Last week I started a project using Relational Databases for Zassh.com.
At first, I tried to construct the SQL queries myself using string joins, tuples and so but soon I realized the problems using this method:
- It’s error-prone.
- Highly vulnerable to SQL injection attacks.
- Computers write SQL better than humans.
- It made me remember my suffering PHP days.
So I decided to try a library I heard a lot of good things about. SQLAlchemy is a pythonic high-performance SQL toolkit and Object Relational Mapper (ORM).
The result couldn’t be better. Instead of fighting against query-strings and tuples, it lets you write SQL magic directly in Python. I discovered I can do calculations using SQL queries I’ve never have thought before, like counting the number of goals a team has scored through two simultaneous joins and a bunch of filters.
If you have to work with Python and SQL, I definitely recommend you to use SQLAlchemy and forget about old error-prone methods. I’m sure you won’t be disappointed.