This is CS50

relational databases
sqlite3
.mode csv
.import FILE TABLE
.schema
C
R
U
D
CREATE
READ
UPDATE
DELETE
SQL
INSERT
SELECT
UPDATE
DELETE
...
CREATE TABLE table (column type, ...);
BLOB
INTEGER
NUMERIC
REAL
TEXT
BLOB
INTEGER
smallint
integer
bigint
NUMERIC
REAL
TEXT
BLOB
INTEGER
NUMERIC
REAL
real
double precision
TEXT
BLOB
INTEGER
NUMERIC
boolean
date
datetime
numeric(scale,precision)
time
timestamp
REAL
TEXT
BLOB
INTEGER
NUMERIC
REAL
TEXT
char(n)
varchar(n)
text
INSERT INTO table (column, ...) VALUES(value, ...);
SELECT columns FROM table;
AVG
COUNT
DISTINCT
MAX
MIN
...
WHERE
LIKE
LIMIT
GROUP BY
ORDER BY
JOIN
...
SELECT columns FROM table WHERE condition;
UPDATE table SET column=value WHERE condition;
DELETE FROM table WHERE condition;
 IMDb
imdb.com/interfaces
title.basics.tsv
tconst tt4786824

titleType tvSeries

primaryTitle The Crown

startYear 2016

genres Drama,History

...
title.basics.tsv
tconst tt4786824

titleType tvSeries

primaryTitle The Crown

startYear 2016

genres Drama,History

...
title.basics.tsv
tconst tt4786824

titleType tvSeries

primaryTitle The Crown

startYear 2016

genres Drama,History

...
title.basics.tsv
tconst tt4786824

titleType tvSeries

primaryTitle The Crown

startYear 2016

genres Drama,History

...
title.basics.tsv
tconst tt4786824

titleType tvSeries

primaryTitle The Crown

startYear 2016

genres Drama,History

...
title.basics.tsv
tconst tt4786824

titleType tvSeries

primaryTitle The Crown

startYear 2016

genres Drama,History

...
title.basics.tsv
tconst tt4786824

titleType tvSeries

primaryTitle The Crown

startYear 2016

genres Drama,History

...
Please don’t eat candy in here btw :)
db = cs50.SQL("sqlite:///shows.db")
title.basics.tsv
tconst tt4786824

titleType tvSeries

primaryTitle The Crown

startYear 2016

genres Drama,History

...
name.basics.tsv
nconst nm2946516

primaryName Claire Foy

birthYear 1984

...
title.principals.tsv
tconst tt4786824

nconst nm2946516

category actress

...
title.ratings.tsv
tconst tt4786824

averageRating 8.7

numVotes 88529

...
PRIMARY KEY
FOREIGN KEY
UNIQUE
INDEX
AUTOINCREMENT
NOT NULL
indexes
B-trees
CREATE INDEX name ON table (column, ...);
CREATE INDEX name ON table (column, ...);
CREATE INDEX name ON table (column, ...);
CREATE INDEX name ON table (column, ...);
CREATE INDEX name ON table (column, ...);
DB Browser for SQLite
sqlitebrowser.org
race conditions
rows = db.execute("SELECT likes FROM posts WHERE id=?", id);
likes = rows[0]["likes"]
db.execute("UPDATE posts SET likes = ?", likes + 1);
rows = db.execute("SELECT likes FROM posts WHERE id=?", id);
likes = rows[0]["likes"]
db.execute("UPDATE posts SET likes = ?", likes + 1);
BEGIN TRANSACTION
COMMIT
ROLLBACK
SQL injection attacks
rows = db.execute("SELECT * FROM users WHERE username = ? AND password = ?", username, password)

if len(rows) == 1:
# Logged in!
rows = db.execute("SELECT * FROM users WHERE username = ? AND password = ?", username, password)

if len(rows) == 1:
# Logged in!
rows = db.execute("SELECT * FROM users WHERE username = ? AND password = ?", username, password)

if len(rows) == 1:
# Logged in!
rows = db.execute(f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'")

if len(rows) == 1:
# Logged in!
rows = db.execute(f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'")

if len(rows) == 1:
# Logged in!
rows = db.execute(f"SELECT * FROM users WHERE username = '[email protected]'--' AND password = '{password}'")

if len(rows) == 1:
# Logged in!
rows = db.execute(f"SELECT * FROM users WHERE username = '[email protected]'--' AND password = '{password}'")

if len(rows) == 1:
# Logged in!
rows = db.execute("SELECT * FROM users WHERE username = ? AND password = ?", username, password)

if len(rows) == 1:
# Logged in!
xkcd.com/327
This is CS50