SQL - SQLnet - MySQL

#network_services #sql

Structured Query Language

Developed at IBM in the 1970s
"Speaking" to the database
- SQL is the language that is used to talk to servers
Queries, insert, update, delete, and more
- When you search, you are basically doing a query, and it will return content with a match
Works with relational database management systems (RBMS)

Where SQL Lives

If you see a search, login, comment function this is effectively what's happening
- Server could be retrieving information from an external database using SQL
- The job of PHP is to take certain content for that Web request and translate it to SQL instructions
- SQL also shows the data in a way we can understand it.

Pasted image 20250124152952.png

SQL Syntax

DML	DCL	DDL
- Select - Insert - Update - Delete	- Grant - Revoke	- Create - After - Drop

Data Control Language (DCL) gives us the ability to do restrictions
Drop is deleting objects from the database
SQL is going back and fort from the server to the database

SQL Injection

Identify input orms
- Login, search, feedback
Test for input sanitization
- ['][=][-]
Test for SQL statements
PHP: Select from USERS where USER = 'Ryan' and PASSWORD = '123'
- Taking input from the user and filling in the blanks ''
- What an attacker may do is just to use a single quote,
  - The Single quote serves as a delimiter to start or end statement
  - If we have ''' quotes we would probably have an SQL error
    - If we have a = a' we could get a TRUE statement which may show the first content with an A in the name.
    - Admin is typically the first account created in the Database
    - My username is 1 = 1, which is TRUE
- A=A'--
  - The -- stands to end the query (comments out the rest of the formula)

Pasted image 20250124154229.png

The language that your Web server uses will use the SQL library in order for it to be able to access the database, be it PHP, python or whatever your web server backend uses.