What is SQL?

SQL is pretty much the standard language for accessing and managing relational databases. The acronym stands for Structured Query Language and is pronounced ‘see-qwell’. 

It’s commonly used when someone needs to update, retrieve, delete or merge data within a database. For example, if you wanted to delete a column within a table, you’d use the following:

DELETE FROM table_name
WHERE some_column=some_value;

In short, SQL’s simple syntax make it a highly effective tool that is highly beneficial to businesses that need to store and manage data (which is pretty much all of them).

What is SQL injection?

Although SQL is great and is one of the easier languages to get started with, there are some drawbacks to using it. SQL injection is one of them. 

This is when a hacker inserts malicious SQL code, usually within data posted from a web form, that is designed to execute commands within the database (e.g. to dump the database contents so that private information can be accessed). 
As you can imagine, this is a bit of a concern. The good news is that there are ways in which you can protect your application (and your database) from these attacks.

How do we stop it?

First, you’ll want to get a grip on the basics of SQL, so head over to this great tutorial from the team at w3schools.com.

Once you’ve done that and before going live with your application, it’s important to make sure any input being sent from forms has been properly validated. You’ll need to test the input for things such as type, format, length, and range. 

If you’re using C# and ASP.NET, the guys at Microsoft have put down a few steps you can follow to protect against injection. There are plenty of other great guides out there for other languages, such as PHP. Just have a Google.

Also, when you’re finished writing your code, it’s important to review it for potential vulnerabilities, such as SQL injection. These self-reviews are one of the best ways to ensure your websites are safe from attacks. Malicious commands can be easily entered from simple areas such as a website login pages, so addressing the problems before they occur is key.

How can you learn more?

If you're interested in learning SQL and how to work with it securely then get in touch with us here at AMES.

We’ve been leading the way in IT education in New Zealand for 25 years, and we can put you on the same path that thousands of AMES students have gone down to get a fulfilling career in IT.
Get in contact with us today.