
# Connecting SQL to Python

In [1]:
import pandas as pd

# Markdown

Jupyter Notebooks accepts Markdown, which accepts SQL like syntax

```sql
SELECT movie_id,
       international_sales
  FROM my_table
 WHERE id = 10;
```

In [2]:
# running strings with markdown
from IPython.display import display, Markdown

def pprint(query):
    """A helper function to display a string with a sql-like markdown syntax """
    
    display(Markdown(f'''```mysql 
    {query}```'''))

In [4]:
pprint('SELECT * FROM my_table')

```mysql 
    SELECT * FROM my_table```

In [5]:
pprint('''
SELECT movie_id,
       international_sales
  FROM movie_info
 WHERE id = 10;''')

```mysql 
    
SELECT movie_id,
       international_sales
  FROM movie_info
 WHERE id = 10;```

# Datasets

In [6]:
movies = pd.read_csv('data/movies.csv')
movie_info = pd.read_csv('data/movie_info.csv')
buildings = pd.read_csv('data/buildings.csv')
employees = pd.read_csv('data/employees.csv')
cities = pd.read_csv('data/cities.csv')

# Connect to database

## We'll use an API (Application Programming Interface) to connect to our database.

SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that gives application developers the full power and flexibility of SQL.

In [None]:
!pip install SQLAlchemy

In [9]:
# WINDOWS:
!pip install psycopg2

# for MACBOOK (MacOS) users, install the following:
# !pip install psycopg2-binary

Collecting psycopg2
  Downloading psycopg2-2.8.5-cp38-cp38-win_amd64.whl (1.1 MB)
Installing collected packages: psycopg2
Successfully installed psycopg2-2.8.5


In [7]:
import sqlalchemy as db


To connect to a database you will usually pass something called `connection string` or `database url` For sqlalchemy it consists of:
- **DB server name** (`mysql`, `postgresql`, `mongodb`) --> official name: _dialect_ 
- **[+driver]** --> Optional driver name, the name of the API to connect with the DB (`psycopg2`, `pyodbc`) 
- ://**username:password** --> password you set up when created database on pgadmin4 for instance
- @**hostname** --> when running locally (`localhost` or `127.0.0.1`), in practice a url provided by the admin.
- /**database name** name of the specific database database you're connecting to (`review`)

In [None]:
import sqlalchemy as db

# create the engine
engine = db.create_engine('postgresql://postgres:Postgre1912!@localhost/datapt_202007')

# localhost = 127.0.0.1

# open the connection
conn = engine.connect()

In [11]:
db_server = 'postgresql'
user = 'postgres'
password = 'Postgre1912!'
ip = 'localhost'
db_name = 'datapt_202007'

# create the engine
engine = db.create_engine(f'{db_server}://{user}:{password}@{ip}/{db_name}')

# open the connection
conn = engine.connect()

# CREATING TABLE via python

The pandas module has built-in functionalities that handles that for you ♥️

In [12]:
employees.head()

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa


In [13]:
employees.to_sql(name='employees', con=conn)

In [14]:
employees.to_sql(name='employees', con=conn, if_exists='replace', index=False )

## READING TABLE via python

In [15]:
# run a query by specifying the query as a string in python 
pd.read_sql_query('SELECT years_employed, building FROM employees;', con=conn)

Unnamed: 0,years_employed,building
0,4,Burj Khalifa
1,2,Burj Khalifa
2,6,Burj Khalifa
3,4,Burj Khalifa
4,1,Burj Khalifa
5,2,Empire State
6,8,Empire State
7,6,Empire State
8,7,Empire State
9,7,Empire State


## You can read a table directly 

In [16]:
pd.read_sql_table('employees', con=conn)

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa
5,Artist,Tylar S.,2,Empire State
6,Artist,Sherman D.,8,Empire State
7,Artist,Jakob J.,6,Empire State
8,Artist,Lillia A.,7,Empire State
9,Artist,Brandon J.,7,Empire State


In [17]:
pd.read_sql('SELECT * FROM employees', con=conn)

Unnamed: 0,role,name,years_employed,building
0,Engineer,Becky A.,4,Burj Khalifa
1,Engineer,Dan B.,2,Burj Khalifa
2,Engineer,Sharon F.,6,Burj Khalifa
3,Engineer,Dan M.,4,Burj Khalifa
4,Engineer,Malcom S.,1,Burj Khalifa
5,Artist,Tylar S.,2,Empire State
6,Artist,Sherman D.,8,Empire State
7,Artist,Jakob J.,6,Empire State
8,Artist,Lillia A.,7,Empire State
9,Artist,Brandon J.,7,Empire State


# Inserting all tables into database:

In [18]:
movies.to_sql('movies', conn, if_exists='replace', index=False)
employees.to_sql('employees', conn, if_exists='replace', index=False)
cities.to_sql('cities', conn, if_exists='replace', index=False)
movie_info.to_sql('movie_info', conn, if_exists='replace', index=False)
buildings.to_sql('buildings', conn, if_exists='replace', index=False)

## Let's check that

In [19]:
query = '''
SELECT  id, 
        title, 
        director
  FROM movies'''

In [20]:
pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT  id, 
        title, 
        director
  FROM movies```

Unnamed: 0,id,title,director
0,1,Toy Story,John Lasseter
1,2,A Bug's Life,John Lasseter
2,3,Toy Story 2,John Lasseter
3,4,"Monsters, Inc.",Pete Docter
4,5,Finding Nemo,Andrew Stanton
5,6,The Incredibles,Brad Bird
6,7,Cars,John Lasseter
7,8,Ratatouille,Brad Bird
8,9,WALL-E,Andrew Stanton
9,10,Up,Pete Docter


## Important to understand

Note that when you `pd.read_sql('SELECT * FROM table')`, you are effectivelly sending the string to the PostgreSQL server and the code is being executed **there!** ♥️. Nothing is being executed on Python. The result is then transfered to Python and transformed into a dataframe. But if you have a HUGE table in your database, you can perform the operations there and then bring only the results to your pandas dataframe.

-----------

# SQL review via mini-challenges.

## SELECT queries

For the `movies` table:

1. Find the title of each film
2. Find the director of each film
3. Find the title and director of each film
4. Find the title and year of each film
5. Find all the information about each film

In [21]:
query = '''
SELECT title 
  FROM movies;
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT title 
  FROM movies;
```

Unnamed: 0,title
0,Toy Story
1,A Bug's Life
2,Toy Story 2
3,"Monsters, Inc."
4,Finding Nemo
5,The Incredibles
6,Cars
7,Ratatouille
8,WALL-E
9,Up


In [22]:
# 3 

query = '''
SELECT title, 
       director 
  FROM movies'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT title, 
       director 
  FROM movies```

Unnamed: 0,title,director
0,Toy Story,John Lasseter
1,A Bug's Life,John Lasseter
2,Toy Story 2,John Lasseter
3,"Monsters, Inc.",Pete Docter
4,Finding Nemo,Andrew Stanton
5,The Incredibles,Brad Bird
6,Cars,John Lasseter
7,Ratatouille,Brad Bird
8,WALL-E,Andrew Stanton
9,Up,Pete Docter


In [23]:
# 5

query = 'SELECT * FROM movies'

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    SELECT * FROM movies```

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


## WHERE clause - filters

1. Find the movie with a row id of 6 and 3
2. Find the movies released in the years between 2000 and 2010
3. Find the movies not released in the years between 2000 and 2010
4. Find the first 5 Pixar movies and their release year (suppose id is given in order)

In [24]:
query = '''
SELECT * 
  FROM movies
 WHERE id = 3 OR id = 6;
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT * 
  FROM movies
 WHERE id = 3 OR id = 6;
```

Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,6,The Incredibles,Brad Bird,2004,116


In [25]:
query = '''
SELECT * 
  FROM movies
 WHERE id IN (3,6,8);
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT * 
  FROM movies
 WHERE id IN (3,6,8);
```

Unnamed: 0,id,title,director,year,length_minutes
0,3,Toy Story 2,John Lasseter,1999,93
1,6,The Incredibles,Brad Bird,2004,116
2,8,Ratatouille,Brad Bird,2007,115


In [26]:
query = '''
SELECT * 
  FROM movies
 WHERE title IN ('Cars', 'Ratatouille','Up');
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT * 
  FROM movies
 WHERE title IN ('Cars', 'Ratatouille','Up');
```

Unnamed: 0,id,title,director,year,length_minutes
0,7,Cars,John Lasseter,2006,117
1,8,Ratatouille,Brad Bird,2007,115
2,10,Up,Pete Docter,2009,101


In [27]:
selected_movie = ('Up', 'Cars')

In [28]:
query = f'''
SELECT * 
  FROM movies
 WHERE title IN {selected_movie};
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT * 
  FROM movies
 WHERE title IN ('Up', 'Cars');
```

Unnamed: 0,id,title,director,year,length_minutes
0,7,Cars,John Lasseter,2006,117
1,10,Up,Pete Docter,2009,101


In [None]:
selected_movie = input('Which movie do you want?')

In [33]:
query = f'''
SELECT * 
  FROM movies
 WHERE title LIKE '{selected_movie}';
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT * 
  FROM movies
 WHERE title LIKE '('Up', 'Cars')';
```

ProgrammingError: (psycopg2.errors.SyntaxError) syntax error at or near "Up"
LINE 4:  WHERE title LIKE '('Up', 'Cars')';
                             ^

[SQL: 
SELECT * 
  FROM movies
 WHERE title LIKE '('Up', 'Cars')';
]
(Background on this error at: http://sqlalche.me/e/13/f405)

In [34]:
# 3

query = '''
SELECT *
  FROM movies
 WHERE year >= 2000 AND year < 2010 
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT *
  FROM movies
 WHERE year >= 2000 AND year < 2010 
```

Unnamed: 0,id,title,director,year,length_minutes
0,4,"Monsters, Inc.",Pete Docter,2001,92
1,5,Finding Nemo,Andrew Stanton,2003,107
2,6,The Incredibles,Brad Bird,2004,116
3,7,Cars,John Lasseter,2006,117
4,8,Ratatouille,Brad Bird,2007,115
5,9,WALL-E,Andrew Stanton,2008,104
6,10,Up,Pete Docter,2009,101


In [31]:
# 3

query = '''
SELECT *
  FROM movies
 WHERE year BETWEEN 2000 AND 2009 
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT *
  FROM movies
 WHERE year BETWEEN 2000 AND 2009 
```

Unnamed: 0,id,title,director,year,length_minutes
0,4,"Monsters, Inc.",Pete Docter,2001,92
1,5,Finding Nemo,Andrew Stanton,2003,107
2,6,The Incredibles,Brad Bird,2004,116
3,7,Cars,John Lasseter,2006,117
4,8,Ratatouille,Brad Bird,2007,115
5,9,WALL-E,Andrew Stanton,2008,104
6,10,Up,Pete Docter,2009,101


In [36]:
# 4

query = '''
SELECT *
  FROM movies
 WHERE year NOT BETWEEN 2000 AND 2009 
'''

pprint(query)
df = pd.read_sql(query, con=conn)

```mysql 
    
SELECT *
  FROM movies
 WHERE year NOT BETWEEN 2000 AND 2009 
```

In [37]:
df.sort_values(by='year', ascending=False)

Unnamed: 0,id,title,director,year,length_minutes
7,87,WALL-G,Brenda Chapman,2042,97
6,14,Monsters University,Dan Scanlon,2013,110
5,13,Brave,Brenda Chapman,2012,102
4,12,Cars 2,John Lasseter,2011,120
3,11,Toy Story 3,Lee Unkrich,2010,103
2,3,Toy Story 2,John Lasseter,1999,93
1,2,A Bug's Life,John Lasseter,1998,95
0,1,Toy Story,John Lasseter,1995,81


In [38]:
my_queries = ['SELECT * FROM movies' for i in range(2)]

In [39]:
query = '\nUNION ALL\n'.join(my_queries)

In [40]:
pprint(query)

```mysql 
    SELECT * FROM movies
UNION ALL
SELECT * FROM movies```

In [41]:
pd.read_sql(query, con=conn)

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


In [42]:
pd.concat([movies, movies]).reset_index(drop=True)

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107
5,6,The Incredibles,Brad Bird,2004,116
6,7,Cars,John Lasseter,2006,117
7,8,Ratatouille,Brad Bird,2007,115
8,9,WALL-E,Andrew Stanton,2008,104
9,10,Up,Pete Docter,2009,101


In [None]:
tables = ['financial_boleto', 'financial_cheque', 'financial_cartao']
my_queries = []
for table in tables:
    for year in [201801, 201802, 201803]:    
        my_queries.append(f'''SELECT * FROM {table}_{year}''')

In [None]:
pprint('\nUNION ALL\n'.join(my_queries))

In [None]:
pd.concat([df, df])

## LIKE clause, % and _

1. Find all the Toy Story movies
2. Find all the movies directed by John Lasseter
3. Find all the movies (and director) not directed by John Lasseter
4. Find all the WALL-* movies

In [43]:
query = """
SELECT * 
  FROM movies 
 WHERE title LIKE 'Toy %'
 """
pprint(query)
pd.read_sql(query, conn)


```mysql 
    
SELECT * 
  FROM movies 
 WHERE title LIKE 'Toy %'
 ```

TypeError: dict is not a sequence

### Regex PostgreSQL

In [None]:
movies

In [None]:
query = """
SELECT * 
  FROM movies 
 WHERE title ~ 'Toy [Ss]tory \d'
"""

pd.read_sql(query, conn)

In [None]:
query = """
SELECT * 
  FROM movies 
 WHERE title ~ '^[A-F].*'
"""

pd.read_sql(query, conn)

## ORDER BY clause, DISTINCT, OFFSET

1. List all directors of Pixar movies (alphabetically), without duplicates
2. List the last four Pixar movies released (ordered from most recent to least)
3. List the first five Pixar movies sorted alphabetically
4. List the next five Pixar movies sorted alphabetically

In [44]:
# 1

query = '''
SELECT DISTINCT director 
  FROM movies
 ORDER BY director DESC
'''
pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT DISTINCT director 
  FROM movies
 ORDER BY director DESC
```

Unnamed: 0,director
0,Pete Docter
1,Lee Unkrich
2,John Lasseter
3,Dan Scanlon
4,Brenda Chapman
5,Brad Bird
6,Andrew Stanton


In [45]:
# 1

query = '''
SELECT director 
  FROM movies
 GROUP BY director
 ORDER BY director
'''
pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT director 
  FROM movies
 GROUP BY director
 ORDER BY director
```

Unnamed: 0,director
0,Andrew Stanton
1,Brad Bird
2,Brenda Chapman
3,Dan Scanlon
4,John Lasseter
5,Lee Unkrich
6,Pete Docter


In [46]:
# 5

query = '''
SELECT * 
  FROM movies
 ORDER BY year
 LIMIT 5
'''
pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT * 
  FROM movies
 ORDER BY year
 LIMIT 5
```

Unnamed: 0,id,title,director,year,length_minutes
0,1,Toy Story,John Lasseter,1995,81
1,2,A Bug's Life,John Lasseter,1998,95
2,3,Toy Story 2,John Lasseter,1999,93
3,4,"Monsters, Inc.",Pete Docter,2001,92
4,5,Finding Nemo,Andrew Stanton,2003,107


In [None]:
# 5

query = '''
SELECT * 
  FROM movies
 ORDER BY year
 LIMIT 5 
 OFFSET 5
'''
pprint(query)
pd.read_sql(query, con=conn)

-------------

## JOINS - Inner joins

From tables `movies` and `movie_info`

1. Find the domestic and international sales for each movie
2. Show the sales numbers for each movie that did better internationally rather than domestically
3. List all the movies by their ratings in descending order

In [None]:
pd.read_sql('movie_info', con=conn)

In [47]:
query = '''
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       LEFT JOIN
       movie_info AS MI
    ON M.id = MI.movie_id
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       LEFT JOIN
       movie_info AS MI
    ON M.id = MI.movie_id
```

Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,5,Finding Nemo,Andrew Stanton,2003,107,380843261.0,555900000.0
1,14,Monsters University,Dan Scanlon,2013,110,268492764.0,475066843.0
2,8,Ratatouille,Brad Bird,2007,115,206445654.0,417277164.0
3,12,Cars 2,John Lasseter,2011,120,191452396.0,368400000.0
4,3,Toy Story 2,John Lasseter,1999,93,245852179.0,239163000.0
5,6,The Incredibles,Brad Bird,2004,116,261441092.0,370001000.0
6,9,WALL-E,Andrew Stanton,2008,104,223808164.0,297503696.0
7,11,Toy Story 3,Lee Unkrich,2010,103,415004880.0,648167031.0
8,1,Toy Story,John Lasseter,1995,81,191796233.0,170162503.0
9,7,Cars,John Lasseter,2006,117,244082982.0,217900167.0


In [48]:
query = '''
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       movie_info AS MI
    ON M.id = MI.movie_id AND MI.international_sales > MI.domestic_sales;
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       movie_info AS MI
    ON M.id = MI.movie_id AND MI.international_sales > MI.domestic_sales;
```

Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,2,A Bug's Life,John Lasseter,1998,95,162798565,200600000
1,5,Finding Nemo,Andrew Stanton,2003,107,380843261,555900000
2,6,The Incredibles,Brad Bird,2004,116,261441092,370001000
3,8,Ratatouille,Brad Bird,2007,115,206445654,417277164
4,9,WALL-E,Andrew Stanton,2008,104,223808164,297503696
5,10,Up,Pete Docter,2009,101,293004164,438338580
6,11,Toy Story 3,Lee Unkrich,2010,103,415004880,648167031
7,12,Cars 2,John Lasseter,2011,120,191452396,368400000
8,13,Brave,Brenda Chapman,2012,102,237283207,301700000
9,14,Monsters University,Dan Scanlon,2013,110,268492764,475066843


In [49]:
query = '''
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       LEFT JOIN
       movie_info AS MI
    ON M.id = MI.movie_id
 WHERE MI.international_sales > MI.domestic_sales
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       LEFT JOIN
       movie_info AS MI
    ON M.id = MI.movie_id
 WHERE MI.international_sales > MI.domestic_sales
```

Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,2,A Bug's Life,John Lasseter,1998,95,162798565,200600000
1,5,Finding Nemo,Andrew Stanton,2003,107,380843261,555900000
2,6,The Incredibles,Brad Bird,2004,116,261441092,370001000
3,8,Ratatouille,Brad Bird,2007,115,206445654,417277164
4,9,WALL-E,Andrew Stanton,2008,104,223808164,297503696
5,10,Up,Pete Docter,2009,101,293004164,438338580
6,11,Toy Story 3,Lee Unkrich,2010,103,415004880,648167031
7,12,Cars 2,John Lasseter,2011,120,191452396,368400000
8,13,Brave,Brenda Chapman,2012,102,237283207,301700000
9,14,Monsters University,Dan Scanlon,2013,110,268492764,475066843


### Optimizing the query using subqueries:

In [50]:
pd.read_sql('SELECT * FROM movie_info WHERE international_sales > domestic_sales', con=conn)

Unnamed: 0,movie_id,rating,domestic_sales,international_sales
0,5,8.2,380843261,555900000
1,14,7.4,268492764,475066843
2,8,8.0,206445654,417277164
3,12,6.4,191452396,368400000
4,6,8.0,261441092,370001000
5,9,8.5,223808164,297503696
6,11,8.4,415004880,648167031
7,10,8.3,293004164,438338580
8,2,7.2,162798565,200600000
9,13,7.2,237283207,301700000


In [51]:
query = '''
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       (SELECT * FROM movie_info WHERE international_sales > domestic_sales) AS MI
    ON M.id = MI.movie_id
 
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       (SELECT * FROM movie_info WHERE international_sales > domestic_sales) AS MI
    ON M.id = MI.movie_id
 
```

Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,2,A Bug's Life,John Lasseter,1998,95,162798565,200600000
1,5,Finding Nemo,Andrew Stanton,2003,107,380843261,555900000
2,6,The Incredibles,Brad Bird,2004,116,261441092,370001000
3,8,Ratatouille,Brad Bird,2007,115,206445654,417277164
4,9,WALL-E,Andrew Stanton,2008,104,223808164,297503696
5,10,Up,Pete Docter,2009,101,293004164,438338580
6,11,Toy Story 3,Lee Unkrich,2010,103,415004880,648167031
7,12,Cars 2,John Lasseter,2011,120,191452396,368400000
8,13,Brave,Brenda Chapman,2012,102,237283207,301700000
9,14,Monsters University,Dan Scanlon,2013,110,268492764,475066843


### Organizing stuff using `Common Table Expressions (CTEs)`
The `WITH` syntax

https://www.geeksforgeeks.org/sql-with-clause/

In [52]:
query = '''

WITH international_better AS (
-- This table contains information where sales are better internationally
SELECT * FROM movie_info WHERE international_sales > domestic_sales
),
-- bring sales info from international_better table
joined_table AS (
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       international_better AS MI
    ON M.id = MI.movie_id
)
SELECT * 
  FROM joined_table
 
'''

pprint(query)
pd.read_sql(query, con=conn)

```mysql 
    

WITH international_better AS (
-- This table contains information where sales are better internationally
SELECT * FROM movie_info WHERE international_sales > domestic_sales
),
-- bring sales info from international_better table
joined_table AS (
SELECT M.id,
       M.title,
       M.director,
       M.year,
       M.length_minutes,
       MI.domestic_sales,
       MI.international_sales
  FROM movies AS M
       INNER JOIN
       international_better AS MI
    ON M.id = MI.movie_id
)
SELECT * 
  FROM joined_table
 
```

Unnamed: 0,id,title,director,year,length_minutes,domestic_sales,international_sales
0,2,A Bug's Life,John Lasseter,1998,95,162798565,200600000
1,5,Finding Nemo,Andrew Stanton,2003,107,380843261,555900000
2,6,The Incredibles,Brad Bird,2004,116,261441092,370001000
3,8,Ratatouille,Brad Bird,2007,115,206445654,417277164
4,9,WALL-E,Andrew Stanton,2008,104,223808164,297503696
5,10,Up,Pete Docter,2009,101,293004164,438338580
6,11,Toy Story 3,Lee Unkrich,2010,103,415004880,648167031
7,12,Cars 2,John Lasseter,2011,120,191452396,368400000
8,13,Brave,Brenda Chapman,2012,102,237283207,301700000
9,14,Monsters University,Dan Scanlon,2013,110,268492764,475066843


## JOINS - Outer joins + NULLs

From table `buildings` and `employees`

1. Find the list of all buildings that have employees
2. Find the list of all buildings and their height
3. List all buildings and the distinct employee roles in each building (including empty buildings)
4. Find the name and role of all employees who have not been assigned to a building
5. Find the names of the buildings that hold no employees

In [53]:
#employees
query = '''
SELECT A.*,
       B.*
  FROM employees AS A
       LEFT JOIN
       buildings AS B
    ON A.building = B." building_name"
 WHERE A.building IS NULL
'''

pd.read_sql(query, con=conn)


Unnamed: 0,role,name,years_employed,building,building_id,building_name,height
0,Artist,Oliver P.,0,,,,
1,Engineer,Yancy I.,0,,,,


## Performing calculations inside queries

- `CASE WHEN` syntax

From tables `movies` and `movie_info`: 

0. Create a variable called `fl_post_millenium` which results in 1 if the year is >= 2000 else 0
1. List all movies and their combined sales in millions of dollars
2. List all movies and their ratings in percent
3. List all movies that were released on even number years

In [54]:
# 0: CASE WHEN

pd.read_sql('''
SELECT A.id,
       A.title,
       A.director,
       A.year,
       A.length_minutes,
       B.rating,
       (CASE WHEN A.year >= 2000 THEN B.rating ELSE 0 END) AS fl_post_millenium
  FROM movies AS A
       INNER JOIN
       movie_info AS B
    ON A.id = B.movie_id   
    ;
''', con=conn)

Unnamed: 0,id,title,director,year,length_minutes,rating,fl_post_millenium
0,5,Finding Nemo,Andrew Stanton,2003,107,8.2,8.2
1,14,Monsters University,Dan Scanlon,2013,110,7.4,7.4
2,8,Ratatouille,Brad Bird,2007,115,8.0,8.0
3,12,Cars 2,John Lasseter,2011,120,6.4,6.4
4,3,Toy Story 2,John Lasseter,1999,93,7.9,0.0
5,6,The Incredibles,Brad Bird,2004,116,8.0,8.0
6,9,WALL-E,Andrew Stanton,2008,104,8.5,8.5
7,11,Toy Story 3,Lee Unkrich,2010,103,8.4,8.4
8,1,Toy Story,John Lasseter,1995,81,8.3,0.0
9,7,Cars,John Lasseter,2006,117,7.2,7.2


# Group by's and aggregations - MAX, AVG, SUM

From tables `employees` and `buildings`

1. Find the longest time that an employee has been at the Empire State
2. For each role, find the average number of years employed by employees in that role
3. Find the total number of employee years worked in each building

In [56]:
# 1 

query = '''
SELECT role, 
       AVG(years_employed) 
  FROM employees
 GROUP BY role;
'''

pd.read_sql(query, con=conn)


Unnamed: 0,role,avg
0,Engineer,2.833333
1,Manager,6.0
2,Artist,5.0


In [57]:
# 1 

query = '''
SELECT director, 
       COUNT(*)
  FROM movies
 GROUP BY director;
'''

pd.read_sql(query, con=conn)


Unnamed: 0,director,count
0,Brad Bird,2
1,John Lasseter,5
2,Andrew Stanton,2
3,Lee Unkrich,1
4,Dan Scanlon,1
5,Brenda Chapman,2
6,Pete Docter,2


In [58]:
# 1 

query = '''
SELECT director, 
       SUM(CASE WHEN year > 2000 THEN 1 ELSE 0 END) AS qtd_movies
  FROM movies
 GROUP BY director;
'''

pd.read_sql(query, con=conn)

Unnamed: 0,director,qtd_movies
0,Brad Bird,2
1,John Lasseter,2
2,Andrew Stanton,2
3,Lee Unkrich,1
4,Dan Scanlon,1
5,Brenda Chapman,2
6,Pete Docter,2


-- The order of SQL queries: 
> https://jvns.ca/blog/2019/10/03/sql-queries-don-t-start-with-select/ (really good blog)

----

# EXTRA: ❌ DANGER ❌


# SQL Injection


0. Search for vulnerabilities.
> `inurl:index.php?id=1`

1. Enter the website 

2. Check if it is vulnerable to SQL-injection 
> plug a backtick (`) at the end of the id=1 query

> https://security.stackexchange.com/questions/121204/dumping-custom-query-via-sql-injection-when-output-is-in-the-die-function

**Important Note**: SQL injection is not legal. Train elsewhere https://ringzer0ctf.com/

In [None]:
df = pd.DataFrame(data=[('andre','admin'), 
                        ('matheus','qwerty'),
                        ('rai','1234567890'), 
                        ('lucas','0987654321')], 
                  columns=['username', 'password'])

In [None]:
df

In [None]:
df.to_sql('user_info', con=conn, if_exists='replace', index=False)

In [None]:
username = 'andre'
password = 'admin'

pd.read_sql(f"""
SELECT * FROM user_info WHERE username = '{username}' AND password = '{password}'
""", con=conn)

In [None]:
def check_access(username, password):
    
    query = f"SELECT * FROM user_info WHERE username = '{username}' AND password = '{password}'"
    pprint(query)
    if pd.read_sql(query, con=conn).shape[0] != 0:
        print('ACCESS GRANTED!')
    else:
        print('ACCESS DENIED!')

In [None]:
check_access()