CS50 Library for Python¶
Installation¶
$ pip3 install cs50
Usage¶
Note
To use these functions, be sure to include import cs50 atop your file.
-
cs50.get_float(prompt)¶ - Parameters
prompt – the
strwith which to prompt the user for input- Returns
the
floatequivalent to the line read from stdin as precisely as possible, or None on error
Prompts user for a line of text from standard input and returns the equivalent
float; if text does not represent a floating-point value or would cause overflow or underflow, user is reprompted.Example usage:
f = get_float("Input a floating-point number: ")
-
cs50.get_int(prompt)¶ - Parameters
prompt – the
strwith which to prompt the user for input- Returns
the
intequivalent to the line read from stdin, or None on error
Prompts user for a line of text from standard input and returns the equivalent
int; if text does not represent an integer, user is reprompted.Example usage:
f = get_int("Input an integer: ")
-
cs50.get_string(prompt)¶ - Parameters
prompt – the
strwith which to prompt the user for input- Returns
the read line as a string sans line endings, or None on EOF.
Prompts user for a line of text from standard input and returns it as a
str, sans trailing line ending. Supports CR (\r), LF (\n), and CRLF (\r\n) as line endings.Example usage:
s = get_string("Input a string: ")
-
cs50.SQL(url)¶ - Parameters
url – a
strthat indicates database dialect and connection arguments- Returns
a
cs50.SQLobject that represents a connection to a database
Example usage:
db = cs50.SQL("sqlite:///file.db") # For SQLite, file.db must exist db = cs50.SQL("mysql://username:password@host:port/database") # For MySQL db = cs50.SQL("postgres://username:password@host:port/database") # For PostgreSQL
-
cs50.SQL.execute(sql, *args, **kwargs)¶ - Parameters
sql – a
strthat represents a single SQL statement, possibly with parameter markers, with or without a trailing semicolon*args – zero or more positional arguments with which any parameter markers should be substituted
**kwargs – zero or more named arguments with which any parameter markers should be substituted
Any argument whose value is a
listortupleof other values is converted to a comma-separated list of those values, formatted for SQL’sINoperator.- Returns
for
SELECT, alistofdictobjects, each of which represents a row in the result set; for INSERTs, the primary key of a newly inserted row (orNoneif none); forUPDATE, the number of rows updated; forDELETE, the number of rows deleted; forCREATE,Trueon success orFalseon failure; on integrity errors, aValueErroris raised, on other errors, aRuntimeErroris raised
Example usage:
import cs50 db = cs50.SQL("sqlite:///file.db") rows = db.execute("SELECT * FROM foo") rows = db.execute("SELECT * FROM foo WHERE bar = ? AND baz = ?", 1, 2) rows = db.execute("SELECT * FROM foo WHERE bar IN (?) AND baz IN (?)", [1, 2], [3, 4]) rows = db.execute("SELECT * FROM foo WHERE bar = :bar AND baz = :baz", bar=1, baz=2) rows = db.execute("SELECT * FROM foo WHERE bar = :bar AND baz = :baz", {"bar": 1, "baz": 2}) rows = db.execute("SELECT * FROM foo WHERE bar IN (:bar) AND baz IN (:baz)", bar=[1, 2], baz=[3, 4]) id = db.execute("INSERT INTO foo (bar, baz) VALUES(?, ?)", 1, 2) id = db.execute("INSERT INTO foo (bar, baz) VALUES(:bar, :baz)", bar=1, baz=2) id = db.execute("INSERT INTO foo (bar, baz) VALUES(:bar, :baz)", {"bar": 1, "baz": 2}) n = db.execute("UPDATE foo SET bar = ?, baz = ?", 1, 2) n = db.execute("UPDATE foo SET bar = :bar, baz = :baz", bar=1, baz=2) n = db.execute("UPDATE foo SET bar = :bar, baz = :baz", {"bar": 1, "baz": 2}) n = db.execute("DELETE FROM foo WHERE bar = ? AND baz = ?", 1, 2) n = db.execute("DELETE FROM foo WHERE bar = :bar AND baz = :baz", bar=1, baz=2) n = db.execute("DELETE FROM foo WHERE bar = :bar AND baz = :baz", {"bar": 1, "baz": 2})
FAQs¶
How can I use % with LIKE?¶
If s is a str, you can prepend and/or append % to it as follows:
rows = db.execute("SELECT * FROM foo WHERE bar LIKE ?", "%" + s + "%")
How come I can’t use parameter markers as placeholders for tables’ or columns’ names?¶
Parameter markers (e.g., ?) can only be used as placeholders for “literals” like integers and strings, not for “identifiers” like tables’ and columns’ names. If a user’s input will determine the table or column on which you execute a statement, you can use a format string (f-string) instead, but you must validate the user’s input first, to ensure the table or column exists, lest you risk a SQL-injection attack, as in the below:
if column in ["foo", "bar", "baz"]: rows = db.execute(f"SELECT * FROM {column}")