Python and Databases – Drive DataScience

Connecting Python to databases is a critical task in application development, allowing you to store, manipulate, and query data efficiently. Python offers various libraries and tools to facilitate these connections. Let’s discuss three popular methods: `sqlite3` for SQLite, `psycopg2` for PostgreSQL, and `SQLAlchemy` as an Object-Relational Mapping (ORM) tool.

### 1. SQLite with `sqlite3` (Built-in)

SQLite is a self-contained, serverless, and zero-configuration database engine. Python’s standard library includes `sqlite3`, allowing easy access to SQLite databases.

#### Connection Handling
“`python
import sqlite3

# Connect to SQLite database (or create it if it doesn’t exist)
connection = sqlite3.connect(‘example.db’)

# Create a cursor object using the connection
cursor = connection.cursor()
“`

#### CRUD Operations

– **Create**
“`python
cursor.execute(‘CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT, age INTEGER)’)
cursor.execute(“INSERT INTO users (name, age) VALUES (?, ?)”, (‘Alice’, 30))
connection.commit() # Commit the transaction
“`

– **Read**
“`python
cursor.execute(“SELECT * FROM users”)
users = cursor.fetchall()
for user in users:
print(user)
“`

– **Update**
“`python
cursor.execute(“UPDATE users SET age = ? WHERE name = ?”, (31, ‘Alice’))
connection.commit()
“`

– **Delete**
“`python
cursor.execute(“DELETE FROM users WHERE name = ?”, (‘Alice’,))
connection.commit()
“`

#### Transactions and Security
Ensure that every critical operation is committed. Use parameterized queries to prevent SQL injection attacks.

“`python
try:
cursor.execute(“INSERT INTO users (name, age) VALUES (?, ?)”, (‘Bob’, 25))
connection.commit()
except sqlite3.Error as e:
connection.rollback()
print(f”An error occurred: {e}”)
finally:
connection.close()
“`

### 2. PostgreSQL with `psycopg2`

`psycopg2` is a popular Python adapter for PostgreSQL. It provides support for various PostgreSQL features and is widely used in the industry.

#### Connection Handling
“`python
import psycopg2

try:
connection = psycopg2.connect(
dbname=’yourdbname’,
user=’yourusername’,
password=’yourpassword’,
host=’localhost’,
port=’5432′
)
cursor = connection.cursor()
except psycopg2.Error as e:
print(f”An error occurred: {e}”)
“`

#### CRUD Operations

– **Create**
“`python
cursor.execute(”’
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
name VARCHAR(100),
age INTEGER
)
”’)
cursor.execute(“INSERT INTO users (name, age) VALUES (%s, %s)”, (‘Alice’, 30))
connection.commit()
“`

– **Read**
“`python
cursor.execute(“SELECT * FROM users”)
users = cursor.fetchall()
for user in users:
print(user)
“`

– **Update**
“`python
cursor.execute(“UPDATE users SET age = %s WHERE name = %s”, (31, ‘Alice’))
connection.commit()
“`

– **Delete**
“`python
cursor.execute(“DELETE FROM users WHERE name = %s”, (‘Alice’,))
connection.commit()
“`

#### Transactions and Security
Use transactions to ensure data integrity and parameterized queries to prevent SQL injections.

“`python
try:
cursor.execute(“INSERT INTO users (name, age) VALUES (%s, %s)”, (‘Bob’, 25))
connection.commit()
except psycopg2.Error as e:
connection.rollback()
print(f”An error occurred: {e}”)
finally:
connection.close()
“`

### 3. SQLAlchemy (ORM)

SQLAlchemy is a powerful ORM tool that abstracts database interactions and allows working with Python objects rather than SQL statements.

#### Setup
“`python
from sqlalchemy import create_engine, Column, Integer, String
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker

engine = create_engine(‘sqlite:///example.db’, echo=True) # You can also use PostgreSQL
Base = declarative_base()

class User(Base):
__tablename__ = ‘users’
id = Column(Integer, primary_key=True)
name = Column(String)
age = Column(Integer)

Base.metadata.create_all(engine)
Session = sessionmaker(bind=engine)
session = Session()
“`

#### CRUD Operations

– **Create**
“`python
new_user = User(name=’Alice’, age=30)
session.add(new_user)
session.commit()
“`

– **Read**
“`python
all_users = session.query(User).all()
for user in all_users:
print(user.name, user.age)
“`

– **Update**
“`python
user_to_update = session.query(User).filter_by(name=’Alice’).first()
user_to_update.age = 31
session.commit()
“`

– **Delete**
“`python
user_to_delete = session.query(User).filter_by(name=’Alice’).first()
session.delete(user_to_delete)
session.commit()
“`

#### Transactions and Security
Transactions in SQLAlchemy are handled automatically, but you can manage them manually if needed. ORM inherently provides protection against SQL injection by not allowing SQL strings directly.

“`python
try:
new_user = User(name=’Bob’, age=25)
session.add(new_user)
session.commit()
except Exception as e:
session.rollback()
print(f”An error occurred: {e}”)
finally:
session.close()
“`

### Security Best Practices

1. **Use Parameterized Queries:** Avoid SQL injections by using parameterized queries or bound parameters.
2. **Secure Connection Information:** Do not hard-code connection information like passwords. Use environment variables or secure vaults.
3. **Manage Transactions Properly:** Always handle exceptions and ensure proper commit/rollback to maintain data integrity.
4. **Minimal Privileges:** Grant only necessary permissions to database users connecting from your application.

By leveraging these libraries and following best practices, you can effectively manage database operations in Python applications.