SQL
Dan Tobias (Talk | contribs) |
Dan Tobias (Talk | contribs) |
||
Line 16: | Line 16: | ||
* [http://www.wiscorp.com/sql200n.zip SQL 2008 draft standard] (as [[ZIP]] archive) | * [http://www.wiscorp.com/sql200n.zip SQL 2008 draft standard] (as [[ZIP]] archive) | ||
* [http://xkcd.com/327/ xkcd comic about SQL security exploit] | * [http://xkcd.com/327/ xkcd comic about SQL security exploit] | ||
+ | |||
+ | [[Category:IBM]] |
Revision as of 14:27, 7 September 2013
SQL (Structured Query Language) is a database query language initially developed at IBM in the 1970s. It was originally called SEQUEL, but IBM changed the name due to a trademark conflict with another company. It is currently very popular as an interface language for relational database systems. Although it is officially standardized (ISO/IEC 9075, ISO/IEC 13249), SQL still has a number of incompatible "dialects", reminiscent of BASIC in its heyday.
SQL is frequently encountered in the form of queries sent to databases by programs in other languages, but it is a programming language in its own right with constructs sufficient to create large and complicated routines.
"SQL injection" is a security issue with a number of poorly-developed systems and websites, if user input is not properly sanitized before inserting it into SQL statements for database operations. "Dangerous" characters such as quotes need to be properly escaped or stripped, or else it is possible to include a quote to end the string an input field is being inserted into, and follow it with other commands which might do dangerous things with the database. Poorly-done attempts to avoid such attacks may also cause harm; for instance, if a programmer tries to strip out any substrings that might be SQL commands, they might end up rejecting perfectly valid names, street addresses, and so on which happen to have a string like "table" in them.