
# Connecting SQL to Python

In [1]:
import pandas as pd

# Markdown

Jupyter Notebooks accepts Markdown, which accepts SQL like syntax

```python
for i in range(10):
    print(i)
```

```mysql
SELECT movie_id,
       international_sales
  FROM movie_info
 WHERE id = 10;
```

# Datasets

In [2]:
movies = pd.read_csv('data/movies.csv')
movie_info = pd.read_csv('data/movie_info.csv')
buildings = pd.read_csv('data/buildings.csv')
employees = pd.read_csv('data/employees.csv')
cities = pd.read_csv('data/cities.csv')

In [3]:
movies

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


# Connect to database

## We'll use an API (Application Programming Interface) to connect to our database.

SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that gives application developers the full power and flexibility of SQL.

Install SQLAlchemy: `!pip install SQLAlchemy`

In [1]:
#!pip install SQLAlchemy

Collecting SQLAlchemy
  Downloading SQLAlchemy-1.4.31-cp310-cp310-win_amd64.whl (1.6 MB)
Collecting greenlet!=0.4.17
  Downloading greenlet-1.1.2-cp310-cp310-win_amd64.whl (101 kB)
Installing collected packages: greenlet, SQLAlchemy
Successfully installed SQLAlchemy-1.4.31 greenlet-1.1.2


You should consider upgrading via the 'C:\Users\Rfbj\AppData\Local\Programs\Python\Python310\python.exe -m pip install --upgrade pip' command.


In [2]:
# For those using PostgreSQL
# WINDOWS:
#!pip install psycopg2

# for MACBOOK (MacOS) users, install the following:
#!pip install psycopg2-binary

Collecting psycopg2
  Downloading psycopg2-2.9.3-cp310-cp310-win_amd64.whl (1.2 MB)
Installing collected packages: psycopg2
Successfully installed psycopg2-2.9.3


You should consider upgrading via the 'C:\Users\Rfbj\AppData\Local\Programs\Python\Python310\python.exe -m pip install --upgrade pip' command.


In [3]:
#For those using MySQL
#!pip install pymysql

Collecting pymysql
  Downloading PyMySQL-1.0.2-py3-none-any.whl (43 kB)
Installing collected packages: pymysql
Successfully installed pymysql-1.0.2


You should consider upgrading via the 'C:\Users\Rfbj\AppData\Local\Programs\Python\Python310\python.exe -m pip install --upgrade pip' command.


In [4]:
import sqlalchemy as db


To connect to a database you will usually pass something called `connection string` or `database url` For sqlalchemy it consists of:
- **DB server name** (`mysql`, `postgresql`, `mongodb`) --> official name: _dialect_ 
- **[+driver]** --> Optional driver name, the name of the API to connect with the DB (`psycopg2`, `pyodbc`) 
- ://**username:password** --> password you set up when created database on pgadmin4 for instance
- @**hostname** --> when running locally (`localhost` or `127.0.0.1`), in practice a url provided by the admin.
- /**database name** name of the specific database database you're connecting to (`dataft_202008_python`)

In [15]:
#db.create_engine()
!pip install cryptography

Collecting cryptography
  Downloading cryptography-36.0.1-cp36-abi3-win_amd64.whl (2.2 MB)
Installing collected packages: cryptography
Successfully installed cryptography-36.0.1


You should consider upgrading via the 'C:\Users\Rfbj\AppData\Local\Programs\Python\Python310\python.exe -m pip install --upgrade pip' command.


In [6]:
## create the engine
#engine = db.create_engine('postgresql+psycopg2://postgres:admin@localhost/dataft_python')
#
## open the connection
#conn = engine.connect()
#conn.close()

In [9]:
#db_server = 'postgresql'
#user = 'postgres'
#password = 'admin'
#ip = 'localhost'
#db_name = 'daft_mar_2021'
#
#
## create the engine
#engine = db.create_engine(f'{db_server}://{user}:{password}@{ip}/{db_name}')
## open the connection
#conn = engine.connect()
##conn.close()

In [19]:
db_server='pymysql'
user='root'
db_port = '3306'
password = "abcde"
ip = 'localhost'
db_name = 'conexaopython'
engine = db.create_engine(f'mysql+{db_server}://{user}:{password}@{ip}:{db_port}/{db_name}?charset=utf8')
conn = engine.connect()
#conn.close()

# CREATING TABLE via python

The pandas module has built-in functionalities that handles that for you ♥️

In [20]:
employees.head()

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa


In [21]:
employees.to_sql(name='employees', con=conn)

In [22]:
employees.to_sql(name='employees', con=conn, if_exists='replace')

In [23]:
employees.to_sql(name='employees', con=conn, if_exists='replace', index=False)

## READING TABLE via python

In [24]:
# run a query by specifying the query as a string in python 
pd.read_sql_query('SELECT * FROM employees;', con=conn)

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa
5,Artist,Tylar S.,2,Empire State
6,Artist,Sherman D.,8,Empire State
7,Artist,Jakob J.,6,Empire State
8,Artist,Lillia A.,7,Empire State
9,Artist,Brandon J.,7,Empire State


## You can read a table directly 

In [25]:
pd.read_sql_table('employees', con=conn)

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa
5,Artist,Tylar S.,2,Empire State
6,Artist,Sherman D.,8,Empire State
7,Artist,Jakob J.,6,Empire State
8,Artist,Lillia A.,7,Empire State
9,Artist,Brandon J.,7,Empire State


In [26]:
pd.read_sql('SELECT * FROM employees', con=conn)

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa
5,Artist,Tylar S.,2,Empire State
6,Artist,Sherman D.,8,Empire State
7,Artist,Jakob J.,6,Empire State
8,Artist,Lillia A.,7,Empire State
9,Artist,Brandon J.,7,Empire State


# Inserting all tables into database:

In [28]:
movies.to_sql('movies', conn, if_exists='replace', index=False)
employees.to_sql('employees', conn, if_exists='replace', index=False)
cities.to_sql('cities', conn, if_exists='replace', index=False)
movie_info.to_sql('movie_info', conn, if_exists='replace', index=False)
buildings.to_sql('buildings', conn, if_exists='replace', index=False)

## Let's check that

In [29]:
query = '''
SELECT id, 
       title, 
       director
  FROM movies'''

In [30]:
pd.read_sql(query, con=conn).info()

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 15 entries, 0 to 14
Data columns (total 3 columns):
 #   Column    Non-Null Count  Dtype 
---  ------    --------------  ----- 
 0   id        15 non-null     int64 
 1   title     15 non-null     object
 2   director  15 non-null     object
dtypes: int64(1), object(2)
memory usage: 488.0+ bytes


## Important to understand

Note that when you `pd.read_sql('SELECT * FROM table')`, you are effectivelly sending the string to the PostgreSQL server and the code is being executed **there!** ♥️. Nothing is being executed on Python. The result is then transfered to Python and transformed into a dataframe. But if you have a HUGE table in your database, you can perform the operations there and then bring only the results to your pandas dataframe.

-----------

# SQL review via mini-challenges.

## SELECT queries

For the `movies` table:

1. Find the title of each film
2. Find the director of each film
3. Find the title and director of each film
4. Find the title and year of each film
5. Find all the information about each film

In [23]:
query = '''
SELECT title 
  FROM movies;
'''

print(query)
pd.read_sql(query, con=conn)


SELECT title 
  FROM movies;



Unnamed: 0,title
0,Toy Story
1,A Bug's Life
2,Toy Story 2
3,"Monsters, Inc."
4,Finding Nemo
5,The Incredibles
6,Cars
7,Ratatouille
8,WALL-E
9,Up


In [24]:
# 3 

query = '''
SELECT title, 
       director 
  FROM movies'''

print(query)
pd.read_sql(query, con=conn)


SELECT title, 
       director 
  FROM movies


Unnamed: 0,title,director
0,Toy Story,John Lasseter
1,A Bug's Life,John Lasseter
2,Toy Story 2,John Lasseter
3,"Monsters, Inc.",Pete Docter
4,Finding Nemo,Andrew Stanton
5,The Incredibles,Brad Bird
6,Cars,John Lasseter
7,Ratatouille,Brad Bird
8,WALL-E,Andrew Stanton
9,Up,Pete Docter


In [26]:
# 5

query = 'SELECT * FROM movies'

print(query)
df = pd.read_sql(query, con=conn)
df

SELECT 
* FROM movies


Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


In [None]:
pd.read_sql(query, con=conn).describe()

## WHERE clause - filters

1. Find the movie with a row id of 6 and 3
2. Find the movies released in the years between 2000 and 2010
3. Find the movies not released in the years between 2000 and 2010
4. Find the first 5 Pixar movies and their release year (suppose id is given in order)

In [28]:
query = '''
SELECT * 
  FROM movies
 WHERE id = 3 OR id = 6;
'''

print(query)
pd.read_sql(query, con=conn)


SELECT * 
  FROM movies
 WHERE id = 3 OR id = 6;



Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,6,The Incredibles,Brad Bird,2004,116


In [29]:
query = '''
SELECT * 
  FROM movies
 WHERE id IN (3,6,9);
'''

print(query)
pd.read_sql(query, con=conn)


SELECT * 
  FROM movies
 WHERE id IN (3,6,9);



Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,6,The Incredibles,Brad Bird,2004,116
2,9,WALL-E,Andrew Stanton,2008,104


In [31]:
my_tuple = (3, 6, 4)
my_tuple

(3, 6, 4)

In [32]:


query = f'''
SELECT * 
  FROM movies
 WHERE id IN {my_tuple};
'''

print(query)
pd.read_sql(query, con=conn)


SELECT * 
  FROM movies
 WHERE id IN (3, 6, 4);



Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,4,"Monsters, Inc.",Pete Docter,2001,92
2,6,The Incredibles,Brad Bird,2004,116


In [33]:
selected_movie = input('Which movie?')

Which movie?Toy Story


In [35]:
query = f'''
SELECT * 
  FROM movies
 WHERE title = '{selected_movie}';
'''

print(query)
pd.read_sql(query, con=conn)


SELECT * 
  FROM movies
 WHERE title = 'Toy Story';



Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81


In [21]:
query = f'''
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
;
'''

print(query)
pd.read_sql(query, con=conn)


SELECT * FROM movies
UNION ALL
SELECT * FROM movies
;



Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


In [119]:
queries = ['SELECT * FROM movies' for i in range(96)]
query = '\nUNION ALL\n'.join(queries)

In [120]:
print(query)
pd.read_sql(query, con=conn)

SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT * FROM movies
UNION ALL
SELECT *

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
...,...,...,...,...,...
1435,11,Toy Story 3,Lee Unkrich,2010,103
1436,12,Cars 2,John Lasseter,2011,120
1437,13,Brave,Brenda Chapman,2012,102
1438,14,Monsters University,Dan Scanlon,2013,110


In [24]:
tables = ['boleto', 'cartao','cheque','dda']
anomes = ['201901','201902','201903']

In [25]:
queries = []

for table in tables:
    for ref in anomes:
        my_table = f'financial_network_{table}_{ref}'
        queries.append(f'{my_table}')
        
print('\nUNION ALL\n'.join(queries))

financial_network_boleto_201901
UNION ALL
financial_network_boleto_201902
UNION ALL
financial_network_boleto_201903
UNION ALL
financial_network_cartao_201901
UNION ALL
financial_network_cartao_201902
UNION ALL
financial_network_cartao_201903
UNION ALL
financial_network_cheque_201901
UNION ALL
financial_network_cheque_201902
UNION ALL
financial_network_cheque_201903
UNION ALL
financial_network_dda_201901
UNION ALL
financial_network_dda_201902
UNION ALL
financial_network_dda_201903


In [None]:
# 3

query = '''
SELECT *
  FROM movies
 WHERE year >= 2000 AND year < 2010 
'''

print(query)
pd.read_sql(query, con=conn)

In [None]:
query = '''
SELECT *
  FROM movies
 WHERE year BETWEEN 2000 AND 2009 
'''

print(query)
pd.read_sql(query, con=conn)

In [None]:
# 4

query = '''
SELECT *
  FROM movies
 WHERE year NOT BETWEEN 2000 AND 2009 
'''

print(query)
pd.read_sql(query, con=conn)

In [None]:
# 4

query = '''
SELECT *
  FROM movies
 WHERE year NOT BETWEEN 2000 AND 2009 
'''

print(query)
pd.read_sql(query, con=conn).sort_values(by='length_minutes')

## LIKE clause, % and _

1. Find all the Toy Story movies
2. Find all the movies directed by John Lasseter
3. Find all the movies (and director) not directed by John Lasseter
4. Find all the WALL-* movies

In [140]:
query = """SELECT * FROM movies WHERE title REGEXP 'Toy Stor.'"""

In [141]:
pd.read_sql(query,con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,9,WALL-E,Andrew Stanton,2008,104
1,87,WALL-G,Brenda Chapman,2042,97


In [131]:
query = """
SELECT * 
  FROM movies 
 WHERE title LIKE 'Toy %'
 """
print(query)
pd.read_sql(query, conn)



SELECT * 
  FROM movies 
 WHERE title LIKE 'Toy %'
 


ValueError: unsupported format character ''' (0x27) at index 50

### Regex PostgreSQL

In [143]:
query = """
SELECT * 
  FROM movies 
 WHERE title REGEXP 'Toy [Ss]tory [0-9]'
"""

pd.read_sql(query, conn)

Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,11,Toy Story 3,Lee Unkrich,2010,103


In [31]:

query = """
SELECT * 
  FROM movies 
 WHERE title LIKE 'Toy Story _'
 """
print(query)
pd.read_sql(query, conn)



SELECT * 
  FROM movies 
 WHERE title LIKE 'Toy Story _'
 


Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,11,Toy Story 3,Lee Unkrich,2010,103


In [35]:
query = """
SELECT * 
  FROM movies 
 WHERE title REGEXP '^[A-F].*'
"""

pd.read_sql(query, conn)

Unnamed: 0,id,title,director,year,length_minutes
0,2,A Bug's Life,John Lasseter,1998,95
1,5,Finding Nemo,Andrew Stanton,2003,107
2,7,Cars,John Lasseter,2006,117
3,12,Cars 2,John Lasseter,2011,120
4,13,Brave,Brenda Chapman,2012,102


## ORDER BY clause, DISTINCT, OFFSET

1. List all directors of Pixar movies (alphabetically), without duplicates
2. List the last four Pixar movies released (ordered from most recent to least)
3. List the first five Pixar movies sorted alphabetically
4. List the next five Pixar movies sorted alphabetically

In [36]:
# 1

query = '''
SELECT DISTINCT director 
  FROM movies
 ORDER BY director ASC
'''
print(query)
pd.read_sql(query, con=conn)


SELECT DISTINCT director 
  FROM movies
 ORDER BY director ASC



Unnamed: 0,director
0,Andrew Stanton
1,Brad Bird
2,Brenda Chapman
3,Dan Scanlon
4,John Lasseter
5,Lee Unkrich
6,Pete Docter


In [38]:
# 1

query = '''
SELECT director 
  FROM movies
 ORDER BY director ASC
'''
print(query)
pd.read_sql(query, con=conn).drop_duplicates()


SELECT director 
  FROM movies
 ORDER BY director ASC



Unnamed: 0,director
0,Andrew Stanton
2,Brad Bird
4,Brenda Chapman
6,Dan Scanlon
7,John Lasseter
12,Lee Unkrich
13,Pete Docter


In [39]:
query = '''
SELECT director 
  FROM movies
 GROUP BY director
 ORDER BY director
'''
print(query)
pd.read_sql(query, con=conn)


SELECT director 
  FROM movies
 GROUP BY director
 ORDER BY director



Unnamed: 0,director
0,Andrew Stanton
1,Brad Bird
2,Brenda Chapman
3,Dan Scanlon
4,John Lasseter
5,Lee Unkrich
6,Pete Docter


In [40]:
# 4

query = '''
SELECT * 
  FROM movies
 ORDER BY title
 LIMIT 5
'''
print(query)
pd.read_sql(query, con=conn)


SELECT * 
  FROM movies
 ORDER BY title
 LIMIT 5



Unnamed: 0,id,title,director,year,length_minutes
0,2,A Bug's Life,John Lasseter,1998,95
1,13,Brave,Brenda Chapman,2012,102
2,7,Cars,John Lasseter,2006,117
3,12,Cars 2,John Lasseter,2011,120
4,5,Finding Nemo,Andrew Stanton,2003,107


In [41]:
# 5

query = '''
SELECT * 
  FROM movies
 ORDER BY title
 LIMIT 5 
 OFFSET 5
'''
print(query)
pd.read_sql(query, con=conn)


SELECT * 
  FROM movies
 ORDER BY title
 LIMIT 5 
 OFFSET 5



Unnamed: 0,id,title,director,year,length_minutes
0,14,Monsters University,Dan Scanlon,2013,110
1,4,"Monsters, Inc.",Pete Docter,2001,92
2,8,Ratatouille,Brad Bird,2007,115
3,6,The Incredibles,Brad Bird,2004,116
4,1,Toy Story,John Lasseter,1995,81


-------------

## JOINS - Inner joins

From tables `movies` and `movie_info`

1. Find the domestic and international sales for each movie
2. Show the sales numbers for each movie that did better internationally rather than domestically
3. List all the movies by their ratings in descending order

In [None]:
0 - Descobir quais tabelas tem as informações necessarias
1 - SELECT geral das tabelas a serem utilizadas
2 - Join das tabelas necessarias 
2.1 - ver como as tabelas se conectam (chaves)
2.2 - Verificar quantas linhas eu tenho antes e depois da conexao
2.3 - Decidir qual é o join mais apropriado (left,right,inner,outter)
3 - Filtros
4 - Quais colunas entram no select 

In [170]:
query= '''SELECT title
FROM movie_info 
INNER JOIN movies 
ON movie_info.movie_id = movies.id
WHERE domestic_sales<international_sales'''
pd.read_sql(query, con=conn)

Unnamed: 0,title
0,A Bug's Life
1,Finding Nemo
2,The Incredibles
3,Ratatouille
4,WALL-E
5,Up
6,Toy Story 3
7,Cars 2
8,Brave
9,Monsters University


In [167]:
pd.read_sql('movies', con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


In [42]:
pd.read_sql('movie_info', con=conn)

Unnamed: 0,movie_id,rating,domestic_sales,international_sales
0,5,8.2,380843261,555900000
1,14,7.4,268492764,475066843
2,8,8.0,206445654,417277164
3,12,6.4,191452396,368400000
4,3,7.9,245852179,239163000
5,6,8.0,261441092,370001000
6,9,8.5,223808164,297503696
7,11,8.4,415004880,648167031
8,1,8.3,191796233,170162503
9,7,7.2,244082982,217900167


In [43]:
query = '''
SELECT *
  FROM movies AS A
       LEFT JOIN
       movie_info B
    ON A.id = B.movie_id
'''
print(query)
pd.read_sql(query, con=conn)


SELECT *
  FROM movies AS A
       LEFT JOIN
       movie_info B
    ON A.id = B.movie_id



Unnamed: 0,id,title,director,year,length_minutes,movie_id,rating,domestic_sales,international_sales
0,1,Toy Story,John Lasseter,1995,81,1.0,8.3,191796233.0,170162503.0
1,2,A Bug's Life,John Lasseter,1998,95,2.0,7.2,162798565.0,200600000.0
2,3,Toy Story 2,John Lasseter,1999,93,3.0,7.9,245852179.0,239163000.0
3,4,"Monsters, Inc.",Pete Docter,2001,92,4.0,8.1,289916256.0,272900000.0
4,5,Finding Nemo,Andrew Stanton,2003,107,5.0,8.2,380843261.0,555900000.0
5,6,The Incredibles,Brad Bird,2004,116,6.0,8.0,261441092.0,370001000.0
6,7,Cars,John Lasseter,2006,117,7.0,7.2,244082982.0,217900167.0
7,8,Ratatouille,Brad Bird,2007,115,8.0,8.0,206445654.0,417277164.0
8,9,WALL-E,Andrew Stanton,2008,104,9.0,8.5,223808164.0,297503696.0
9,10,Up,Pete Docter,2009,101,10.0,8.3,293004164.0,438338580.0


In [44]:
query = '''
SELECT A.*,
       B.domestic_sales,
       B.international_sales
  FROM movies AS A
       LEFT JOIN
       movie_info B
    ON A.id = B.movie_id
'''
print(query)
pd.read_sql(query, con=conn)


SELECT A.*,
       B.domestic_sales,
       B.international_sales
  FROM movies AS A
       LEFT JOIN
       movie_info B
    ON A.id = B.movie_id



Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,1,Toy Story,John Lasseter,1995,81,191796233.0,170162503.0
1,2,A Bug's Life,John Lasseter,1998,95,162798565.0,200600000.0
2,3,Toy Story 2,John Lasseter,1999,93,245852179.0,239163000.0
3,4,"Monsters, Inc.",Pete Docter,2001,92,289916256.0,272900000.0
4,5,Finding Nemo,Andrew Stanton,2003,107,380843261.0,555900000.0
5,6,The Incredibles,Brad Bird,2004,116,261441092.0,370001000.0
6,7,Cars,John Lasseter,2006,117,244082982.0,217900167.0
7,8,Ratatouille,Brad Bird,2007,115,206445654.0,417277164.0
8,9,WALL-E,Andrew Stanton,2008,104,223808164.0,297503696.0
9,10,Up,Pete Docter,2009,101,293004164.0,438338580.0


In [45]:
query = '''
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       LEFT JOIN
       movie_info AS MI
    ON M.id = MI.movie_id
'''

print(query)
pd.read_sql(query, con=conn)


SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       LEFT JOIN
       movie_info AS MI
    ON M.id = MI.movie_id



Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,1,Toy Story,John Lasseter,1995,81,191796233.0,170162503.0
1,2,A Bug's Life,John Lasseter,1998,95,162798565.0,200600000.0
2,3,Toy Story 2,John Lasseter,1999,93,245852179.0,239163000.0
3,4,"Monsters, Inc.",Pete Docter,2001,92,289916256.0,272900000.0
4,5,Finding Nemo,Andrew Stanton,2003,107,380843261.0,555900000.0
5,6,The Incredibles,Brad Bird,2004,116,261441092.0,370001000.0
6,7,Cars,John Lasseter,2006,117,244082982.0,217900167.0
7,8,Ratatouille,Brad Bird,2007,115,206445654.0,417277164.0
8,9,WALL-E,Andrew Stanton,2008,104,223808164.0,297503696.0
9,10,Up,Pete Docter,2009,101,293004164.0,438338580.0


In [46]:
query = '''
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       LEFT JOIN
       movie_info AS MI
    ON M.id = MI.movie_id
 WHERE MI.international_sales > MI.domestic_sales
'''

print(query)
pd.read_sql(query, con=conn)


SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       LEFT JOIN
       movie_info AS MI
    ON M.id = MI.movie_id
 WHERE MI.international_sales > MI.domestic_sales



Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,2,A Bug's Life,John Lasseter,1998,95,162798565,200600000
1,5,Finding Nemo,Andrew Stanton,2003,107,380843261,555900000
2,6,The Incredibles,Brad Bird,2004,116,261441092,370001000
3,8,Ratatouille,Brad Bird,2007,115,206445654,417277164
4,9,WALL-E,Andrew Stanton,2008,104,223808164,297503696
5,10,Up,Pete Docter,2009,101,293004164,438338580
6,11,Toy Story 3,Lee Unkrich,2010,103,415004880,648167031
7,12,Cars 2,John Lasseter,2011,120,191452396,368400000
8,13,Brave,Brenda Chapman,2012,102,237283207,301700000
9,14,Monsters University,Dan Scanlon,2013,110,268492764,475066843


In [47]:
query = '''
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       movie_info AS MI
    ON M.id = MI.movie_id AND MI.international_sales > MI.domestic_sales;
'''

print(query)
pd.read_sql(query, con=conn)


SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       movie_info AS MI
    ON M.id = MI.movie_id AND MI.international_sales > MI.domestic_sales;



Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,2,A Bug's Life,John Lasseter,1998,95,162798565,200600000
1,5,Finding Nemo,Andrew Stanton,2003,107,380843261,555900000
2,6,The Incredibles,Brad Bird,2004,116,261441092,370001000
3,8,Ratatouille,Brad Bird,2007,115,206445654,417277164
4,9,WALL-E,Andrew Stanton,2008,104,223808164,297503696
5,10,Up,Pete Docter,2009,101,293004164,438338580
6,11,Toy Story 3,Lee Unkrich,2010,103,415004880,648167031
7,12,Cars 2,John Lasseter,2011,120,191452396,368400000
8,13,Brave,Brenda Chapman,2012,102,237283207,301700000
9,14,Monsters University,Dan Scanlon,2013,110,268492764,475066843


### Optimizing the query using subqueries:

In [171]:
pd.read_sql('SELECT * FROM movie_info WHERE international_sales > domestic_sales', con=conn)

Unnamed: 0,movie_id,rating,domestic_sales,international_sales
0,5,8.2,380843261,555900000
1,14,7.4,268492764,475066843
2,8,8.0,206445654,417277164
3,12,6.4,191452396,368400000
4,6,8.0,261441092,370001000
5,9,8.5,223808164,297503696
6,11,8.4,415004880,648167031
7,10,8.3,293004164,438338580
8,2,7.2,162798565,200600000
9,13,7.2,237283207,301700000


In [172]:
query = '''
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       (SELECT movie_id, international_sales, domestic_sales FROM movie_info WHERE international_sales > domestic_sales) AS MI
    ON M.id = MI.movie_id
 
'''

print(query)
pd.read_sql(query, con=conn)


SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       (SELECT movie_id, international_sales, domestic_sales FROM movie_info WHERE international_sales > domestic_sales) AS MI
    ON M.id = MI.movie_id
 



Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,2,A Bug's Life,John Lasseter,1998,95,162798565,200600000
1,5,Finding Nemo,Andrew Stanton,2003,107,380843261,555900000
2,6,The Incredibles,Brad Bird,2004,116,261441092,370001000
3,8,Ratatouille,Brad Bird,2007,115,206445654,417277164
4,9,WALL-E,Andrew Stanton,2008,104,223808164,297503696
5,10,Up,Pete Docter,2009,101,293004164,438338580
6,11,Toy Story 3,Lee Unkrich,2010,103,415004880,648167031
7,12,Cars 2,John Lasseter,2011,120,191452396,368400000
8,13,Brave,Brenda Chapman,2012,102,237283207,301700000
9,14,Monsters University,Dan Scanlon,2013,110,268492764,475066843


### Organizing stuff using `Common Table Expressions (CTEs)`
The `WITH` syntax

https://www.geeksforgeeks.org/sql-with-clause/

In [49]:
query = '''

WITH international_better AS (
-- This table contains information where sales are better internationally
SELECT movie_id,
       international_sales,
       domestic_sales
  FROM movie_info 
 WHERE international_sales > domestic_sales
),
-- bring sales info from international_better table
joined_table AS (
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       international_better AS MI
    ON M.id = MI.movie_id
)
SELECT id,
       title,
       director,
       year,
       length_minutes, 
       domestic_sales,
       international_sales
  FROM joined_table
 
'''

print(query)
pd.read_sql(query, con=conn)



WITH international_better AS (
-- This table contains information where sales are better internationally
SELECT movie_id,
       international_sales,
       domestic_sales
  FROM movie_info 
 WHERE international_sales > domestic_sales
),
-- bring sales info from international_better table
joined_table AS (
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       international_better AS MI
    ON M.id = MI.movie_id
)
SELECT id,
       title,
       director,
       year,
       length_minutes, 
       domestic_sales,
       international_sales
  FROM joined_table
 



Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,2,A Bug's Life,John Lasseter,1998,95,162798565,200600000
1,5,Finding Nemo,Andrew Stanton,2003,107,380843261,555900000
2,6,The Incredibles,Brad Bird,2004,116,261441092,370001000
3,8,Ratatouille,Brad Bird,2007,115,206445654,417277164
4,9,WALL-E,Andrew Stanton,2008,104,223808164,297503696
5,10,Up,Pete Docter,2009,101,293004164,438338580
6,11,Toy Story 3,Lee Unkrich,2010,103,415004880,648167031
7,12,Cars 2,John Lasseter,2011,120,191452396,368400000
8,13,Brave,Brenda Chapman,2012,102,237283207,301700000
9,14,Monsters University,Dan Scanlon,2013,110,268492764,475066843


In [175]:
query='''CREATE TEMPORARY TABLE example AS
        SELECT * FROM movies WHERE year<2000;
        SELECT * FROM example;'''
pd.read_sql(query,con=conn)

ProgrammingError: (pymysql.err.ProgrammingError) (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT * FROM example' at line 3")
[SQL: CREATE TEMPORARY TABLE example AS
        SELECT * FROM movies WHERE year<2000;
        SELECT * FROM example;]
(Background on this error at: http://sqlalche.me/e/13/f405)

## JOINS - Outer joins + NULLs

From table `buildings` and `employees`

1. Find the list of all buildings that have employees
2. Find the list of all buildings and their height
3. List all buildings and the distinct employee roles in each building (including empty buildings)
4. Find the name and role of all employees who have not been assigned to a building
5. Find the names of the buildings that hold no employees

In [183]:
query = '''SELECT * 
FROM employees
INNER JOIN buildings
ON employees.building = buildings.` building_name`
'''

pd.read_sql(query,con=conn)

Unnamed: 0,role,name,years_employed,building,building_id,building_name,height


In [50]:
query = 'SELECT role, name, building FROM employees WHERE building IS NULL'
print(query)
pd.read_sql(query, con=conn)

SELECT role, name, building FROM employees WHERE building IS NULL


Unnamed: 0,role,name,building
0,Engineer,Yancy I.,
1,Artist,Oliver P.,


## Performing calculations inside queries

- `CASE WHEN` syntax

From tables `movies` and `movie_info`: 

0. Create a variable called `fl_post_millenium` which results in 1 if the year is >= 2000 else 0
1. List all movies and their combined sales in millions of dollars
2. List all movies and their ratings in percent
3. List all movies that were released on even number years

In [185]:
query = '''
SELECT 
*,
(CASE WHEN year BETWEEN 1990 AND 1999 THEN '90s' 
     WHEN year BETWEEN 2000 AND 2009 THEN '00s'
     WHEN year BETWEEN 2010 AND 2019 THEN '10s'
     ELSE 'Other'
     END) AS milenia
FROM movies
'''
print(query)
pd.read_sql(query, con=conn)


SELECT 
*,
(CASE WHEN year BETWEEN 1990 AND 1999 THEN '90s' 
     WHEN year BETWEEN 2000 AND 2009 THEN '00s'
     WHEN year BETWEEN 2010 AND 2019 THEN '10s'
     ELSE 'Other'
     END) AS milenia
FROM movies



Unnamed: 0,id,title,director,year,length_minutes,milenia
0,1,Toy Story,John Lasseter,1995,81,90s
1,2,A Bug's Life,John Lasseter,1998,95,90s
2,3,Toy Story 2,John Lasseter,1999,93,90s
3,4,"Monsters, Inc.",Pete Docter,2001,92,00s
4,5,Finding Nemo,Andrew Stanton,2003,107,00s
5,6,The Incredibles,Brad Bird,2004,116,00s
6,7,Cars,John Lasseter,2006,117,00s
7,8,Ratatouille,Brad Bird,2007,115,00s
8,9,WALL-E,Andrew Stanton,2008,104,00s
9,10,Up,Pete Docter,2009,101,00s


In [51]:
# 0: CASE WHEN
query = '''
SELECT A.id,
       A.title,
       A.director,
       A.year,
       A.length_minutes,
       B.rating,
       (CASE WHEN A.year >= 2000 THEN 1 ELSE 0 END) AS fl_post_millenium
  FROM movies AS A
       INNER JOIN
       movie_info AS B
    ON A.id = B.movie_id   
    ;
'''
print(query)
pd.read_sql(query, con=conn)


SELECT A.id,
       A.title,
       A.director,
       A.year,
       A.length_minutes,
       B.rating,
       (CASE WHEN A.year >= 2000 THEN 1 ELSE 0 END) AS fl_post_millenium
  FROM movies AS A
       INNER JOIN
       movie_info AS B
    ON A.id = B.movie_id   
    ;



Unnamed: 0,id,title,director,year,length_minutes,rating,fl_post_millenium
0,1,Toy Story,John Lasseter,1995,81,8.3,0
1,2,A Bug's Life,John Lasseter,1998,95,7.2,0
2,3,Toy Story 2,John Lasseter,1999,93,7.9,0
3,4,"Monsters, Inc.",Pete Docter,2001,92,8.1,1
4,5,Finding Nemo,Andrew Stanton,2003,107,8.2,1
5,6,The Incredibles,Brad Bird,2004,116,8.0,1
6,7,Cars,John Lasseter,2006,117,7.2,1
7,8,Ratatouille,Brad Bird,2007,115,8.0,1
8,9,WALL-E,Andrew Stanton,2008,104,8.5,1
9,10,Up,Pete Docter,2009,101,8.3,1


# Group by's and aggregations - MAX, AVG, SUM

From tables `employees` and `buildings`

1. Find the longest time that an employee has been at the Empire State
2. For each role, find the average number of years employed by employees in that role
3. Find the total number of employee years worked in each building

In [55]:
pd.read_sql('SELECT AVG(years_employed) FROM employees', con=conn)

Unnamed: 0,AVG(years_employed)
0,4.3333


In [56]:
# 1 

query = '''
SELECT role, 
       AVG(years_employed) AS avg_years,
       COUNT(years_employed) AS qtd_linhas
  FROM employees
 GROUP BY role;
'''

pd.read_sql(query, con=conn)

Unnamed: 0,role,avg_years,qtd_linhas
0,Engineer,2.8333,6
1,Artist,5.0,6
2,Manager,6.0,3


In [54]:
employees.groupby(by='role', as_index=False).agg(avg_years = ('years_employed', 'mean'))

Unnamed: 0,role,avg_years
0,Artist,5.0
1,Engineer,2.833333
2,Manager,6.0


In [57]:
# 1 

query = '''
SELECT director, 
       COUNT(*)
  FROM movies
 GROUP BY director;
'''

pd.read_sql(query, con=conn)


Unnamed: 0,director,COUNT(*)
0,John Lasseter,5
1,Pete Docter,2
2,Andrew Stanton,2
3,Brad Bird,2
4,Lee Unkrich,1
5,Brenda Chapman,2
6,Dan Scanlon,1


In [58]:
# 1 

query = '''
SELECT director, 
       SUM(CASE WHEN year > 2000 THEN 1 ELSE 0 END) AS qtd_movies_after_2000
  FROM movies
 GROUP BY director;
'''

pd.read_sql(query, con=conn)

Unnamed: 0,director,qtd_movies_after_2000
0,John Lasseter,2.0
1,Pete Docter,2.0
2,Andrew Stanton,2.0
3,Brad Bird,2.0
4,Lee Unkrich,1.0
5,Brenda Chapman,2.0
6,Dan Scanlon,1.0


In [59]:
# 1 

query = '''
SELECT director, 
       COUNT(*) AS qtd_movies_after_2000
  FROM movies
 WHERE year >= 2000
 GROUP BY director;
'''

pd.read_sql(query, con=conn)

Unnamed: 0,director,qtd_movies_after_2000
0,Pete Docter,2
1,Andrew Stanton,2
2,Brad Bird,2
3,John Lasseter,2
4,Lee Unkrich,1
5,Brenda Chapman,2
6,Dan Scanlon,1


-- The order of SQL queries: 
> https://jvns.ca/blog/2019/10/03/sql-queries-don-t-start-with-select/ (really good blog)

----

# EXTRA: ❌ DANGER ❌


# SQL Injection


0. Search for vulnerabilities.
> `inurl:index.php?id=1`

1. Enter the website 

2. Check if it is vulnerable to SQL-injection 
> plug a backtick (`) at the end of the id=1 query

> https://security.stackexchange.com/questions/121204/dumping-custom-query-via-sql-injection-when-output-is-in-the-die-function

**Important Note**: SQL injection is not legal. Train elsewhere https://ringzer0ctf.com/

In [None]:
df = pd.DataFrame(data=[('andre','admin'), 
                        ('matheus','qwerty'),
                        ('rai','1234567890'), 
                        ('lucas','0987654321')], 
                  columns=['username', 'password'])

In [None]:
df

In [None]:
df.to_sql('user_info', con=conn, if_exists='replace', index=False)

In [None]:
user = 'andre'
password = 'adminashdiuyhasoiudhuiuasldhoasd'

pd.read_sql(f"SELECT * FROM user_info WHERE username = '{user}' AND password = '{password}'", con=conn)

In [None]:
def check_access(user, password):
    
    query = f"SELECT * FROM user_info WHERE username = '{user}' AND password = '{password}'"
    pprint(query)
    df = pd.read_sql(query, con=conn)
    
    if df.shape[0] != 0:
        print('ACCESS GRANTED!')
    else:
        print('ACCESS DENIED!')
    

In [None]:
check_access('andre', 'admin')

In [None]:
check_access("andre'-- ", 'japsduiofjhoiasjdfpojaspdfoijasdpof')

In [None]:
check_access("joao' OR 1=1 -- ", 'ahsiodoiuasuhdas')

In [None]:
pd.read_sql("SELECT * FROM user_info WHERE username = 'joao' OR 1=1", con=conn)

In [None]:
user = "andre\\' --"

In [None]:
f"SELECT * FROM user_info WHERE username = '{user}'"

In [None]:
pd.read_sql(db.text(f"SELECT * FROM user_info WHERE username = '{user}'"), con=conn)