Introduction to SQL

In this lesson, we'll quickly introduce SQL.

SQL, which stands for Structured Query Language, is widely used in web applications to store and retrieve data from databases. SQL is a subtle and complex topic, so, for now, we’ll cover just enough to understand one of the most common database attacks, the SQL injection.

The examples in this chapter are written to work on MySQL, a widely used open-source database.

How SQL works

The first step in using SQL is to establish a connection to the database that people can connect to directly using a SQL client. Usually, people only use a direct connection to do maintenance work like upgrades and to troubleshoot performance issues or bugs. Most connections, however, are performed by other software—for example, a typical web application with the proper credentials. The web application will use that connection to do all of the database work it needs, which ...