Understanding how databases work and learning basic SQL (Structured Query Language) techniques is crucial for any type of web development that requires you to store your data in a database. No matter what DBMS you use for your own website (SQL Server, MySQL, Oracle, etc.), the basics of design and retrieving data are the same.
Here is a great e-book (.pdf) covering all the topics to get you started.
Topics Covered:
Database Design
Normalisation
Simple SQL Queries
Database Performance Tuning
SQL Server Stored Procedures
SQL: Cross Joins, UNION, Case Expressions, Paging and Duplicates
Working with Strings
SQL Injection is subset of the an unverified/unsanitized user input vulnerability, and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises.
For people who use databases for web applications, the threat of attacks is great no matter how small or large your database is. It doesn’t matter what type of database you use either (SQL Server, ORACLE, MYSQL, etc.).
As long as there are hackers out there, your data is at risk.
Here is a great guide (.pdf) written by Martin G. Nystrom that the web developer, DBA or even website owner can benefit from to help them understand how data is vulnerable on the web and learn some of the “defenses” to try and prevent it.
