# Python & SQLite

- Python is a general purpose programming language
- Python provides sqlite3 library to connect and manipulate SQLite database
- https://docs.python.org/3/library/sqlite3.html#module-sqlite3

## Connect to a SQLite DB

In [1]:
import sqlite3

conn = sqlite3.connect("test.db")

In [2]:
print(sqlite3.version)

2.6.0


In [3]:
conn.close()

In [4]:
help(sqlite3)

Help on package sqlite3:

NAME
    sqlite3

MODULE REFERENCE
    https://docs.python.org/3.10/library/sqlite3.html
    
    The following documentation is automatically generated from the Python
    source files.  It may be incomplete, incorrect or include features that
    are considered implementation detail and may vary between Python
    implementations.  When in doubt, consult the module reference at the
    location listed above.

DESCRIPTION
    The sqlite3 extension module provides a DB-API 2.0 (PEP 249) compliant
    interface to the SQLite library, and requires SQLite 3.7.15 or newer.
    
    To use the module, start by creating a database Connection object:
    
        import sqlite3
        cx = sqlite3.connect("test.db")  # test.db will be created or opened
    
    The special path name ":memory:" can be provided to connect to a transient
    in-memory database:
    
        cx = sqlite3.connect(":memory:")  # connect to a database in RAM
    
    Once a connection has 

## Let's create a connection function

- we can use the function over and again as we need it
- python/db.py file contains utility functions to work with SQLite Database

In [5]:
def create_connection(db_file: str):
  """Create a database connection to a SQLite database.
  
  Args:
    db_file (str): database file
  Return:
    Connection object or None
  """
  conn = None
  try:
      conn = sqlite3.connect(db_file)
  except sqlite3.Error as e:
      print(e)

  return conn

In [6]:
conn = create_connection('test.db')

In [7]:
# create cursor object
# cursor object is used to execute SQL query
cur = conn.cursor()

In [8]:
cur.connection == conn

True

In [9]:
# close connection
conn.close()

## Using python/db.py module

- python is a package provided inside Intro-Database repo folder
- empty `__init__.py` file inside a folder makes it a Python package

In [10]:
from python import db

In [11]:
help(db)

Help on module python.db in python:

NAME
    python.db

FUNCTIONS
    close_connection(conn: sqlite3.Connection)
        Close a database connection to a SQLite database.
        Args:
          conn (Connection): Connection object
    
    create_connection(db_file: str)
        Create a database connection to a SQLite database.
        Args:
          db_file (str): database file
        Return:
          Connection object or None
    
    create_table(db_file: str, create_table_sql: str)
        Create a table from the create_table_sql statement
        Args:
          db_file (str): database file path
          create_table_sql (str): a CREATE TABLE statement
    
    insert_many_rows(db_file: str, insert_rows_sql: str, rows: list[tuple])
        Insert data into a table from the insert_data_sql statement
        Args:
          db_file (str): database file path
          insert_data_sql (str): an INSERT INTO statement
          rows (list[tuple]): list of tuples as rows to be ins

In [12]:
conn = db.create_connection('test.db')

In [13]:
db.close_connection(conn)

## SQLite and Python types

- SQLite natively supports the following types: NULL, INTEGER, REAL, TEXT, BLOB.

The following Python types can thus be sent to SQLite without any problem:

| Python type | SQLite type |
| ----------- | ------------|
| None        | NULL        |
| int         | INTEGER     |
| float       | FLOAT       |
| str         | TEXT        |
| bytes       | BLOB        |  



## Parameterized query

- in order to prevent SQL-injection attacks, you must use parameterized query
    - never use string formatting to dynamically careate SQL statement from untrusted data
- SQLite3 provides **?** placeholder for each dynamic value to be replaced with
- execute and exectuemany functions provide parameters argument to 
    - pass in data as iterable (tuple or list of tuples) to bind values with each placeholder (?)
- https://docs.python.org/3/library/sqlite3.html#sqlite3.Cursor.execute