Readme
sqlcraft is a Python package for constructing SQL queries with fluent interface.
Important: Currently the package supports PostgreSQL database only.
pip3 install sqlcraft
Here is a simple query:
import psycopg2
from sqlcraft import Query
conn = psycopg2.connect(<put your connection credentials here>)
cmd = (
Query(conn)
.select(['id', 'name', 'age'])
.from_('users')
.where({
'id': 42,
'name': 'Jane',
})
.order('id')
)
Get resulting query text with cmd.as_string() method:
SELECT "id", "name", "age" FROM "users" WHERE ("id" = 42) AND ("name" = 'Jane') ORDER BY "id"
Surely all the values will be passed as query parameters in order to prevent SQL injection. Here the resulting query is illustrated with values inside for better understanding.
When you have built the query, use one of methods .all(), column(), .one()
or .scalar(). Method .all() allows you iterate over all the resulting rows from the database.
By default it returns a generator. Set parameter eager=True to get all the rows as an array.
Use .column() to fetch only a single column, .one() to fetch a single row and .scalar()
to fetch just one value. Example:
for row in cmd.all():
id, name, age = row
Get count of rows in the table:
users_total = Query(conn).select('count(*)').from_('users').scalar()
Using method chaining you can easily combine different conditions in the WHERE clause. Some examples:
Query(conn)
...
.and_where({'gender': ['male', 'female']})
.and_where('active')
.and_where('NOT banned')
.and_where(['BETWEEN', 'age', 18, 25])
.and_where(['!=', 'name', 'Aaron'])
.and_where('credit = debit')
...
This code will produce
WHERE ("gender" IN ('male', 'female')) AND ("active") AND ("age" BETWEEN 18 AND 25) AND ("name" != 'Aaron') AND ("credit" = "debit")
You can easily combine AND'n'OR conditions:
Query(conn)
.where([
'OR',
[
'AND',
['>', 'age', 35],
['!=', 'name', 'Donald'],
],
[
'AND',
['<', 'age', 18],
'NOT active',
],
])
Result:
WHERE (("age" > 35) AND ("name" != 'Donald') OR (("age" < 18) AND (NOT "active"))
Quoting is on by default. Builder will surround every field or table name with " (for PostgreSQL)
if the string doesn't contain ( and/or ) symbols. If you want to turn off quoting manually,
just embrace identifier with brackets. Examples:
Query(conn)
...
.and_where('price > 10') # "price" > 10 <- Quoting in on by default
.and_where('(no_quoting) > 10') # (no_quoting) > 10 <- Quoting turned off manually
.and_where('sum("price") > 10') # sum("price") > 10 <- You should do quoting here manually!
...
Table joining are provided with methods .join(), .join_left(), .join_right(),
.join_inner() (synonim to .join()) and .join_full(). Example:
Query(conn)
.select(['users.id', 'wallets.balance', 'l.lat', 'l.lon'])
.from_('users')
.join('wallets', on='users.id=wallets.user_id')
.join_left(
'location',
alias='l', # Table aliasing is available with `alias` argument
on='users.id=l.user_id'
)
You can combine queries together when you need to have more complicated queries:
subq = Query(conn).select('*').from_('devices').where('active')
# Subquery in FROM clause
(
Query(conn)
.select(['d.id', 'd.imei'])
.from_(subq, alias='d')
)
# Use CTE in WITH and JOIN clauses
(
Query(conn)
.with_(subq, alias='sq')
...
.from_('user', alias='u')
.join_('sq', on='u.id=sq.user_id')
...
)
# Subquery in WHERE clause
(
Query(conn)
...
.and_where([
'EXISTS',
'device_id',
Query(conn).select('id').from_('devices')
])
...
)
One statement usage:
from sqlcraft import Insert
Insert(
conn,
table='users',
values=[
{'id': 42, 'name': 'Viktor', 'weight': 75.27, 'active': True, 'pet': None},
{'id': 43, 'name': 'Anna', 'weight': 56.76, 'active': False, 'pet': 'kitty'},
]
).execute()
Another syntax:
Insert(
conn,
table='users',
columns=['id', 'name', 'weight', 'active', 'pet'],
values=[
[42, 'Viktor', 75.27, True, None],
[43, 'Anna', 56.76, False, 'kitty'],
]
).execute()
Fluent syntax:
(
Insert(conn)
.table('users')
.columns(['id', 'name', 'weight', 'active', 'pet'])
.add_values([42, 'Viktor', 75.27, True, None])
.add_values([43, 'Anna', 56.76, False, 'kitty'])
.execute()
)
RETURNING clause is available:
cmd = Insert(
conn,
table='users',
values={'name': 'Viktor'},
)
viktor_id = cmd.returning('id').scalar()
PostgreSQL extends standard syntax for INSERT command. It allows to handle conflicts with special
ON CONFLICT keyword. For more information, please see here
("ON CONFLICT Clause" section). To create this clause you can use .on_conflict_do_nothing()
and .on_conflict_do_update() methods.
from sqlcraft import Expr
(
# If another row in the table with id 42 already exists,
# a new row will be ignored
Insert(conn)
.table('users')
.columns(['id', 'name'])
.add_values([42, 'Viktor'])
.on_conflict_do_nothing('id')
.execute()
)
(
# If another row in the table with id 42 already exists,
# then `name` column of existing row will be updated with a new value
Insert(conn)
.table('users')
.columns(['id', 'name'])
.add_values([42, 'Viktor'])
.on_conflict_do_update(
'id',
{
'name': Expr('EXCLUDED.name'),
},
)
.execute()
)
Please take a look at Expr class. It tells the builder not to quote and not to parametrize
its content. This is a useful tool when you want to pass a part of SQL query as is. You should know
what you are doing with Expr because burden of protection against SQL injections lays on
your shoulders. NEVER use potentially unsafe data as an argument of Expr! In this case
we know what we are doing. Without Expr running this command could replace
name field with a string "EXCLUDED.name" instead of "Viktor". Parametrizing works always by
default. This is surely good but actually not a thing we want to get in this case. This is why we wrap "EXCLUDED.name"
value with calling Expr in order to tell the builder that "EXCLUDED.name" is a part of the query.
It is possible to use INSERT...SELECT construction - just pass pre-built Query object as an
argument:
cmd = Query(conn).select('id, name, gender').from_('users_src')
Insert(conn, table='users_dst', values=cmd).execute()
Resulting query:
INSERT INTO "users_dst" SELECT "id", "name", "gender" FROM "users_src"
Simple syntax:
Update(
conn,
table='users',
fields={
'name': 'New name',
},
where={
'id': 1,
},
).execute()
Fluent syntax:
(
Update(conn)
.table('users')
.set({'name': 'New name'})
.add_set('age', Expr('age + 1'))
.where({'id': 1})
.and_where(['!=', 'name', 'Johnny'])
.returning('id')
.column(eager=True)
)
Simple syntax:
from sqlcraft import Delete
Delete(
conn,
from_='users',
where={'id': 1},
).execute()
The same using method chaining:
(
Delete(conn)
.from_('users')
.where({'id': 1})
.execute()
)
Note that you can not execute DELETE queries without specified WHERE condition.
The builder raises an exception:
Exception: Sorry empty WHERE block is restricted on DELETE operations for security reasons
To remove all rows from the table, you should explicitly call where method like this:
(
Delete(conn)
.from_('users')
.where(True) # The way how to tell the builder that deleting all the rows is ok
.execute()
)
COPY command is a good choise for bulk insert lots of rows into a table. Here is how to use
it with sqlcraft:
from sqlcraft import Copy
Copy(
conn,
table='users',
columns=('id', 'name', 'age'),
rows=[
(1, 'Chris', 37),
(2, 'Brenda', 43),
(3, 'Mary', 22),
]
).execute()
Above the common most-used queries were described. But sometimes we face unusual queries.
It is possible to call raw queries with Command class:
from sqlcraft import Command
Command(
conn,
'ALTER TABLE "users" DROP COLUMN "gender"'
).execute()
Use %(param_name)s syntax for passing parameters to your query.
Example of using parametrization with Command:
(
Command(
conn,
'SELECT * FROM "users" WHERE "id" = %(id)s'
)
.params({
'id': 1,
})
.execute()
)
This package provides a custom Connection class which replaces
psycopg2 connection. You can use it if set argument connection_factory
this way:
import psycopg2
from sqlcraft.conn import Connection
conn = psycopg2.connect(
<put your connection credentials here>,
connection_factory=Connection,
)
Connection has a few advantages over the standard psycopg2 connection:
Multi-layered transactions
It is available to enclose a transaction into another one. The level of enclosed transactions is limited only by your database.
# Open the first transaction
conn.begin_transaction()
# Do something here. This will be commited
...
# Open the inner transaction
conn.begin_transaction()
# Do database calls. These calls will be rolled back
...
# The inner transaction canceled
conn.rollback()
# Do some calls again. This will be commited
...
# Commit the first transaction
conn.commit()
Dict-like fetched data
With Connection class method .all() returns data rows has type DBRow.
The DBRow implements a few more ways to access the resulting data. Example:
cmd = Query(conn).select('id, name').from_('users')
for row in cmd:
# row is a tuple-like object
id, name = row
# row is a dict-like object
id = row['id']
name = row['name']
# access to the values via properties
row.id
row.name
FAQs
Easy way to write SQL queries
We found that sqlcraft demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.
Security News
The NVD is facing a significant backlog with over 12,500 CVEs awaiting analysis, and more than 50% of known exploited vulnerabilities (KEVs) left unenriched since mid-February.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.