Learning, Python

Select (cRud) using cx_Oracle

Leave a comment

In this post, we’re going to take a look at the R in CRUD: Retrieve.

We will be using the cx_Oracle driver to retrieve some data from the database tables, using the connection object created in the Initial Setup section of the first post in this series.

Simple query

We will preform a simple query that pulls all of the records in no particular order.  Here are the steps we’ll follow in the code snippet below.

  1. Get a cursor object from our connection.  We will use this cursor to preform our database operations.
  2. Prepare a SQL SELECT statement, specifying the columns desired from the table.
  3. Execute the statement.
  4. Fetch the results into a variable.
  5. Print the results.
When I run this code in my Python session, I see:
Select-01
Extra Fun 1

Modify the statement to order by age.  When you’re done the results should be:

Select-02

Answer

Select specific rows

Now suppose I only want to see the data for Kim. I want, therefore, to restrict the rows returned by the SELECT. This is done with a WHERE clause. There are several ways to do this.

We could just put the where clause in the statement and it would work.

However, we want to choose the name at run time and store it in a variable called person_name.  You could accept the value in as an argument or passed into a function, but we’ll just set a variable to keep it simple.

It is possible to simply concatenate the value into the statement.

This is very dangerous and opens our code to a SQL Injection attack.  You can follow that link for more information, but we won’t be going into detail in this series.  Just know that you should, generally, never allow end user input to be fed directly into a dynamic SQL statement.

A much safer way to pass external values into a SQL statement is by using bind variables with prepared statements.

You have a couple different options:

Positional:
Notice the :1 and :2 are switched in the two examples.  With a positional statement the labels do not matter, it could just as well have been :1 and :something.  What matters is the first :variable in the statement will be assigned the first of the provided values- ‘Bob’ and the second – 35.

Named:
With this method the :name variable will be assigned the value of ‘name’ in the provided key value set.

Notice, in both examples, that we do not wrap the bind variable for the name with quotes.  This is handled automatically when the statement is prepared for execution.

Example:
  1. Get a cursor object from our connection.  We will use this cursor to preform our database operations.
  2. Assign ‘Kim’ to person_name
  3. Prepare an SQL statement using a bind variable
  4. Using the cursor, execute the query using the prepared statement.
  5. Fetch the results from the cursor into a variable.
  6. Print the results.
This will return only the data for Kim:
Select-03
Extra Fun 2

Modify the statement and variable to get the people older than 30.  When you’re done the results should be:

Select-04

Answer

In this section we took a look at some basic query functionality.  When you experiment with more complex queries, if you run into problems leave a comment here or on twitter and we’ll find an answer together.

Some things you could try
  • Join the cx_people and cx_pets table to get the people and their pets
  • Only retrieve the person’s name and age
  • Change the order to display in descending order.

Hint – If you have trouble getting a query to run in your code, try running it in SQL Plus or another database console tool.  This will help determine if the problem is with the query or the code.

Series sections

Initial Setup
Create records
Retrieve records
Update records
Delete records

Leave a Reply