Forem: Bartosz The latest articles on Forem by Bartosz (@karmekk). https://forem.com/karmekk https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F511890%2Fb692ad55-eeb9-4581-a2f7-b4f4d086d3c6.jpeg Forem: Bartosz https://forem.com/karmekk en Creating a simple SQLite-based app with Python Bartosz Fri, 11 Jun 2021 19:00:24 +0000 https://forem.com/karmekk/creating-a-simple-sqlite-based-app-with-python-2p2c https://forem.com/karmekk/creating-a-simple-sqlite-based-app-with-python-2p2c <p><em>Cover image by <a href="https://unsplash.com/@honza_kahanek?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText" rel="noopener noreferrer">Jan Kahánek</a> on <a href="https://unsplash.com/s/photos/notepad?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText" rel="noopener noreferrer">Unsplash</a></em></p> <h2> Introduction </h2> <p>Most modern apps require some kind of data storage. For this purpose, relational database management systems (RDBMS) are commonly used - for example PostgreSQL, MySQL, Microsoft SQL Server, among others. However, it can be difficult for a beginner to understand them - that's when SQLite comes in.</p> <p>In this article, I'm going to show you what SQLite is and how to use it with Python to make a simple database-driven app. It assumes that you already have some knowledge of Python (variables, if/else statements, loops). We are also going to use SQL - if you don't know anything about it, <a href="https://sqlbolt.com/" rel="noopener noreferrer">SQLBolt</a> is a great place to start. You should have an idea on how to perform simple queries on tables.</p> <h3> About SQLite </h3> <p>SQLite is a relational database management system similar to these listed above, but it has a significant difference!</p> <p>From <a href="https://en.wikipedia.org/wiki/SQLite" rel="noopener noreferrer">Wikipedia</a>:</p> <blockquote> <p>In contrast to many other database management systems, SQLite is not a client–server database engine.</p> </blockquote> <p>What it means is that there is no database server; all data is saved in a file. It is also possible to keep the database in your computer's RAM (useful for testing).</p> <p>SQLite can be also used with web frameworks like <a href="https://en.wikipedia.org/wiki/Django_(web_framework)" rel="noopener noreferrer">Django</a> (or with any programming language that has a SQLite driver).</p> <h3> About the app </h3> <p>The app will be a simple note list that demonstrates the use of SQLite. Nothing complicated, as we want to focus on the database side.</p> <h3> Software prerequisites </h3> <ul> <li>Python 3 (support for Python 2 has been already dropped)</li> <li>plain text editor (I use VSCode)</li> </ul> <p>You don't have to install anything related to SQLite - Python comes with built-in SQLite support in the <code>sqlite3</code> package.</p> <p>Let's go!</p> <h2> Creating the app </h2> <h3> Initialization </h3> <p>Open your text editor and create a new Python script. I named mine <code>notes.py</code>.</p> <p>As I said before, SQLite support is provided by <code>sqlite3</code> package. Let's import it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">sqlite3</span> </code></pre> </div> <p>Now we can create a database connection.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># open a SQLite connection # a database file called data.db will be created, # if it does not exist </span><span class="n">connection</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="sh">'</span><span class="s">data.db</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># close the connection </span><span class="n">connection</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <ul> <li> <code>'data.db'</code> can be anything (as long as it's a valid Python string); you can also use <code>':memory:'</code> if you want to store the database in the RAM</li> <li>note the <code>connection.close()</code> method; it must be called in order to free resources used by the database</li> </ul> <h3> Listing data in the database </h3> <p>In order to query the database, we must create a <a href="https://en.wikipedia.org/wiki/Cursor_(databases)" rel="noopener noreferrer">database cursor</a>.<br> Then, we can use it to perform queries.</p> <p>Add the following code between <code>connection = sqlite3.connect('data.db')</code> and <code>connection.close()</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># create a database cursor </span><span class="n">cur</span> <span class="o">=</span> <span class="n">connection</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="c1"># query the database for ALL data in the notes table </span><span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'</span><span class="s">SELECT * FROM notes;</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># print the result </span><span class="n">result</span> <span class="o">=</span> <span class="n">cur</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">)</span> <span class="c1"># close the cursor </span><span class="n">cur</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <ul> <li>after creating the cursor, we use the <code>execute</code> method to make a query to the database</li> <li>we assign the query result to a variable named <code>result</code> (<code>fetchall</code> returns a list of tuples) and print it out</li> <li>again, when we don't need the cursor anymore, we close it to free used resources (<a href="https://stackoverflow.com/questions/2330344/in-python-with-sqlite-is-it-necessary-to-close-a-cursor" rel="noopener noreferrer">although some people say it's not neccessary</a>)</li> </ul> <p>The full code looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">sqlite3</span> <span class="c1"># open a SQLite connection # a database file called data.db will be created, # if it does not exist </span><span class="n">connection</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="sh">'</span><span class="s">data.db</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># create a database cursor </span><span class="n">cur</span> <span class="o">=</span> <span class="n">connection</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="c1"># query the database for ALL data in the notes table </span><span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'</span><span class="s">SELECT * FROM notes;</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># print the result </span><span class="n">result</span> <span class="o">=</span> <span class="n">cur</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">)</span> <span class="c1"># close the cursor </span><span class="n">cur</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="c1"># close the connection </span><span class="n">connection</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <h3> "No such table" error </h3> <p>If you now try to execute this Python script, you should see an error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ python notes.py Traceback (most recent call last): File "/home/bartoszg/Dokumenty/code/console-sqlite/notes.py", line 12, in &lt;module&gt; cur.execute('SELECT * FROM notes;') sqlite3.OperationalError: no such table: notes </code></pre> </div> <p>This is absolutely normal - we were trying to query a fresh database with no data in it.</p> <p>In general, data in a RDBMS is placed in <strong>tables</strong> (also called <a href="https://en.wikipedia.org/wiki/Relation_(database)" rel="noopener noreferrer">relations</a>). </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fomg5i0r9iedbubg12hqn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fomg5i0r9iedbubg12hqn.png" alt="Example database tables" width="800" height="441"></a></p> <p><em>Source: <a href="https://dba.stackexchange.com/questions/187544/designing-a-database-structure-for-companies-and-stock-owners" rel="noopener noreferrer">https://dba.stackexchange.com/questions/187544/designing-a-database-structure-for-companies-and-stock-owners</a></em></p> <p>There are three tables in the database above:</p> <ul> <li>Companies</li> <li>Company_ID</li> <li>Owners</li> </ul> <p>If you need, you can read more about tables at the <a href="https://sqlbolt.com/lesson/inserting_rows" rel="noopener noreferrer">SQLBolt website</a>.</p> <h3> Creating a table </h3> <p>Let's describe our new table named <code>notes</code></p> <p>The table columns are:</p> <ul> <li>ID - an integer which is also a <a href="https://www.tutorialspoint.com/sql/sql-primary-key.htm" rel="noopener noreferrer">primary key</a> (that is, the ID is unique for all data rows)</li> <li>name - text, must not be empty</li> <li>description - text, may be empty</li> </ul> <p>Note that SQLite <a href="https://sqlite.org/datatype3.html" rel="noopener noreferrer">has no VARCHAR type</a>.</p> <p>This is how the SQL for our table looks like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">IF</span> <span class="k">NOT</span> <span class="k">EXISTS</span> <span class="n">notes</span> <span class="p">(</span> <span class="n">id</span> <span class="nb">INTEGER</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">name</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">description</span> <span class="nb">TEXT</span> <span class="p">);</span> </code></pre> </div> <p>Place it in our Python code, before the <code>SELECT</code> query.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># create the database table if it doesn't exist </span><span class="n">table_schema</span> <span class="o">=</span> <span class="sh">"""</span><span class="s"> CREATE TABLE IF NOT EXISTS notes ( id INTEGER PRIMARY KEY, name TEXT NOT NULL, description TEXT ); </span><span class="sh">"""</span> <span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">table_schema</span><span class="p">)</span> </code></pre> </div> <p>The code should look like this (I've added some more comments for clarity):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">sqlite3</span> <span class="c1"># # Establishing connection # </span> <span class="c1"># open a SQLite connection # a database file called data.db will be created, # if it does not exist </span><span class="n">connection</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="sh">'</span><span class="s">data.db</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># create a database cursor </span><span class="n">cur</span> <span class="o">=</span> <span class="n">connection</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="c1"># # Creating the table # </span> <span class="c1"># create the database table if it doesn't exist </span><span class="n">table_schema</span> <span class="o">=</span> <span class="sh">"""</span><span class="s"> CREATE TABLE IF NOT EXISTS notes ( id INTEGER PRIMARY KEY, name TEXT NOT NULL, description TEXT ); </span><span class="sh">"""</span> <span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">table_schema</span><span class="p">)</span> <span class="c1"># # Querying the database # </span> <span class="c1"># query the database for ALL data in the notes table </span><span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'</span><span class="s">SELECT * FROM notes;</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># print the result </span><span class="n">result</span> <span class="o">=</span> <span class="n">cur</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">)</span> <span class="c1"># # Cleaning up # </span> <span class="c1"># close the cursor </span><span class="n">cur</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="c1"># close the connection </span><span class="n">connection</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <p>Now, if you run this script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ python notes.py [] </code></pre> </div> <p>As expected, there are no data rows in our table - but there is no error, since the table <em>exists</em>.</p> <h3> Inserting data </h3> <p>If we want to insert a new row to our database, we use a <code>INSERT</code> statement. For our database, the query would look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">notes</span> <span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="n">description</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'my first note'</span><span class="p">,</span> <span class="s1">'hi, this is the description'</span><span class="p">);</span> </code></pre> </div> <p>In the first line, we said <em>which columns</em> we are inserting to, and in the second one we specified <em>what data</em> should be in these columns.</p> <p>Note that we didn't include the <code>id</code> column. This way it'll be automatically set to a random value.</p> <p>Now, for the Python code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># # Inserting to the database # </span> <span class="c1"># insert some hard-coded data </span><span class="n">insert_query</span> <span class="o">=</span> <span class="sh">"""</span><span class="s"> INSERT INTO notes (name, description) VALUES (</span><span class="sh">'</span><span class="s">my first note</span><span class="sh">'</span><span class="s">, </span><span class="sh">'</span><span class="s">hi, this is the description</span><span class="sh">'</span><span class="s">); </span><span class="sh">"""</span> <span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">insert_query</span><span class="p">)</span> <span class="c1"># save it in the database file </span><span class="n">connection</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <p>Place this just before the <em>Querying the database</em> section.</p> <h3> Custom data, SQL injection </h3> <p>You may be tempted to replace <code>'my first note'</code> and <code>'hi, this is the description'</code> like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">name</span> <span class="o">=</span> <span class="nf">input</span><span class="p">(</span><span class="sh">'</span><span class="s">Note name</span><span class="sh">'</span><span class="p">)</span> <span class="n">desc</span> <span class="o">=</span> <span class="nf">input</span><span class="p">(</span><span class="sh">'</span><span class="s">Note description</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># insert some hard-coded data </span><span class="n">insert_query</span> <span class="o">=</span> <span class="sh">"""</span><span class="s"> INSERT INTO notes (name, description) VALUES (</span><span class="sh">'</span><span class="s">{}</span><span class="sh">'</span><span class="s">, </span><span class="sh">'</span><span class="s">{}</span><span class="sh">'</span><span class="s">); </span><span class="sh">"""</span><span class="p">.</span><span class="nf">format</span><span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="n">desc</span><span class="p">)</span> <span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">insert_query</span><span class="p">)</span> </code></pre> </div> <p>Hovewer, this means that your database would be prone to a <a href="https://en.wikipedia.org/wiki/SQL_injection" rel="noopener noreferrer">SQL injection</a> attack. Arbitrary SQL code could be executed, which could have terrible consequences.</p> <p>Instead, we use <strong>SQL parameters</strong> to safely execute a SQL query containing user-provided data. Here is an example using a <code>SELECT ... FROM ... WHERE</code> query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">x</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="nf">input</span><span class="p">())</span> <span class="n">y</span> <span class="o">=</span> <span class="nf">input</span><span class="p">()</span> <span class="c1"># the correct way </span><span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'</span><span class="s">SELECT * FROM abc WHERE x = ? AND y = ?</span><span class="sh">'</span><span class="p">,</span> <span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">))</span> <span class="c1"># NEVER DO THIS </span><span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="s">SELECT * FROM abc WHERE x = </span><span class="si">{</span><span class="n">x</span><span class="si">}</span><span class="s"> AND y = </span><span class="sh">"</span><span class="si">{</span><span class="n">y</span><span class="si">}</span><span class="sh">"'</span><span class="p">)</span> <span class="c1"># NEVER DO THIS </span><span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'</span><span class="s">SELECT * FROM abc WHERE x = {} AND y = </span><span class="sh">"</span><span class="s">{}</span><span class="sh">"'</span><span class="p">.</span><span class="nf">format</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">))</span> <span class="c1"># NEVER DO THIS </span><span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'</span><span class="s">SELECT * FROM abc WHERE x = %d AND y = </span><span class="sh">"</span><span class="s">%s</span><span class="sh">"'</span> <span class="o">%</span> <span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">))</span> </code></pre> </div> <p>That's how we would implement it in the app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># # Inserting to the database # </span> <span class="n">name</span> <span class="o">=</span> <span class="nf">input</span><span class="p">(</span><span class="sh">'</span><span class="s">Note name: </span><span class="sh">'</span><span class="p">)</span> <span class="n">desc</span> <span class="o">=</span> <span class="nf">input</span><span class="p">(</span><span class="sh">'</span><span class="s">Note description: </span><span class="sh">'</span><span class="p">)</span> <span class="c1"># insert some hard-coded data </span><span class="n">insert_query</span> <span class="o">=</span> <span class="sh">"""</span><span class="s"> INSERT INTO notes (name, description) VALUES (?, ?); </span><span class="sh">"""</span> <span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">insert_query</span><span class="p">,</span> <span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="n">desc</span><span class="p">))</span> <span class="c1"># save it in the database file </span><span class="n">connection</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <p>Now try running the script.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ python notes.py Note name: hello Note description: this is my first note [(1, 'hello', 'this is my first note')] </code></pre> </div> <p>It works! Try running it several times.</p> <h3> Improving the data display </h3> <p>Displaying data as a Python array isn't very elegant. Let's change it by modifying the <em>Querying the database</em> section.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># # Querying the database # </span> <span class="c1"># query the database for ALL data in the notes table </span><span class="n">cur</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'</span><span class="s">SELECT * FROM notes;</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># print the result </span><span class="nf">print</span><span class="p">(</span><span class="sh">'</span><span class="se">\n</span><span class="s">Notes:</span><span class="sh">'</span><span class="p">)</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">cur</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">():</span> <span class="n">display_name</span> <span class="o">=</span> <span class="n">row</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="n">display_desc</span> <span class="o">=</span> <span class="n">row</span><span class="p">[</span><span class="mi">2</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="s">Note name: </span><span class="si">{</span><span class="n">display_name</span><span class="si">}</span><span class="se">\n</span><span class="s">Note description: </span><span class="si">{</span><span class="n">display_desc</span><span class="si">}</span><span class="se">\n</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <ul> <li>as we have seen before, <code>cur.fetchall</code> returns an array of tuples</li> <li> <code>row[1]</code> is the 2nd column value (name), and <code>row[2]</code> is the 3rd column value; we don't need to display the 1st value (ID)</li> <li>the <code>\n</code> character is an escape sequence; it places a new line at its position</li> </ul> <p>Try running this script now. It looks so much better, doesn't it?</p> <h2> Conclusion </h2> <p>And that's all for the tutorial. Thanks for reading, I hope you've learned something new. In fact, this is my first article :D</p> <p>We have merely scratched the surface; if you want to learn more about SQLite, check out <a href="https://www.sqlitetutorial.net/" rel="noopener noreferrer">SQLite Tutorial</a>.</p> <p>You can access the app's source code <a href="https://gist.github.com/karmek-k/4aa51a461a80c34022feb1baffe2835a" rel="noopener noreferrer">here</a>.</p> <h3> Assignments </h3> <p>Do you want to exercise yourself?</p> <ul> <li>add more table columns - creation date, category number etc</li> <li>make the app more interactive (for example, ask the user if they want to read or write data in the database)</li> <li>show only the last 5 notes (tip: use <a href="https://sqlbolt.com/lesson/filtering_sorting_query_results" rel="noopener noreferrer">ORDER BY and LIMIT</a>)</li> </ul> <p>Feel free to ask if you have any questions!</p> python sqlite