In [14]:
import pandas as pd

# Datasets

In [15]:
movies = pd.read_csv('data/movies.csv')
movie_info = pd.read_csv('data/movie_info.csv')
buildings = pd.read_csv('data/buildings.csv')
employees = pd.read_csv('data/employees.csv')
cities = pd.read_csv('data/cities.csv')

# Connect to database

## We'll use an API (Application Programming Interface) to connect to our database.

SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that gives application developers the full power and flexibility of SQL.

In [None]:
!pip install SQLAlchemy

In [None]:
!pip install psycopg2

In [18]:
import sqlalchemy as db


To connect to a database you will usually pass something called `connection string` or `database url` For sqlalchemy it consists of:
- **DB server name** (`mysql`, `postgresql`, `mongodb`) --> official name: _dialect_ 
- **[+driver]** --> Optional driver name, the name of the API to connect with the DB (`psycopg2`, `pyodbc`) 
- ://**username:password** --> password you set up when created database on pgadmin4 for instance
- @**hostname** --> when running locally (`localhost` or `127.0.0.1`), in practice a url provided by the admin.
- /**database name** name of the specific database database you're connecting to (`review`)

In [None]:
db.create_engine

In [169]:
import sqlalchemy as db

# create the engine
engine = db.create_engine('postgresql+psycopg2://postgres:admin@localhost/aula_conexao')

# localhost = 127.0.0.1

# open the connection
conn = engine.connect()

In [33]:
db_server = 'postgresql'
user = 'postgres'
password = 'admin'
ip = 'localhost'
db_name = 'aula_conexao'

# create the engine
engine = db.create_engine(f'{db_server}://{user}:{password}@{ip}/{db_name}')

# open the connection
conn = engine.connect()

# CREATING TABLE via python

The pandas module has built-in functionalities that handles that for you ♥️

In [44]:
employees.head(2)

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa


In [46]:
employees.to_sql('employees', con=conn, if_exists='replace', index=False)

## READING TABLE via python

In [48]:
pd.read_sql_query('SELECT * FROM employees;', con=conn)

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa
5,Artist,Tylar S.,2,Empire State
6,Artist,Sherman D.,8,Empire State
7,Artist,Jakob J.,6,Empire State
8,Artist,Lillia A.,7,Empire State
9,Artist,Brandon J.,7,Empire State


## You can read a table directly 

In [50]:
pd.read_sql_table('employees', con=conn)

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa
5,Artist,Tylar S.,2,Empire State
6,Artist,Sherman D.,8,Empire State
7,Artist,Jakob J.,6,Empire State
8,Artist,Lillia A.,7,Empire State
9,Artist,Brandon J.,7,Empire State


In [53]:
# pd.read_sql('employees', con=conn) or pd.read_sql('SELECT * FROM employees;', con=conn)

# Inserting all tables into database:

In [54]:
movies.to_sql('movies', conn, if_exists='replace', index=False)

employees.to_sql('employees', conn, if_exists='replace', index=False)

cities.to_sql('cities', conn, if_exists='replace', index=False)

movie_info.to_sql('movie_info', conn, if_exists='replace', index=False)

buildings.to_sql('buildings', conn, if_exists='replace', index=False)

## Let's check that

In [55]:
query = '''
SELECT  id, 
        title, 
        director, 
        year, 
        length_minutes
  FROM movies'''

In [56]:
from IPython.display import display, Markdown

def pprint(query):
    display(Markdown(f'''```mysql 
    {query}```'''))

In [57]:
pprint('''SELECT * FROM bla''')

```mysql 
    SELECT * FROM bla```

In [58]:
pprint('''
SELECT name,
       age,
       email,
       address,
       zip_code
  FROM customer
 WHERE age <= 3
''')

```mysql 
    
SELECT name,
       age,
       email,
       address,
       zip_code
  FROM customer
 WHERE age <= 3
```

# SQL mini-challenges.

-----------

# SELECT queries

For the `movies` table:

1. Find the title of each film
2. Find the director of each film
3. Find the title and director of each film
4. Find the title and year of each film
5. Find all the information about each film

In [60]:
query = '''
SELECT title 
  FROM movies;
'''
pprint(query)

pd.read_sql(query, con=conn)

```mysql 
    
SELECT title 
  FROM movies;
```

Unnamed: 0,title
0,Toy Story
1,A Bug's Life
2,Toy Story 2
3,"Monsters, Inc."
4,Finding Nemo
5,The Incredibles
6,Cars
7,Ratatouille
8,WALL-E
9,Up


In [61]:
# 3 

query = '''
SELECT title, 
       director 
  FROM movies'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT title, 
       director 
  FROM movies```

Unnamed: 0,title,director
0,Toy Story,John Lasseter
1,A Bug's Life,John Lasseter
2,Toy Story 2,John Lasseter
3,"Monsters, Inc.",Pete Docter
4,Finding Nemo,Andrew Stanton
5,The Incredibles,Brad Bird
6,Cars,John Lasseter
7,Ratatouille,Brad Bird
8,WALL-E,Andrew Stanton
9,Up,Pete Docter


In [62]:
# 5

query = 'SELECT * FROM movies'
pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    SELECT * FROM movies```

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


# WHERE clause - filters

1. Find the movie with a row id of 6 and 3
2. Find the movies released in the years between 2000 and 2010
3. Find the movies not released in the years between 2000 and 2010
4. Find the first 5 Pixar movies and their release year (suppose id is given in order)

In [64]:
# 1 

query = '''
SELECT * FROM movies WHERE id = 6 OR id = 3;
'''

pprint(query)

pd.read_sql(query, conn)


```mysql 
    
SELECT * FROM movies WHERE id = 6 OR id = 3;
```

Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,6,The Incredibles,Brad Bird,2004,116


In [65]:
# 1 

query = '''
SELECT * FROM movies WHERE id IN (6,3);
'''

pprint(query)

pd.read_sql(query, conn)


```mysql 
    
SELECT * FROM movies WHERE id IN (6,3);
```

Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,6,The Incredibles,Brad Bird,2004,116


In [66]:
my_tuple = (6,3)

In [67]:
my_tuple

(6, 3)

In [68]:
# 1 

query = f'''
SELECT * FROM movies WHERE id IN {my_tuple};
'''

pprint(query)

pd.read_sql(query, conn)


```mysql 
    
SELECT * FROM movies WHERE id IN (6, 3);
```

Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,6,The Incredibles,Brad Bird,2004,116


In [75]:
def filter_ids(list_of_ids):
    my_tuple = tuple(list_of_ids)
    
    query = f'''
    SELECT * FROM movies WHERE id IN {my_tuple};
    '''

    if len(my_tuple) == 1:
        query = f'''
        SELECT * FROM movies WHERE id = {my_tuple[0]};
        '''

    
    pprint(query)

    return pd.read_sql(query, conn)
    

In [76]:
x = input('Qual id voce quer?')

Qual id voce quer?3


In [79]:
filter_ids([x])

```mysql 
    
        SELECT * FROM movies WHERE id = 3;
        ```

Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93


In [83]:
# UNION == pd.concat(), remove duplicates
pd.read_sql('''
(SELECT * FROM movies)
UNION
(SELECT * FROM movies)
''', con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,10,Up,Pete Docter,2009,101
1,5,Finding Nemo,Andrew Stanton,2003,107
2,6,The Incredibles,Brad Bird,2004,116
3,14,Monsters University,Dan Scanlon,2013,110
4,9,WALL-E,Andrew Stanton,2008,104
5,3,Toy Story 2,John Lasseter,1999,93
6,1,Toy Story,John Lasseter,1995,81
7,12,Cars 2,John Lasseter,2011,120
8,11,Toy Story 3,Lee Unkrich,2010,103
9,2,A Bug's Life,John Lasseter,1998,95


In [84]:
# UNION == pd.concat()
pd.read_sql('''
(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)
''', con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


In [90]:
print('\nUNION ALL\n'.join(['(SELECT * FROM movies)' for x in range(10)]))
query = '\nUNION ALL\n'.join(['(SELECT * FROM movies)' for x in range(10)])

(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)
UNION ALL
(SELECT * FROM movies)


In [95]:
pd.options.display.max_rows = 200

In [97]:
# 2
pd.read_sql('SELECT * FROM movies WHERE year BETWEEN 2001 AND 2010', con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,4,"Monsters, Inc.",Pete Docter,2001,92
1,5,Finding Nemo,Andrew Stanton,2003,107
2,6,The Incredibles,Brad Bird,2004,116
3,7,Cars,John Lasseter,2006,117
4,8,Ratatouille,Brad Bird,2007,115
5,9,WALL-E,Andrew Stanton,2008,104
6,10,Up,Pete Docter,2009,101
7,11,Toy Story 3,Lee Unkrich,2010,103


In [98]:
# 2
pd.read_sql('SELECT * FROM movies WHERE year NOT BETWEEN 2001 AND 2010', con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,12,Cars 2,John Lasseter,2011,120
4,13,Brave,Brenda Chapman,2012,102
5,14,Monsters University,Dan Scanlon,2013,110
6,87,WALL-G,Brenda Chapman,2042,97


In [100]:
import numpy as np

In [101]:
pd.read_sql(f'SELECT * FROM movies WHERE year IN {tuple(np.arange(2000, 2010+1))}', con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,4,"Monsters, Inc.",Pete Docter,2001,92
1,5,Finding Nemo,Andrew Stanton,2003,107
2,6,The Incredibles,Brad Bird,2004,116
3,7,Cars,John Lasseter,2006,117
4,8,Ratatouille,Brad Bird,2007,115
5,9,WALL-E,Andrew Stanton,2008,104
6,10,Up,Pete Docter,2009,101
7,11,Toy Story 3,Lee Unkrich,2010,103


In [103]:
# 3
query = '''
SELECT * 
  FROM movies 
 WHERE year NOT BETWEEN 2001 AND 2010'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT * 
  FROM movies 
 WHERE year NOT BETWEEN 2001 AND 2010```

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,12,Cars 2,John Lasseter,2011,120
4,13,Brave,Brenda Chapman,2012,102
5,14,Monsters University,Dan Scanlon,2013,110
6,87,WALL-G,Brenda Chapman,2042,97


In [105]:
query = '''
SELECT * 
  FROM movies
 ORDER BY year DESC
 LIMIT 5;
'''

pd.read_sql(query, con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,87,WALL-G,Brenda Chapman,2042,97
1,14,Monsters University,Dan Scanlon,2013,110
2,13,Brave,Brenda Chapman,2012,102
3,12,Cars 2,John Lasseter,2011,120
4,11,Toy Story 3,Lee Unkrich,2010,103


# LIKE clause, % and _

1. Find all the Toy Story movies
2. Find all the movies directed by John Lasseter
3. Find all the movies (and director) not directed by John Lasseter
4. Find all the WALL-* movies

In [110]:
query = """
SELECT * 
  FROM movies 
 WHERE title LIKE 'Toy %'
 """


pd.read_sql(query, conn)


TypeError: dict is not a sequence

In [111]:
pprint(query)

```mysql 
    
SELECT * 
  FROM movies 
 WHERE title LIKE 'Toy %'
 ```

In [None]:
db.text(query)

In [112]:
pd.read_sql(db.text(query), con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,3,Toy Story 2,John Lasseter,1999,93
2,11,Toy Story 3,Lee Unkrich,2010,103


In [114]:
# 1 
query = "SELECT * FROM movies WHERE title LIKE 'Toy %%'" 
pd.read_sql(query, conn)

# 1 
query = db.text("SELECT * FROM movies WHERE title LIKE 'Toy %'")


pd.read_sql(query, conn)



Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,3,Toy Story 2,John Lasseter,1999,93
2,11,Toy Story 3,Lee Unkrich,2010,103


# Regex PostgreSQL

In [115]:
query = db.text("SELECT * FROM movies WHERE title ~ 'Toy [Ss]tory \d'")

pd.read_sql(query, conn)

Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,11,Toy Story 3,Lee Unkrich,2010,103


In [116]:
# 3
# Find all the movies (and director) not directed by John Lasseter

query = '''
SELECT title, director
 FROM movies 
WHERE director NOT LIKE 'John %%'
'''

pprint(query)

pd.read_sql(query, conn)

```mysql 
    
SELECT title, director
 FROM movies 
WHERE director NOT LIKE 'John %%'
```

Unnamed: 0,title,director
0,"Monsters, Inc.",Pete Docter
1,Finding Nemo,Andrew Stanton
2,The Incredibles,Brad Bird
3,Ratatouille,Brad Bird
4,WALL-E,Andrew Stanton
5,Up,Pete Docter
6,Toy Story 3,Lee Unkrich
7,Brave,Brenda Chapman
8,Monsters University,Dan Scanlon
9,WALL-G,Brenda Chapman


In [117]:
# 4
query = "SELECT * FROM movies WHERE title LIKE 'WALL-_'"

pd.read_sql(query, conn)

Unnamed: 0,id,title,director,year,length_minutes
0,9,WALL-E,Andrew Stanton,2008,104
1,87,WALL-G,Brenda Chapman,2042,97


In [119]:
# 4
query = "SELECT * FROM movies WHERE title ~ 'WALL-\w'"

pd.read_sql(query, conn)

Unnamed: 0,id,title,director,year,length_minutes
0,9,WALL-E,Andrew Stanton,2008,104
1,87,WALL-G,Brenda Chapman,2042,97


# ORDER BY clause, DISTINCT, OFFSET

1. List all directors of Pixar movies (alphabetically), without duplicates
2. List the last four Pixar movies released (ordered from most recent to least)
3. List the first five Pixar movies sorted alphabetically
4. List the next five Pixar movies sorted alphabetically

In [121]:
# 1

query = '''
SELECT director 
  FROM movies 
 ORDER BY director'''

pd.read_sql(query, con=conn).drop_duplicates()

Unnamed: 0,director
0,Andrew Stanton
2,Brad Bird
4,Brenda Chapman
6,Dan Scanlon
7,John Lasseter
12,Lee Unkrich
13,Pete Docter


In [123]:
# 1

query = '''
SELECT DISTINCT director 
  FROM movies 
 ORDER BY director'''

pd.read_sql(query, con=conn)

Unnamed: 0,director
0,Andrew Stanton
1,Brad Bird
2,Brenda Chapman
3,Dan Scanlon
4,John Lasseter
5,Lee Unkrich
6,Pete Docter


In [125]:
def read_sql(query, con=conn):
    pprint(query)
    return pd.read_sql(query, con=conn)
    

In [126]:
read_sql('SELECT * FROM movies;')

```mysql 
    SELECT * FROM movies;```

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


In [None]:
# 3

query = '''
SELECT DISTINCT director, year FROM movies ORDER BY year DESC LIMIT 4'''

read_sql(query, con=conn)

In [None]:
# 3 

In [None]:
# 4

# Two connections

In [127]:
import sqlalchemy as db

# create the engine
engine2 = db.create_engine('postgresql+psycopg2://postgres:admin@localhost/applestore')

# localhost = 127.0.0.1

# open the connection
conn2 = engine2.connect()

In [128]:
pd.read_sql('SELECT * FROM data', con=conn2)

Unnamed: 0,id,track_name,size_bytes,currency,price,rating_count_tot,rating_count_ver,user_rating,user_rating_ver,ver,cont_rating,prime_genre,sup_devices.num,ipadSc_urls.num,lang.num,vpp_lic
0,281656475,PAC-MAN Premium,100788224,USD,3.99,21292,26,4.0,4.5,6.3.5,4+,Games,38,5,10,1
1,281796108,Evernote - stay organized,158578688,USD,0.00,161065,26,4.0,3.5,8.2.2,4+,Productivity,37,5,23,1
2,281940292,"WeatherBug - Local Weather, Radar, Maps, Alerts",100524032,USD,0.00,188583,2822,3.5,4.5,5.0.0,4+,Weather,37,5,3,1
3,282614216,"eBay: Best App to Buy, Sell, Save! Online Shop...",128512000,USD,0.00,262241,649,4.0,4.5,5.10.0,12+,Shopping,37,5,9,1
4,282935706,Bible,92774400,USD,0.00,985920,5320,4.5,5.0,7.5.1,4+,Reference,37,5,45,1
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
7192,1187617475,Kubik,126644224,USD,0.00,142,75,4.5,4.5,1.3,4+,Games,38,5,1,1
7193,1187682390,VR Roller-Coaster,120760320,USD,0.00,30,30,4.5,4.5,0.9,4+,Games,38,0,1,1
7194,1187779532,Bret Michaels Emojis + Lyric Keyboard,111322112,USD,1.99,15,0,4.5,0.0,1.0.2,9+,Utilities,37,1,1,1
7195,1187838770,VR Roller Coaster World - Virtual Reality,97235968,USD,0.00,85,32,4.5,4.5,1.0.15,12+,Games,38,0,2,1


# SELECT REVIEW

From table `cities`

1. List all the Canadian cities and their populations
2. Order all the cities in the United States by their latitude from north to south
3. List all the cities west of Chicago, ordered from west to east
4. List the two largest cities in Mexico (by population)
5. List the third and fourth largest cities (by population) in the United States and their population

**tip**: this one has a little boring trick concerning column names that can be handled in two different ways. If you have much trouble, call for help ♥️

In [None]:
pd.read_sql('SELECT "City", "Country" FROM cities', conn)

-------------

# JOINS - Inner joins

From tables `movies` and `movie_info`

1. Find the domestic and international sales for each movie
2. Show the sales numbers for each movie that did better internationally rather than domestically
3. List all the movies by their ratings in descending order

# JOINS - Outer joins + NULLs

From table `buildings` and `employees`

1. Find the list of all buildings that have employees
2. Find the list of all buildings and their height
3. List all buildings and the distinct employee roles in each building (including empty buildings)
4. Find the name and role of all employees who have not been assigned to a building
5. Find the names of the buildings that hold no employees

In [135]:
pd.read_sql('movie_info', con=conn)

Unnamed: 0,movie_id,rating,domestic_sales,international_sales
0,5,8.2,380843261,555900000
1,14,7.4,268492764,475066843
2,8,8.0,206445654,417277164
3,12,6.4,191452396,368400000
4,3,7.9,245852179,239163000
5,6,8.0,261441092,370001000
6,9,8.5,223808164,297503696
7,11,8.4,415004880,648167031
8,1,8.3,191796233,170162503
9,7,7.2,244082982,217900167


In [143]:
# 0

# 2 
# Show the sales numbers for each movie that did better internationally rather than domestically

query = '''
WITH international_better AS 
(SELECT movie_id, 
        domestic_sales,
        international_sales
   FROM movie_info
  WHERE domestic_sales < international_sales),
joined_table AS (
SELECT * 
  FROM movies a
       INNER JOIN 
       international_better b
    ON a.id = b.movie_id)
SELECT * FROM joined_table;
'''

read_sql(query, con=conn)

```mysql 
    
WITH international_better AS 
(SELECT movie_id, 
        domestic_sales,
        international_sales
   FROM movie_info
  WHERE domestic_sales < international_sales),
joined_table AS (
SELECT * 
  FROM movies a
       INNER JOIN 
       international_better b
    ON a.id = b.movie_id)
SELECT * FROM joined_table;
```

Unnamed: 0,id,title,director,year,length_minutes,movie_id,domestic_sales,international_sales
0,2,A Bug's Life,John Lasseter,1998,95,2,162798565,200600000
1,5,Finding Nemo,Andrew Stanton,2003,107,5,380843261,555900000
2,6,The Incredibles,Brad Bird,2004,116,6,261441092,370001000
3,8,Ratatouille,Brad Bird,2007,115,8,206445654,417277164
4,9,WALL-E,Andrew Stanton,2008,104,9,223808164,297503696
5,10,Up,Pete Docter,2009,101,10,293004164,438338580
6,11,Toy Story 3,Lee Unkrich,2010,103,11,415004880,648167031
7,12,Cars 2,John Lasseter,2011,120,12,191452396,368400000
8,13,Brave,Brenda Chapman,2012,102,13,237283207,301700000
9,14,Monsters University,Dan Scanlon,2013,110,14,268492764,475066843


In [None]:
query = '''
'''

read_sql(query, con=conn)

In [None]:
#employees
query = '''
SELECT A.*,
       B.*
  FROM employees AS A
       LEFT JOIN
       buildings AS B
    ON A.building = B." building_name"
 WHERE A.building IS NULL
'''

pd.read_sql(query, con=conn)


# Performing calculations inside queries

From tables `movies` and `movie_info`: 

0. Create a variable called fl_post_millenium which results in 1 if the year is <= 2000 else 0
1. List all movies and their combined sales in millions of dollars
2. List all movies and their ratings in percent
3. List all movies that were released on even number years

# Group by's and aggregations - MAX, AVG, SUM

From tables `employees` and `buildings`

1. Find the longest time that an employee has been at the Empire State
2. For each role, find the average number of years employed by employees in that role
3. Find the total number of employee years worked in each building

In [None]:
# 1 


query = '''
SELECT * FROM  employees

'''

pd.read_sql(query, con=conn)


In [None]:
# 1 

query = '''
SELECT building, 
       MAX(years_employed) 
  FROM employees
 GROUP BY building
'''

pd.read_sql(query, con=conn)


In [145]:
# 2
# 1 

query = '''
SELECT role,
       AVG(years_employed) AS avg_years,
       MAX(years_employed) AS max_years
  FROM employees
 GROUP BY role
'''

read_sql(query)


```mysql 
    
SELECT role,
       AVG(years_employed) AS avg_years,
       MAX(years_employed) AS max_years
  FROM employees
 GROUP BY role
```

Unnamed: 0,role,avg_years,max_years
0,Engineer,2.833333,6
1,Manager,6.0,9
2,Artist,5.0,8


In [150]:
employees.groupby(by='role').agg(['mean','max'])

Unnamed: 0_level_0,years_employed,years_employed
Unnamed: 0_level_1,mean,max
role,Unnamed: 1_level_2,Unnamed: 2_level_2
Artist,5.0,8
Engineer,2.833333,6
Manager,6.0,9


In [154]:
employees

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa
5,Artist,Tylar S.,2,Empire State
6,Artist,Sherman D.,8,Empire State
7,Artist,Jakob J.,6,Empire State
8,Artist,Lillia A.,7,Empire State
9,Artist,Brandon J.,7,Empire State


In [157]:
# named aggregation
employees.groupby(by='role').agg(avg_years=('years_employed', 'mean'),
                                 max_years=('years_employed', 'max')).reset_index()

Unnamed: 0,role,avg_years,max_years
0,Artist,5.0,8
1,Engineer,2.833333,6
2,Manager,6.0,9


In [161]:
pd.read_sql('employees', con=conn)

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa
5,Artist,Tylar S.,2,Empire State
6,Artist,Sherman D.,8,Empire State
7,Artist,Jakob J.,6,Empire State
8,Artist,Lillia A.,7,Empire State
9,Artist,Brandon J.,7,Empire State


In [159]:
# 3 

query = '''
SELECT building,
       SUM(years_employed) AS sum_years,
       COUNT(*) AS count_years,
       COUNT(building) AS count_years_building,
       SUM(
           CASE WHEN years_employed < 5 THEN 1 ELSE 0 END
       )
  FROM employees
 GROUP BY building
'''

pd.read_sql(query, con=conn)


Unnamed: 0,building,sum_years,count_years,count_years_building,sum
0,,0.0,2,0,2
1,Burj Khalifa,29.0,7,7,5
2,Empire State,36.0,6,6,1


# Having clause

-- The order of SQL queries: 
> https://jvns.ca/blog/2019/10/03/sql-queries-don-t-start-with-select/ (really good blog)

![image.png](attachment:image.png)

For the `movies` and `movie_info` tables:


1. Find the number of Artists in the studio (without a HAVING clause)
2. Find the number of Employees of each role in the studio
3. Find the total number of years employed by all Engineers
4. Find the number of movies each director has directed
5. Find the total domestic and international sales that can be attribute

# DROP AND CREATE TABLE

In [162]:
conn.execute('DROP TABLE employees;')

<sqlalchemy.engine.result.ResultProxy at 0x1140b5d30>

In [163]:
conn.closed

False

In [164]:
conn.close()

# ❌ DANGER ❌


# SQL Injection


0. Search for vulnerabilities.
> `inurl:index.php?id=1`

1. Enter the website 

2. Check if it is vulnerable to SQL-injection 
> plug a backtick (`) at the end of the id=1 query

> https://security.stackexchange.com/questions/121204/dumping-custom-query-via-sql-injection-when-output-is-in-the-die-function

**Important Note**: SQL injection is not legal. Train elsewhere https://ringzer0ctf.com/

In [165]:
df = pd.DataFrame(data=[('andre','admin'), 
                        ('matheus','qwerty'),
                        ('rai','1234567890'), 
                        ('lucas','0987654321')], 
                  columns=['username', 'password'])

In [167]:
df

Unnamed: 0,username,password
0,andre,admin
1,matheus,qwerty
2,rai,1234567890
3,lucas,0987654321


In [170]:
df.to_sql('user_info', con=conn, if_exists='replace', index=False)

In [177]:
query = '''
SELECT * FROM user_info WHERE username = 'andre' AND password = 'admin'
'''

In [178]:
read_sql(query).shape[0]

```mysql 
    
SELECT * FROM user_info WHERE username = 'andre' AND password = 'admin'
```

1

In [179]:
def check_access(username, password):
    query = f'''
            SELECT * FROM user_info WHERE username = '{username}' AND password = '{password}'
            '''
    if read_sql(query).shape[0] == 0:
        print('ACESS DENIED!')
    else: 
        print('ACESS GRANTED!')

In [187]:
check_access("' OR 1=1 --", 'h8t079y345tqj')

```mysql 
    
            SELECT * FROM user_info WHERE username = '' OR 1=1 --' AND password = 'h8t079y345tqj'
            ```

ACESS GRANTED!


In [None]:
username = 'andre'
password = '2345678'

In [None]:
def check_access(username, password):

    query = f"SELECT * FROM user_info WHERE username = '{username}' AND password = '{password}'"
    pprint(query)
    df = pd.read_sql(query, conn)
    
    if df.shape[0] != 0:
        print('ACCESS GRANTED!')
    else:
        print('ACCESS DENIED!')
        
    

In [None]:
check_access("' OR 1=1 -- andre --", 'admin')