1. SQL History:
SQL A structured query language used to delete, insert, update, and retrieve data from databases. It began in 1970 when Dr. E.F Codd published a paper entitled "A Relational Model of Data for Large Shared Data Banks." This paper described a new way of organizing data into a database and led to relational database systems that we use today. While the paper of Dr. Codd defined the structure, his colleagues Donald D. Chamberlain and Raymond F Boyce in IBM were developing the query language known as SQUARE (identifying queries as relational expressions), which used group theory and assigned math to select data from the database.
By 1974, Chamberlain and Boyce published "SEQUEL: A Structured English query language" Which has added
…show more content…
Thus SQL was born.
2. SQL Advantages and Disadvantages:
2.1 Advantages:
• Powerful Language: SQL Queries can be used to retrieve large amounts of records from a database quickly and efficiently. [2]
• SQL joins two or more tables and show it as one table to user.
• Easy to learn: It is easy to use because it is like the structured English language so it does not need any coding. [2]
• Portability: SQL can be used in the programs in servers, laptops, PCs, and even some of the mobile phones. [3]
• Multiple data views: With the SQL language, each user can have different view from each other. [3]
• Client/Server language: SQL is used for linking end computers and databases. Thus, providing client server architecture. [3]
2.2 Disadvantages:
• Difficulty in Interfacing: Interfacing an SQL database is more complex than adding a few lines of code. [2]
• Tables dependency: When create a view based on underlying tables of a database. Whenever we change the structure of those tables that view associated with, we have to change the view as well.
…show more content…
[5]
4. Why Are SQL Injection Attacks So Successful?
Injection attacks are successful for a couple of reasons, the most widely of which is that many newer developers simply do not think about the issue.[6] They may develop system that accepts data from untrusted users, fail to properly validate the data, and then use that data to dynamically construct an SQL query to the database backing that system.
“For example, imagine a simple application that takes inputs of a username and password. It may ultimately process this input in an SQL statement of the form string query = "SELECT * FROM users WHERE username = "'" + username + "' AND password = '" + password + "'";
Since this query is constructed by concatenating an input string directly from the user, the query behaves correctly only if password does not contain a single-quote character. If the user enters "joe" as the username and "example' OR 'a'='a as the password, the resulting query becomes
SELECT * FROM users WHERE username = 'joe' AND password = 'example' OR