<a name="top"></a>
# Using SQL in Python
Python needs a driver to access the RDBMS; and different RDBMS may require different driver. Here we will use [sqlite3](https://docs.python.org/3/library/sqlite3.html#module-sqlite3) since it is a self-contained, serverless,
zero-configuration, transactional SQL database
engine. It is perfect for beginners.

In this tutorial, we will cover,
1. [Connect to SQL Server](#connect_server)
2. [Create Table](#create_table)
3. [Manipulate Table](#manipulate_table)
4. [Delete Table](#delete_table)

<a name="connect_server"></a>
## 1. Connect to SQL Server

In [57]:
import sqlite3
conn = sqlite3.connect('example.db')
print(conn)

<sqlite3.Connection object at 0x7f4be4226730>


`sqlite3.connect` creates a new database if the database with the specified name doesn't exist; otherwise, it opens the database. We interact with SQL database through a Cursor object.

In [58]:
c = conn.cursor()
print(c)

<sqlite3.Cursor object at 0x7f4be420a9d0>


[[top](#top)]

<a name="create_table"></a>
## 2. Create Table
A database contains table(s). To create a table, use the `CREATE TABLE` statement.

In [59]:
c.execute('''CREATE TABLE stocks
        (date date, 
        trans text, 
        symbol text, 
        qty real, 
        price real)''')

<sqlite3.Cursor at 0x7f4be420a9d0>

Here is the short list of SQL data types that we usually use.

| Data Type | Description |
|-----------|---------------------------|
| char(n)   | Fixed length string |
| text      | A string |
| integer   | Signed integer |
| real      | Floating precision number |
| date      | Date |

(For [more details](https://www.w3schools.com/sql/sql_datatypes.asp))

[[top](#top)]

<a name="manipulate_table"></a>
## 3. Manipulate Table
We can do 4 basic functions to records:
1. [Create](#create) ==> INSERT
2. [Read](#read) ==> SELECT
3. [Update](#update) ==> UPDATE
4. [Delete](#delete) ==> DELETE

<a name="create"></a>
### 3.1 Insert
Use Cursor object to execute the "INSERT INTO" statement. And use `conn.commit` to apply changes.

In [60]:
c.execute("INSERT INTO stocks VALUES ('2018-01-12','BUY','RHAT',100,35.14)")
conn.commit()

To insert multiple rows, use `executemany` function. 

In [61]:
purchases = [('2018-04-12', 'BUY', 'IBM', 1000, 45.00),
            ('2018-08-20', 'BUY', 'MSFT', 1000, 72.50),
            ('2018-12-25', 'SELL', 'IBM', 500, 53.00)]
c.executemany("INSERT INTO stocks VALUES (?,?,?,?,?)", purchases)

<sqlite3.Cursor at 0x7f4be420a9d0>

### SQL Injection Attack

Don’t assemble your query using Python’s string
operations because it is vulnerable to an SQL injection attack

**SQL injections** is a code injection technique, in which nefarious SQL statements are executed.

![SQL_injections](https://imgs.xkcd.com/comics/exploits_of_a_mom.png)

<a name="read"></a>
### 3.2 Select
Query is a request for data or information from a database table or combination of tables. Use `SELECT` statement to make a query from a table:

In [62]:
c.execute('SELECT * FROM stocks')
print(c.fetchone())

('2018-01-12', 'BUY', 'RHAT', 100.0, 35.14)


Use `fetchone` to retrieve one result record. Use `fetchall` to retrieve all result records.

In [63]:
c.execute('SELECT * FROM stocks')
for record in c.fetchall():
    print(record)

('2018-01-12', 'BUY', 'RHAT', 100.0, 35.14)
('2018-04-12', 'BUY', 'IBM', 1000.0, 45.0)
('2018-08-20', 'BUY', 'MSFT', 1000.0, 72.5)
('2018-12-25', 'SELL', 'IBM', 500.0, 53.0)


### Filter
To select only some columns, specify column name(s) after the `SELECT` statement

In [64]:
c.execute('SELECT trans, qty FROM stocks')
for record in c.fetchall():
    print(record)

('BUY', 100.0)
('BUY', 1000.0)
('BUY', 1000.0)
('SELL', 500.0)


To select only some rows, use `WHERE` statement to define the condition(s) of rows you want to include.

In [65]:
symbol = 'IBM'
c.execute("SELECT * FROM stocks WHERE symbol = ?", (symbol, ))
for record in c.fetchall():
    print(record)

('2018-04-12', 'BUY', 'IBM', 1000.0, 45.0)
('2018-12-25', 'SELL', 'IBM', 500.0, 53.0)


Essentially, you want to put the parameters in the cursor command (not by manipulating the string directly), because it will make sure to make the data database safe. 

For more details, see https://docs.python.org/2/library/sqlite3.html#cursor-objects

### Primary Key
PRIMARY KEY is a column with a unique value for
each record.

In [66]:
c.execute('''CREATE TABLE brokers 
        (id integer primary key, 
        symbol text, 
        name text,
        age int)''')

<sqlite3.Cursor at 0x7f4be420a9d0>

`id` is a `integer primary key` column so it must contains an integer starting at 1, and increated by one for each record.

In [67]:
brokers = [('IBM', 'John', 40), 
          ('MSFT', 'Amy', 35), 
          ('RHAT', 'Matt', 55)]
c.executemany("INSERT INTO brokers(symbol, name, age) VALUES(?,?,?)",
             brokers)
conn.commit()

In [68]:
c.execute("SELECT * FROM brokers")
for record in c.fetchall():
    print(record)

(1, 'IBM', 'John', 40)
(2, 'MSFT', 'Amy', 35)
(3, 'RHAT', 'Matt', 55)


### Work with Multiple Tables
Relational databases always involve multiple tables. Use `JOIN` statment to combine rows from two or more tables. There are 4 ways to join. The most frequently used one is the `INNER JOIN`, which returns records that have matching values in both tables

![](https://www.w3schools.com/sql/img_innerjoin.gif)

In [69]:
c.execute('''SELECT * FROM stocks 
                INNER JOIN brokers 
                ON stocks.symbol = brokers.symbol''')
for record in c.fetchall():
    print(record)

('2018-01-12', 'BUY', 'RHAT', 100.0, 35.14, 3, 'RHAT', 'Matt', 55)
('2018-04-12', 'BUY', 'IBM', 1000.0, 45.0, 1, 'IBM', 'John', 40)
('2018-08-20', 'BUY', 'MSFT', 1000.0, 72.5, 2, 'MSFT', 'Amy', 35)
('2018-12-25', 'SELL', 'IBM', 500.0, 53.0, 1, 'IBM', 'John', 40)


Use `ON` the specify the matching conditions. For multiple conditions, use `AND` and `OR`.

#### Comparison operators in SQL

| Operator | Description |
|----------|-------------|
| =        | Equal to |
| >        | Greater than |
| <        | Less than |
| >=       | Greater than or equal to |
| <=       | Less than or equal to |
| <>       | Not equal to |

### Alias
Use `AS` to rename columns or tables.

In [70]:
c.execute('''SELECT * FROM stocks AS s
                INNER JOIN brokers AS b
                ON s.symbol = b.symbol''')
for record in c.fetchall():
    print(record)

('2018-01-12', 'BUY', 'RHAT', 100.0, 35.14, 3, 'RHAT', 'Matt', 55)
('2018-04-12', 'BUY', 'IBM', 1000.0, 45.0, 1, 'IBM', 'John', 40)
('2018-08-20', 'BUY', 'MSFT', 1000.0, 72.5, 2, 'MSFT', 'Amy', 35)
('2018-12-25', 'SELL', 'IBM', 500.0, 53.0, 1, 'IBM', 'John', 40)


[[top](#top)]

<a name="update"></a>
### 3.3 Update
To change values of existing records in a table, use `UPDATE...SET...WHERE` statement

In [71]:
symbol = 'RHAT'
c.execute('''UPDATE stocks SET qty = 200, price = 50
                WHERE symbol = "{}"'''.format(symbol))
c.execute('SELECT * FROM stocks')
for record in c.fetchall():
    print(record)

('2018-01-12', 'BUY', 'RHAT', 200.0, 50.0)
('2018-04-12', 'BUY', 'IBM', 1000.0, 45.0)
('2018-08-20', 'BUY', 'MSFT', 1000.0, 72.5)
('2018-12-25', 'SELL', 'IBM', 500.0, 53.0)


<a name="delete"></a>
### 3.4 Delete
To remove records, use `DELETE FROM` statement

In [72]:
symbol = 'RHAT'
c.execute('DELETE FROM stocks WHERE symbol = "{}"'.format(symbol))
conn.commit()
c.execute('SELECT * FROM stocks')
for record in c.fetchall():
    print(record)

('2018-04-12', 'BUY', 'IBM', 1000.0, 45.0)
('2018-08-20', 'BUY', 'MSFT', 1000.0, 72.5)
('2018-12-25', 'SELL', 'IBM', 500.0, 53.0)


Notice that we call `commit` after insertion or deletion, when changes in records occur.

[[top](#top)]

<a name="delete_table"></a>
## 4. Delete Table
To delete an existing table, use `DROP TABLE` statement

In [73]:
c.execute('DROP TABLE stocks')

<sqlite3.Cursor at 0x7f4be420a9d0>

Use the following code to get a list of tables.

In [74]:
c.execute("SELECT name FROM sqlite_master WHERE type='table';")
print(c.fetchall())

[('brokers',)]


[[top](#top)]

----

## Open SQL with Pandas

The [`pandas.io.sql` module](http://pandas.pydata.org/pandas-docs/stable/user_guide/io.html#sql-queries) provides a collection of query wrappers to both facilitate data retrieval and to reduce dependency on DB-specific API. It supports multiple driver library, e.g., SQLAlchemy. 

### Query
To query, use `read_sql` with SQL statement to load data into DataFrame (see https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.read_sql.html):


In [75]:
import pandas as pd
import sqlite3
conn = sqlite3.connect("example.db")
pd.read_sql("select * from brokers;", conn)

Unnamed: 0,id,symbol,name,age
0,1,IBM,John,40
1,2,MSFT,Amy,35
2,3,RHAT,Matt,55


However, `to_sql` function doesn't handle different RDBMS very well. It is better to use the driver library directly.

In [76]:
c.execute('DROP TABLE brokers')

<sqlite3.Cursor at 0x7f4be420a9d0>