What is SQL?

This guide should help you understand the programming language that defined the database query

A computer keyboard with letters spelling SQL in blue

Anyone who's spent any time working in IT will likely have come across SQL (Structured Query Language), even if only in passing. SQL - commonly pronounced 'sequel' - is one of the most widely-used programming languages for managing databases. It's particularly useful for handling structured data in relational databases - where the information in one table is connected to the information in another.

There are lots of benefits to using SQL as a programming language, particularly given that multiple records can be accessed with a single command, making it a much faster tool to use compared to legacy read/write tools such as ISAM or VSAM.

SQL is based upon tables and rows, with each query requesting information from a data set housed in each of these tables - or rows within tables.

The concept of SQL was first developed in the 1970s, by Edgar F. Codd, a pioneer in relational database management. He wanted to create a system that would make it easier to manage shared databases. IBM computer scientists Donald D. Chamberlin and Raymond F. Boyce picked up on the theory behind Codd's research and began developing the concept, using it to query information within System R, the company's semi-relational database.

First known as SEQUEL (Structured English Query Language), IBM continued to evolve the technology and in 1979, Oracle (previously called Relational Software) released the first commercialised version of the system.

What elements comprise SQL?

SQL language consists of a number of separate elements, all of which comprise a 'statement'. Statements, or queries, start with a term like SELECT or CREATE, and finish with a semicolon, indicating the end of the query.

Here are the elements that you typically find in SQL language:

Clauses - the individual components of a statement; like 'UPDATE' or 'WHERE' - these set the nature of the query.

Predicates - these specify conditions that can change the scope of the query: for instance, stipulating either 'BETWEEN' or 'ALL' will give you different datasets; the former, a range between x and y, or the latter, the entire data that fits your query.

Expressions - expressions can produce scalar values (a storage location paired with an identifier) or tables, containing columns and rows

Queries - these retrieve data relevant to the criteria you define.

Statements - statements are the way queries are sent from your SQL software to the database server. They start with a term like SELECT or CREATE, (your clause) and finish with a semicolon, indicating the end of the query.

Common SQL queries

Codecademy put together a useful list of common SQL queries that demonstrate how SQL is used to query and manipulate data. We've used some examples below:

ALTER TABLE - this lets you add new columns to a database, increasing the kinds of data it can record.

CREATE TABLE - adding a new table lets your database store a whole new type of data.

ORDER BY - this is a useful command to ensure the data you query is presented in a useful manner - for instance, alphabetically.

UPDATE - updating a database lets you alter rows, say for instance if the data has changed, or you've found it to be incorrect

SQL servers

Related Resource

Best practices for running Microsoft SQL Server on AWS

Optimise performance for your SQL Server

Whitepaper front coverWatch now

Most IT professionals are more likely to interact with SQL via the database server software it powers than the language itself. SQL powers database software such as Oracle Database, MySQL, PostgreSQL and Microsoft's venerable family of SQL Server products. SQL database servers have been around for decades, and many businesses rely on them to power their applications. Due to their age, SQL databases also have a much greater bedrock of community support resources available.

Some organisations choose to use NoSQL databases rather than SQL, which is seen by some as being more scalable than SQL servers due to the ability to add more nodes. NoSQL is non-relational, and does not require a predefined schema for its databases. MongoDB and Couchbase are both examples of NoSQL servers.

SQL data manipulation

SQL's ability to change and edit data makes it an incredibly useful programming language. Rather than simply storing data, you can issue commands to change it when necessary. Data isn't often very useful when it's out of data, so being able to update your database to keep your data accurate is essential.

SQL Security

SQL garnered headlines in spring 2021 when it was revealed that a SQL injection vulnerability within SonicWall’s SMA-100 series of VPN products allowed hackers to target organisations in Europe and North America.

SQL injection attacks are considered one of the most commonly used forms of cyber attack, especially when targeting social media sites, online retailers, universities, and SMBs. The prevalence of this type of attack can be attributed to the popularity of SQL databases, which are used by tech giants such as Microsoft, Oracle, and SAP. The attack is also considerably easy to execute, making it a fool-proof tactic for skilled and unskilled hackers alike.

A SQL injection attack is executed by using SQL commands to interfere with back-end databases and perform unauthorised functions, such as data theft. This often results in login credentials, email addresses or personal information can all be sold on the black market or exploited for further cyber attacks. However, hackers also use a SQL injection attack to simply knock applications offline, which can be done by deleting tables from the database, or adding new information to the database.

Unfortunately, this type of attack is becoming increasingly prevalent, being the second most widely-used cyber attack method used to breach large companies in 2019. A year later, security company CyberCrowd placed the SQL injection attack as number one on its list of top 10 web application vulnerabilities, as part of its standard awareness framework for developers and web application security. However, it’s important to note that SQL injection attacks are easy to mitigate, with steps on how to use SQL securely available here.

Featured Resources

The challenge of securing the remote working employee

The IT Pro Guide to Sase and successful digital transformation

Free Download

VMware Cloud workload migration tools

Cloud migration types, phases, and strategies

Free download

Practices for maximising the business value of digital infrastructure Consumption-as- a-Service subscriptions

IDC PeerScape

Free Download

Container network security guide for dummies

Enforcing Kubernetes best practices

Free download

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022