The common constraints we will see is:
- `NN` : Stands for **NOT NULL**. Ensures that a column cannot have NULL value.
- `PK` : Sets a **PRIMARY KEY** constraint such that it uniquely identifies each row/record in a table.
- `AI` : Stands for **AUTOINCREMENT**. Automatically increments the value of the attribute for each new record. Works for integer values only.
- `FOREIGN KEY` : Sets a **FOREIGN KEY** constraint where a column of a table can reference a column from another table or within the same table.

We will illustrate how we can do the CRUD operations in DB4S. 

### Example 16

A library contains books that can be on loan to borrowers where:
- A borrower can take one or many loans.
- Each loan record belongs to only one borrower.
- A book can be loaned many times.
- A publisher publishes one or many books.
- A book can be published by zero or one publisher.

So, the ER diagram looks like

<center>
<img src="images/database-library-exercise.png" height="200" align="center"/>
</center>

### 13.6.1.1 Creating Database with DBBrowser
1.	Create a folder called `DBTASK`. You will save all your files inside this folder.
2.	Open `DBBrowser for SQLite`.
3.	Click `File`, then `New Database`.
4.	Save and name your database file as `library`. The default extension is `.db`. Note: other database file extensions are `sqlite/sqlite3/db3`
5.	Create a table called `Borrower` with the fields and constraints listed above.
    <center>

    | Column Name | Type | 
    |-|-|
    | `ID` | `INTEGER` | 
    | `FirstName` | `TEXT` | 
    | `Surname` | `TEXT` | 
    | `Contact` | `TEXT` |

    </center>
    
    - `ID` is the **PRIMARY KEY** (`PK`) of the Borrower table.This means that ID is used to identify a Borrower.
    - The value of `ID` should be **AUTOINCREMENT** (`AI`). This means that the ID value increases automatically with each new record inserted.
    - All fields are **NOT NULL** (`NN`). Each field cannot be empty.
6.	Click `Write Changes` or `CTRL+S` to save changes to the database.

<center>
<img src="images/database_create.gif" width="1080" align="center"/>
</center>



### 13.6.1.2 Inserting Records [<u>C</u>reate]
1. Under the `Browse Data` tab, click `New Record`.
2. Click on the `FirstName` cell of the first record.
    <center>

    **Borrower**
    | `ID` | `FirstName` | `Surname` | `Contact`| 
    |-|-|-|-|
    | 1 | Peter | Tan | 999 |
    
    </center>

3. Under `Edit Database Cell`, type the value for `FirstName`. Click `Apply`.
    <center>
    <img src="images/database_insert.gif" width="1080" align="center"/>
    </center>

4. Repeat the above two steps for `Surname` and `Contact`. If the record has been entered correctly, you should see the following in the table:
5. Click `New Record` to enter values for the next few records.
    <center>

    **Borrower**
    | `ID` | `FirstName` | `Surname` | `Contact`| 
    |-|-|-|-|
    | 1 | Peter | Tan | 999 |
    | 2 | Sarah | Lee | 8111123 |
    | 3 | Kumara | Ravi | 94456677 |
    | 4 | Some | User | 11111111 |
    
    </center>

6.	Write changes to the database.


### 13.6.1.3 Updating Records [<u>U</u>pdate]
The contact number of one of the borrowers, Peter Tan, is incorrect. You will update values in the Borrower table using Edit Database Cell in DB Browser for SQLite.

1. Click on the `Contact` cell of the first record.
2. Under `Edit Database Cell` , update the value to `99299345`.
3. Click `Apply`.


## 13.6.1.4 Deleting Records [<u>D</u>elete]
One of the records in the `Borrower` table is redundant, hence remove it.

1.	Select record 4.
2.	Click `Delete Record`.
3.	Write changes to the database.
4.	Now add another record for `Borrower`. Type in `ID`, `FirstName`, `Surname` and `Contact` of your choice.
5.	Click `Revert Changes`.
    <center>
    <img src="images/database_delete.gif" width="1080" align="center"/>
    </center>
6. Write changes to the database.


### Exercise 17 Creating More Tables [<u>C</u>REATE, <u>I</u>NSERT]

1.	Using DB4S, create the `Publisher` table with the following types and constraints.
    <center>
    
    **Publisher**
    | Column Name | Type | 
    |-|-|
    | `ID` | `INTEGER` | 
    | `Name` | `TEXT` | 

    </center>

    >Table Constraints:
    >- `ID` is the **PRIMARY KEY** of the `Publisher` table
    >- The value of `ID` should be **AUTOINCREMENT**
    >- All fields are **NOT NULL**
    >
    ><br>
2. Insert the following records into the `Publisher` table.
    <center>
    
    | `ID` | `Name` | 
    |-|-|
    | 1 | NPH | 
    | 2 | Unpop | 
    | 3 | Appleson | 
    | 4 | Squirrel | 
    | 5 | Yellow Flame | 

    </center>
3. If you have successfully created the `Publisher` table, you can view it under the `Browse Data` tab.
4. Create the `Book` table with the following types and constraints.
    <center>
    
    **Book**
    | Column Name | Type | 
    |-|-|
    | `ID` | `INTEGER` | 
    | `Title` | `TEXT` | 
    | `PublisherID` | `INTEGER` | 
    | `Damaged` | `INTEGER` | 

    </center>

    Table Constraints:
    - `ID` is the **PRIMARY KEY** of the `Book` table
    - The value of `ID` should NOT be set to **AUTOINCREMENT**
    - `ID`, `Title` and `Damaged` fields are NOT NULL. `Damaged` is an attribute that tracks the condition of the book. A value of `0` means that the book is not damaged, while a value of `1` means that the book is damaged.
    - `PublisherID` is a FOREIGN KEY (`FK`) to `ID` in the `Publisher` table.
    >
    >**Note**: 
    >The `Publisher` table has to be created before the `Book` table because of the foreign key reference to ID in the `Publisher` table.
    ><br>
    >**Rule**: 
    >Tables with foreign keys have to be created after the referenced tables are created.
    >
    
    <center>
    <img src="images/database_create_more.gif" width="1080" align="center"/>
    </center>
5. Insert records to `Book` table as follows:
        <center>
    
    | `ID` | `Title` | `PublisherID`| `Damaged`| 
    |-|-|-|-|
    | 1 | The Lone Gatsby|5|0
    | 2 | A Winter’s Slumber|4|1
    | 3 | Life of Pie|4|0
    | 4 | A Brief History Of Primates|3|0
    | 5 | To Praise a Mocking Bird|2|0
    | 6 | The Catcher in the Eye|1|1
    | 123 | H2 Computing Ten Year Series|`NULL`|0

    </center>
6.	Write changes to the database.


### 13.6.1.5 Creating Table Using Import [<u>C</u>REATE, <u>I</u>NSERT]

### Exercise 18 
You will now create the `Loan` table by importing a text file into the library database. The types and constraints are described below.

<center>

**Loan**
| Column Name | Type | 
|-|-|
| `ID` | `INTEGER` | 
| `BorrowerID` | `INTEGER` | 
| `BookID` | `INTEGER` | 
| `DateBorrowed` | `TEXT` | 
</center>

1. Create the Loan `table` using the Import feature. This feature also allows importing of `.TXT` and `.CSV` files.
2. Select `Loan.txt`.
3. Click `Open`.
4. Tick the option `Column names in first line`.
5. Click `OK`.
    <center>
    <img src="images/database_import.gif" width="1080" align="center"/>
    </center>
6. Click `Modify Table`.
7. Edit the types according to the description above.
    >The types for every column in the table are defaulted to `TEXT` during an import. Hence it is important that you check on the types after an import.
8. Tick the constraints as according to below.
    
    >Table Constraints:
    >- `ID` is the **PRIMARY KEY** of the `Loan` table
    >- The value of `ID` should be **AUTOINCREMENT**
    >- `ID`, `BorrowerID` and `BookID` fields are **NOT NULL**
    >For `BorrowerID` and `BookID` of the `Loan` table, identify the **FOREIGN KEY** constraints.
    >- `BorrowerID` is a FOREIGN KEY to ___________ in the ___________ table
    >- `BookID` is a FOREIGN KEY to ____________ in the ____________ table.
    >
    > <br>
9.	To create the foreign key for `BorrowerID`, highlight the `BorrowerID` attribute. Type `Borrower(ID)` under Foreign Key column. This creates a foreign key reference to ID in the Borrower table.
10. Repeat the above step for `BookID` to create the foreign key reference.
11.	View the `Loan` table from `Browse Data` tab. You should see the following data:
        <center>
    
    | `ID` | `BorrowerID` | `BookID`| `DateBorrowed`| 
    |-|-|-|-|
    | 1 | 3	|2|	20180220
    | 2 |3	|1|	20171215
    | 3 | 2	|3|	20171231
    | 4 | 1|	5|	20180111
    </center>
12.	Write changes to the database.


## 13.6.2 SQLite Statements 

To enter SQL into DB Browser, after loading the database, switch from `Database Structure` tab to the `Execute SQL` tab. There is a text area for you to type in your SQL commands. For the following section, we will be using the `library.db` we created previously.

### 13.6.2.1 SELECT
The `SELECT` statement allows the user to retrieve data from the database.

To select all fields, use `*`.

For example, typing 
>```
>SELECT * FROM Book 
>```
and clicking the play button will give you details of all the books in library. 
Conditions may be added using `WHERE` statement. 

In general, to select fields from a table, we use the following pattern.
>```
>SELECT <field_name> FROM <table_name> WHERE <condition> 
>```

### Example 19
- The following statement will return all the damaged books.
    >```
    >
    >SELECT * FROM Book WHERE Damaged = 1
    >
    >```
- You can also find `NULL` values, for example books with no publishers (no value on the `PublisherID` field), using the `IS` operator.
    >```
    >
    >SELECT * FROM Book WHERE PublisherID IS NULL
    >
    >```    
- You can also search for terms which are not `NULL`, for example:
    >```
    >
    >SELECT * FROM Book WHERE PublisherID IS NOT NULL
    >
    >```    
    This statement returns all records where there is a publisher.
- You can insert more than one condition using `AND` and `OR` binary operators. For example, 
    >```
    >
    >SELECT * FROM Book WHERE Title = 'Life of Pie' AND Damaged = 0
    >
    >```    
    This statement returns the books with Title ‘Life of Pie’ and are not damaged.
- In the case that we only require the title of the book, we include the fields you want in the `SELECT` statement. For example,
    >```
    >
    >SELECT Title FROM Book
    >
    >```    

You can execute multiple SQL statements, but each statement must end with a colon `;`, e.g.
>```
> SELECT * FROM Loan;
> SELECT * FROM Book;
>```

### Exercise 20
1.	Which of the following SQL statements show all data inside the Publisher table?
    
    - `SELECT all FROM Publisher`
    - `SELECT * FROM Publisher`
    - `SELECT ID, Title FROM Publisher`
    - `SELECT ID, Title, PublisherID, Damaged FROM Publisher`

2.	Write down the SQL statement to show all the Names of the publishers inside the Publisher table.

3.	What does the following SQL statement do?
    >```
    >
    >SELECT Title FROM Book WHERE PublisherID=1 AND Damaged=0
    >
    >```

4.	Write down the SQL statement to show all the Titles of the books which have PublisherID 1 or 2.

In [None]:
#YOUR_ANSWER_HERE

SQL supports ordering when we retrieve the data. 
- To list all loans, we use the SQL statement 
    >```
    >
    >SELECT * FROM Loan
    >
    >```
- Suppose we want to list the all the loans but ordered by the `BookID` (in ascending order), we use the SQL keywords `ORDER BY`. Note: you can add `ASC` at the end, but it's not necessary.
    >```
    >
    >SELECT * FROM Loan ORDER BY BookID 
    >
    >```
- On the other hand, if we want to order by descending order instead, we use the SQL keywords `ORDER BY` and `DESC`
    >```
    >
    >SELECT * FROM Loan ORDER BY BookID DESC
    >
    >```
- To find the total number of loans, we use the function `COUNT`, the SQL statement is
    >```
    >
    >SELECT COUNT(*) FROM Loan 
    >
    >```

### Exercise 21
Write down the SQL statement to select all the records in `Loan` table arranged in ascending order of `BookID` with `BorrowerID = 1`.


In [None]:
#YOUR_ANSWER_HERE

### 13.6.2.2 JOIN
Suppose that we want to look at the titles of the book and its publisher from the tables in `library.db`, we can use the `INNER JOIN` clause in SQLite.
>```
>
>SELECT * FROM Book
>INNER JOIN Publisher
>ON Book.PublisherID = Publisher.ID
>
>```
Note the join condition `Book.PublisherID = Publisher.ID`. We are specifying the condition that the values in the `PublisherID` field of the table `Book` has to be same as the values in the `ID` field of the `Publisher` table.

The results include all books who have publishers.
The title ‘H2 Computing Ten Year Series’ is not included as it has no publisher.

Notice that there are two columns of `ID`. The first `ID` column is from `Book` table, while the second `ID` column is from the `Publisher` table.

Inner join selects all records from Table A and Table B which meet the join condition.
Left outer join selects all records from Table A, along with records from Table B which meet the join condition.
In general, the pattern to use `INNER JOIN` is

>```
>
>SELECT * FROM <Table_A>
>INNER JOIN <Table_B>
>ON <Table_A>.<Field_A> = <Table_B>.<Field_B>
>
>```

Suppose further that we want to also include book titles without publishers as well, we use `LEFT OUTER JOIN` clause in this case. 
>```
>
>SELECT * FROM Book
>LEFT OUTER JOIN Publisher
>ON Book.PublisherID = Publisher.ID
>
>```

Unlike inner join, where the records from table A and table B must **both** meet the join condition, left outer join selects all records from Table A and then find the records in Table B which meet the join condition.

Similar to `INNER JOIN`, the pattern to use `LEFT OUTER JOIN` is
>```
>
>SELECT * FROM <Table_A>
>LEFT OUTER JOIN <Table_B>
>ON <Table_A>.<Field_A> = <Table_B>.<Field_B>
>
>```

The orange region in the following diagram gives a pictorial representation of the different records obtained from using `INNER JOIN` and `LEFT OUTER JOIN` clauses respectively.

<center>
<img src="images/database_joins.png" width="500" align="center"/>
</center>

Another way to get similar results from using `INNER JOIN` is to use the `CROSS JOIN`. Cross join returns the Cartesian product of rows from the tables in the join. It combines each row in the first table with each row in the second table, i.e. if table A has $m$ records and table B has $n$ records, cross joining the two tables will give $m\times n$ records. This make this approach inefficient for most purposes. The SQL statement in this case is
>```
>
>SELECT * FROM Book, Publisher
>WHERE Book.PublisherID = Publisher.ID
>
>```

### Exercise 22
Write down the SQL statement to find all the books that are not damaged together with their publishers.

In [None]:
#YOUR_ANSWER_HERE

### 13.6.2.3 UPDATE
The `UPDATE` command allows the editing of data values in a database. One or more records may be updated at the same time.

For example, the 
>```
>
>UPDATE Book SET Title = 'Book: ' || Title
>
>```

will update the values of `Title` in the `Book` table such that each book title now start with ‘Book: ’. Note the use of `||` for string concatenation (adding of two strings). 

Consider another example. All the books borrowed by Kumara (`BorrowerID = 3`) should have been borrowed by Sarah (`BorrowerID = 2`). Then, the following SQL statement can be carried out to update the Loan table.
>```
>
>UPDATE Loan SET BorrowerID = 2 WHERE BorrowerID = 3
>
>```

In general, the pattern to use `UPDATE` command is

>```
>
>UPDATE <Table_Name> SET <Condition>
>
>```

### Exercise 23
All the books borrowed by Sarah (`BorrowerID=2`) should have been borrowed by Kumara (`BorrowerID=3`). Write down the SQL statement to update the `Loan` table.

In [None]:
#YOUR_ANSWER_HERE

### 13.6.2.4 INSERT INTO
The `INSERT INTO` command is used to insert a new record in a table.

For example, to insert a new publisher to the `Publisher` table, we can use the following SQL:
>```
>
>INSERT INTO Publisher(Name) VALUES ('BigBooks')
>
>```

This will insert the publisher ‘BigBooks’ from the Publisher table.

In general, the pattern to use `UPDATE` is

>```
>
>INSERT INTO <Table_Name>(Field_Names) VALUES (<Values>)
>
>```

Note that the pattern above allows us to insert record with multiple fields as well.

### 13.6.2.5 DELETE
The `DELETE` command is used to delete existing records in a table.

For example,
>```
>
>DELETE FROM Books WHERE Title = 'Life of Pie'
>
>```

This will delete the book ‘Life of Pie’ from the Books table.

In general, the pattern to use `DELETE` is

>```
>
>DELETE FROM <Table_Name> WHERE <Condition>
>
>```

Please note that the text is case-sensitive, which means that the following 2 SQL statements are different.
>```
>
>DELETE FROM Books WHERE Title = 'Life of Pie'
>DELETE FROM Book WHERE Title =  'Life of pie'
>
>```

Be careful when using the `DELETE` statement. For example, the following SQL statement
>```
>
>DELETE FROM Loan
>
>```
will delete all entries from the `Loan` table!

### Exercise 23
Which of the following SQL statements are valid?
- `DELETE FROM Book WHERE Title = 'H2 Computing Ten Year Series'`
- `DELETE FROM Book WHERE Title = *`
- `DELETE FROM Book WHERE`
- `DELETE FROM Book`

In [None]:
#YOUR_ANSWER_HERE

### 13.6.2.6 CREATE TABLE
The `CREATE TABLE` command allows you to a table. You can see the SQL code for the various tables under `Database Structure` in DB Browser.

For example, to create the Borrower table, you can key in:
>```
>
>CREATE TABLE 'Borrower' (
>	'ID'		 INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
>	'FirstName'	 TEXT NOT NULL,
>	'Surname'	 TEXT NOT NULL,
>	'Contact'	 INTEGER NOT NULL
>)
>
>```


Let’s look at the SQL statement carefully.
- `INTEGER` and `TEXT` are data types, 
- `ID`, `FirstName`, `Surname` and `Contact` are field names. The `ID` field is the primary key of the table `Borrower`, while **AUTOINCREMENT** means the `ID` value is automatically given by the database. **NOT NULL** means that the fields do not accept `NULL` values.

Thus, the syntax for creating tables in SQL is
>```
>
>CREATE TABLE table_name(
>	column1_name COLUMN1_TYPE COLUMN1_CONSTRAINTS,
>	column2_name COLUMN2_TYPE COLUMN2_CONSTRAINTS,
>	…
>	PRIMARY KEY (column1_name, column2_name,…),
>	FOREIGN KEY (column_name) REFERENCES table_name(column_name)
>)
>
>```


Also, note that there is an additional table `sqlite_sequence` above. It is generated automatically when you have an **AUTOINCREMENT** field and used by SQLite to keep track of the next number to give for tables with **AUTOINCREMENT**.

Let us look at the `Book` table next. The SQL code to create the table is:
>```
>
>CREATE TABLE 'Book' (
>	'ID' INTEGER NOT NULL,
>	'Title' TEXT NOT NULL,
>	'PublisherID' INTEGER,
>	'Damaged'	INTEGER NOT NULL,
>	FOREIGN KEY('PublisherID') REFERENCES 'Publisher'('ID'),
>	PRIMARY KEY('ID')
>)
>
>```

Notice the line starting with FOREIGN KEY. It defines the foreign key, which is the field linking to the primary key of another table. For this example, it is linking the `PublisherID` field in the `Book` table to the `ID` field in the `Publisher` table.

### Exercise 24
Key in SQL statement to create a table `Testing` with fields `name`, `tag_no` and `remarks`. The fields `name` and `remarks` should accept `text`, while `tag_no` is an integer automatically incremented. The primary key is `tag_no`. `Name` field should not be NULL.

In [None]:
#YOUR_ANSWER_HERE

### 13.6.2.7 DROP TABLE
The `DROP TABLE` command deletes the entire table.
For example, to remove the `Loan` table, you can key in:
>```
>
>DROP TABLE Loan
>
>```

In general, the pattern to use `DROP` is

>```
>
>DROP TABLE <Table_Name>
>
>```

Note that there is a difference between `DELETE FROM` and `DROP TABLE` commands. With `DELETE FROM`, you delete all entries from the table, but the table remains there. With `DROP TABLE`, the table will be removed. You cannot insert any entries into the table anymore.

### Exercise 25
Try keying `DROP TABLE Publisher` to remove the table containing the publishers. Is it possible? Why?

In [None]:
#YOUR_ANSWER_HERE

### 13.6.2.7 Operators

You have seen some operators being used in the examples earlier. These operators are often used in `SELECT` statements, but can be used in other statements (like the `UPDATE` statement example shown earlier). The following are comparison operators, logical operators and arithmetic operators that you need to know.

#### 13.6.2.7.1 Comparison Operators

<center>
    
| Comparison Operator | Description | 
|-|-|
| `=` | Checks if the values of two operands are equal or not, if yes then the condition becomes true.|
| `!=`|	Checks if the values of two operands are equal or not, if the values are not equal, then the condition becomes true.|
|`<>`	|Checks if the values of two operands are equal or not, if the values are not equal, then the condition becomes true.|
|`>`	|Checks if the values of the left operand is greater than the value of the right operand, if yes then the condition becomes true.|
|`<`|Checks if the values of the left operand is less than the value of the right operand, if yes then the condition becomes true.|
|`>=`	|Checks if the value of the left operand is greater than or equal to the value of the right operand, if yes then the condition becomes true.|
|`<=`	|Checks if the value of the left operand is less than or equal to the value of the right operand, if yes then the condition becomes true.|
|`>=`	|Checks if the value of the left operand is less than or equal to the value of the right operand, if yes then the condition becomes true.|

</center>

#### 13.6.2.7.2 Logical Operators
<center>
    
| Logical Operator | Description | 
|-|-|
|`AND`|	The `AND` operator allows the existence of multiple conditions in an SQL statement's `WHERE` clause. |
|`OR`| 	The `OR` operator is used to combine multiple conditions in an SQL statement's `WHERE` clause. |
|`IS`|	The value exists. For example, `IS NULL` looks for `NULL` values. |
|`IS NOT`|	The value does not exist. | 
| $\|\|$|	String concatenation |

</center>


#### 13.6.2.7.3 Arithmetic Operators
<center>
    
| Arithmetic Operator| Name | Description | 
|-|-|-|
|`+`|	Addition|	Adds values on either side of the operator|
|`-`|	Subtraction|	Subtracts the right-hand operand from the left-hand operand|
|`*`|	Multiplication|	Multiplies values on either side of the operator|
|`/`|	Division|	Divides the left-hand operand by the right-hand operand|
|`%`|	Modulus|	Divides the left-hand operand by the right-hand operand and returns the remainder|

</center>

#### 13.6.2.7.4 Functions
Aggregate functions help to count / calculate results from the database.
<center>
    
| Function | Description | 
|-|-|
|`MIN`|	Minimum value|
|`MAX`|	Maximum value|
|`SUM`|	Sum of all values|
|`COUNT`|	Number of values|

</center>

# 13.8 Working with SQLite Databases with Python

Python comes with `sqlite3` module which allows working with SQLite databases with Python.

The important methods to use here are:
- `sqlite3.connect()` to open or create a SQLite file,
- `sqlite3.Connection.execute()` to run SQL,
- `sqlite3.Cursor.fetchone()` and `sqlite3.Cursor.fetchall()` to retrieve rows,
- `sqlite3.Connection.row_factory` to `sqlite3.Row` in order to simplify the reading of values from retrieved database rows,
- `sqlite3.Connection.commit()` to save changes,
- `sqlite3.Connection.rollback()` to discard changes, 
- `sqlite3.Connection.close()` to close SQLite files.

## 13.8.1 Connecting to SQLite database with `sqlite3` 
Roughly speaking, to work with the database,
1. We first **establish connection** to the database with `connect()` method
2. Execute some SQL statements, with `execute()` method
3. **Save** the changes we made to the database with the `commit()` method 
3. **Close** the database `close()` method. This is similar to how we handle file I/O earlier.

### Example 26

The code below illustrates the process of connecting and closing the database. 


In [None]:
import sqlite3

#Create Connection object called `connection` that opens library_copy.db database under the folder resources
connection=sqlite3.connect('./resources/library_copy.db')

#Do something with the connection

#Close the connection
connection.close()

# 13.8.2 CRUD operations with `sqlite3` 
Recall the important operations (CRUD) that we need to be able to do with databases. To do that within python, we just need to pass in the SQL statements as a string into the `execute()` method. Note: `execute()` method is a nonstandard way to create a `Cursor` object, but for the sake of simplicity, we will stick with it.

### Exercise 27 [`INSERT`, `DELETE`, `UPDATE`]
1. Try out the following code and check the database again with DB4S. 
    - What changes do you expect from executing the code?
    - What do you observe about the database? 

In [1]:
import sqlite3

connection = sqlite3.connect("./resources/library_copy.db")

connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('Alex', 'Ong', 98765432)")

#Sometimes it can be clearer if you split your SQL statements into multiple lines and you can use `\` in python for this purpose
connection.execute( "UPDATE Borrower SET Surname = 'Lim' " +\
                    "WHERE FirstName = 'Alex'")
connection.close()

In [None]:
#YOUR_ANSWER_HERE

2. Try the following code and check the database again. What do you observe?

In [None]:
import sqlite3

connection = sqlite3.connect("./resources/library_copy.db")

connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('Alex', 'Ong', 98765432)")
connection.execute( "UPDATE Borrower SET Surname = 'Lim' " +\
                    "WHERE FirstName = 'Alex'")

#addded the following method
connection.commit()

connection.close()

In [None]:
#YOUR_ANSWER_HERE

> It is important to run the commit() method to save the changes to the database. This is equivalent to the action `Write Changes` we used in DB4S.

Alternative to saving the database manually using `commit()` method, similar to file I/O, we can also utilize the `with` statement in Python. 

In [None]:
import sqlite3

connection = sqlite3.connect("./resources/library_copy.db")

with connection:
    connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('Alex', 'Ong', 98765432)")
    connection.execute( "UPDATE Borrower SET Surname = 'Lim' " +\
                        "WHERE FirstName = 'Alex'")

    #commit() method to save the changes is no longer required.

#connection to database still need to be closed
connection.close()

### Exercise 28 [`INSERT`, `DELETE`, `UPDATE`]
1. Try out the following code and check the database with DB4S. 
    - What changes do you expect from executing the code?
    - What do you observe about the database? 

In [None]:
import sqlite3

connection = sqlite3.connect("./resources/library_copy.db")

connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('AlexA', 'Ong', 98765432)")
connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('VijayA', 'Singh', 91919191)")

connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('AlexB', 'Ong', 98765432)")
connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('VijayB', 'Singh', 91919191)")

connection.commit()

connection.close()

2. Try out the following code and check the database again with DB4S. 
    - What changes do you expect from executing the code?
    - What do you observe about the database? 

In [None]:
import sqlite3

connection = sqlite3.connect("./resources/library_copy.db")

connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('AlexC', 'Ong', 98765432)")
connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('VijayC', 'Singh', 91919191)")

#the following line is added
connection.rollback()

connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('AlexD', 'Ong', 98765432)")
connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES('VijayD', 'Singh', 91919191)")

connection.commit()

connection.close()

> `rollback()` method undo the changes to the database. This is equivalent to the action `Revert Changes` we used in DB4S.

### Example 29 [`CREATE TABLE, DROP TABLE`]
Try out the following code blocks and check the database with DB4S. What do you expect the code blocks do?

In [None]:
import sqlite3

connection = sqlite3.connect("./resources/newfile.db")

connection.execute("CREATE TABLE Book(" +\
                   "ID INTEGER PRIMARY KEY, 
                   "Title TEXT" +\
                   ")"
                  )

connection.execute("CREATE TABLE BookToo(" +\
                   "ID INTEGER PRIMARY KEY, 
                   "Title TEXT" +\
                   ")"
                  )
connection.commit()
connection.close()

In [None]:
import sqlite3

connection = sqlite3.connect("./resources/newfile.db")

connection.execute("DROP TABLE Book")
connection.commit()
connection.close()

The last of the CRUD operation we will discuss is the Read/Retrieve operation. We will show 4 ways to do this with `sqlite3` module.
1. iterate the `Cursor` object, which is also created when we run `execute()` method on `Connection` object,
2. use the `fetchone()` method of the `Cursor` object.
3. use the `fetchall()` method of the `Cursor` object.
4. setting the `row_factory` attribute of the `Connection` object as `sqlite3.Row` object. `Row` provides both index-based and case-insensitive name-based access to columns and most useful when we want name-based access to columns.

### Example 30 [`SELECT`]
Try out the following code block 3 times with appropriate commenting and uncommenting of the relevant parts of the code. What can you observe about the type of the output given by each of the approach?

In [None]:
import sqlite3

connection = sqlite3.connect("./resources/library_copy.db")

cursor = connection.execute("SELECT ID, FirstName FROM Borrower")

#Approach 1
for row in cursor:
    print(row)

#Approach 2
row = cursor.fetchone()
while row is not None:
    print(row)
    row = cursor.fetchone()

#Approach 3
rows = cursor.fetchall()
print(rows)

connection.close()

In [None]:
#YOUR_ANSWER_HERE

### Example 31 [`SELECT`]
Try out the following code block 5 times with appropriate commenting and uncommenting of the relevant parts of the code. What can you observe about each output?

In [None]:
import sqlite3

connection = sqlite3.connect("./resources/library_copy.db")

#setting the `row_factory` attribute of `Connection` object
connection.row_factory = sqlite3.Row

cursor = connection.execute("SELECT ID, FirstName FROM Borrower")

#Try 1
for row in cursor:
    print(row)

#Try 2
row = cursor.fetchone()
while row is not None:
    print(row)
    row = cursor.fetchone()

#Try 3
rows = cursor.fetchall()
print(rows)

#Try 4
for row in cursor:
    print(row['ID'])
    print(row['FirstName']

#Try 5
row = cursor.fetchone()
while row is not None:
    print(row['ID'])
    print(row['FirstName'])
    row = cursor.fetchone()

connection.close()

The main advantage of using `Row` objects is that they are more flexible as they behave like `dict` objects; we can index values by column name instead of relying on the order of columns in the original `SELECT` statement.

# 13.8.3 SQL Injection Protection with `sqlite3`
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its SQL database.  It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior.

Consider a shopping application that displays products in different categories. When the user clicks on the Gifts category, their browser requests the URL:
>```
>
>https://insecure-website.com/products?category=Gifts
>
>```
This causes the application to make an SQL query to retrieve details of the relevant products from the database:
>```
>
>SELECT * FROM products WHERE category = 'Gifts' AND released = 1
>
>```

Note that we can presume that: 
- This SQL query asks the database to return all details (`*`) from the `products` table where the category is `"Gifts"` and `released` is `1`.
- The restriction `released = 1` is being used to hide products that are not released. For unreleased products, presumably `released = 0`.

The application doesn't implement any defenses against SQL injection attacks, so an attacker can construct an attack like:
>```
>
>https://insecure-website.com/products?category=Gifts'--
>
>```

This results in the SQL query:
>```
>
>SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1
>
>```

The key thing here is that the double-dash sequence `--` is a comment indicator in SQL, and means that the rest of the query is interpreted as a comment. This effectively removes the remainder of the query, so it no longer includes `AND released = 1`. This means that all products has potential to be displayed, including unreleased products where `released = 0`.

Here's another example from xkcd.   
<center>
<img src="https://imgs.xkcd.com/comics/exploits_of_a_mom.png" width="800" align="center"/>
</center>

## 13.8.3.1 Parameter Substitution
From the SQL injection example above, we see that user inputs should not be taken wholesale and it is a good idea to first run a validity check on it before being passed to the SQL statements. As such, we can use **parameter substitution**, which makes use of the `?` symbol and optional arguments in the `execute()` method in `sqlite3`.

### Example 32

Consider the following snippet of Python code to delete records in the SQL database where `ID` is between 2 and 4.

In [None]:
# The symbols `?` are placeholders for user inputs
# the second argument in the execute() method is a tuple of user inputs to use for substitution
# Parameter substitution follows the same order in which the placeholders appear in the SQL
execute("DELETE FROM Book WHERE ID > ? AND ID < ?", (2, 4))

### Example 33

The following program can be used to enter new borrowers into the `library.db` database:

In [None]:
import sqlite3

connection = sqlite3.connect("library.db")

while True:
    first = input("Enter first name: ")
    surname = input("Enter surname: ")
    contact = int(input("Enter contact number: "))

    #Note that at this point in the code, we can run the validation checks on the values first, surname and contact
    #before wew pass it to the SQL statement below
    connection.execute("INSERT INTO Borrower(FirstName, Surname, Contact) VALUES(?, ?, ?)", (first, surname, contact))
    connection.commit()

    if input("Continue (Y/N)?").upper() != 'Y':
        break

connection.close()