In this lecture we look at...
[Section notes PDF 319Kb]
You might consider all SQL types as being conceptually similar to attribute types in the relational model, although in reality the implementation of these types in a DBMS only approximates the mathematical purity of unordered domain sets etc.
SQL poisoning is a vulnerability exposed by inadequate escaping of arguments/variables used to compose SQL queries.
E.g. Tim in previous example, could be Tim'; DELETE FROM student;' SELECT * FROM student WHERE 1
In this subsection we look at the different roles SQL play across the three tiers of database design. We discuss the areas in which SQL is lacking and how those difficiencies can be complemented by embedding SQL in other languages.
Quick SQL check, do all attributes in the SELECT projection list appear in the GROUP BY projection list.