What is SQL? A Complete Guide to Structured Query Language
Almost every application you use, from social media to banking to e-commerce, stores data in a relational database and retrieves it using SQL. Understanding SQL is one of the most useful skills in software development, data analysis, and IT.
Table of Contents
- What is SQL?
- A Brief History of SQL
- Relational Databases Explained
- SQL Syntax Basics
- CRUD Operations
- Filtering, Sorting, and Aggregation
- JOINs: Combining Tables
- Subqueries and CTEs
- Indexes and Performance
- Transactions and ACID
- SQL Dialects Compared
- SQL Injection and Security
- Best Practices
- SQL vs NoSQL
- References
What is SQL?
SQL means Structured Query Language. It is a standardized language used to create, query, update, and manage data in relational databases.
SQL is declarative: you describe what data you want, and the database engine decides how to retrieve it efficiently. That makes SQL different from step-by-step programming languages like JavaScript or Python.
SQL remains a core technology because it powers databases such as PostgreSQL, MySQL, SQLite, SQL Server, Oracle Database, and many analytics systems.
Pronunciation
SQL is pronounced both as "sequel" and as the initialism "S-Q-L." Both are widely understood; teams often use whichever style is common in their database community.
A Brief History of SQL
SQL began with Edgar F. Codd's relational model in 1970. IBM researchers Donald Chamberlin and Raymond Boyce later created SEQUEL, which became SQL, to query relational data.
| Year | Milestone |
|---|---|
| 1970 | Edgar F. Codd publishes the relational model paper |
| 1974 | IBM develops SEQUEL, later renamed SQL |
| 1979 | Oracle releases the first commercial SQL database |
| 1986 | SQL becomes an ANSI standard |
| 1992 | SQL-92 adds major standard JOIN and expression features |
| 1999 | SQL:1999 adds triggers, CTEs, and recursive queries |
| 2016-2023 | Modern SQL standards add JSON and graph query features |
Relational Databases Explained
A relational database organizes data into tables. Each table usually has:
- Columns, which define fields such as name, email, price, or created_at.
- Rows, where each row is one record.
- Primary keys, which uniquely identify rows.
- Foreign keys, which connect rows across tables.
users(id, name, email)
orders(id, user_id, total, order_date)
orders.user_id -> users.idThis structure reduces duplication. For example, customer details can live once in a users table while orders reference that customer by id.
SQL Syntax Basics
SQL statements are often grouped into categories:
| Category | Commands | Purpose |
|---|---|---|
| DQL | SELECT | Retrieve data |
| DML | INSERT, UPDATE, DELETE | Modify data |
| DDL | CREATE, ALTER, DROP | Define schemas and tables |
| DCL | GRANT, REVOKE | Control permissions |
| TCL | BEGIN, COMMIT, ROLLBACK | Manage transactions |
SELECT users.name, orders.total
FROM users
JOIN orders ON orders.user_id = users.id
WHERE orders.total > 100
ORDER BY orders.total DESC;CRUD Operations
CRUD means create, read, update, and delete. These are the basic operations most apps perform on stored data.
-- Create
INSERT INTO products (name, price) VALUES ('Keyboard', 49.99);
-- Read
SELECT id, name, price FROM products WHERE price > 20;
-- Update
UPDATE products SET price = 44.99 WHERE id = 1;
-- Delete
DELETE FROM products WHERE id = 1;Filtering, Sorting, and Aggregation
Real queries usually filter rows, sort results, group data, and calculate aggregates such as counts, sums, averages, minimums, and maximums.
WHEREfilters rows.ORDER BYsorts results.GROUP BYgroups rows for aggregation.HAVINGfilters grouped results.
JOINs: Combining Tables
JOINs combine rows from multiple tables. They are the feature that lets relational databases model real-world relationships without copying data everywhere.
- INNER JOIN: returns only matching rows from both tables.
- LEFT JOIN: returns all rows from the left table plus matching rows from the right table.
- RIGHT JOIN: returns all rows from the right table plus matching rows from the left table.
- FULL OUTER JOIN: returns rows from both sides, matched where possible.
SELECT users.name, orders.order_date, orders.total
FROM users
INNER JOIN orders ON orders.user_id = users.id;Subqueries and CTEs
A subquery is a query inside another query. A CTE, written with WITH, names a temporary result set so complex SQL is easier to read and reuse.
Indexes and Performance
An index is a data structure, often a B-tree, that helps the database find rows faster. Indexes speed up reads but cost extra storage and can slow writes because each INSERT, UPDATE, or DELETE may also update indexes.
CREATE INDEX idx_products_category ON products(category);
EXPLAIN SELECT * FROM products WHERE category = 'Electronics';Index Trade-offs
Do not index every column. Focus on columns used often in WHERE, JOIN, ORDER BY, and uniqueness checks, then verify performance with EXPLAIN.
Transactions and ACID
| Property | Meaning |
|---|---|
| Atomicity | All operations succeed or all are rolled back |
| Consistency | The database moves from one valid state to another |
| Isolation | Concurrent transactions do not corrupt each other |
| Durability | Committed changes survive crashes |
BEGIN TRANSACTION;
UPDATE accounts SET balance = balance - 100 WHERE id = 1;
UPDATE accounts SET balance = balance + 100 WHERE id = 2;
COMMIT;
-- ROLLBACK;SQL Dialects Compared
SQL is standardized, but every database adds features and small syntax differences.
| Feature | MySQL | PostgreSQL | SQLite | SQL Server |
|---|---|---|---|---|
| Auto-increment | AUTO_INCREMENT | SERIAL / GENERATED | AUTOINCREMENT | IDENTITY |
| Limit rows | LIMIT | LIMIT | LIMIT | TOP / OFFSET-FETCH |
| String concat | CONCAT() | || | || | + |
| Upsert | ON DUPLICATE KEY | ON CONFLICT | ON CONFLICT | MERGE |
| JSON support | JSON type | JSONB | JSON functions | JSON functions |
SQL Injection and Security
SQL injection happens when user input is directly concatenated into SQL text. Attackers can change the meaning of the query and read, modify, or delete data.
-- Vulnerable: string concatenation
query = "SELECT * FROM users WHERE name = '" + userInput + "'";
-- Safe: parameterized query
query = "SELECT * FROM users WHERE name = ?";
db.execute(query, [userInput]);Always Use Parameterized Queries
Never concatenate user input into SQL strings. Use prepared statements or parameterized queries so input is treated as data, not executable SQL.
Best Practices
- Format SQL consistently with uppercase keywords and clear indentation. A SQL formatter can help.
- Use meaningful table and column names.
- Avoid
SELECT *in production queries; request only the columns you need. - Add indexes strategically and validate them with
EXPLAIN. - Use transactions for related changes that must succeed or fail together.
- Use parameterized queries for every user-supplied value.
- Back up regularly and test restore procedures.
SQL vs NoSQL
NoSQL databases such as MongoDB, Redis, Cassandra, and DynamoDB are useful for workloads where a relational model is not ideal.
| Aspect | SQL | NoSQL |
|---|---|---|
| Data model | Tables with rows and columns | Documents, key-value, graph, or wide-column |
| Schema | Defined schema | Flexible schema |
| Scaling | Often vertical first | Often horizontal first |
| Consistency | Strong ACID support | Often eventual or tunable |
| Best for | Structured data and transactions | Flexible data and high-throughput workloads |
Many modern systems use both: SQL for transactional records such as users and orders, and NoSQL for caching, search, events, or document storage.
Format Your SQL Instantly
Use our free SQL Formatter to beautify, indent, and standardize SQL queries. It supports common dialects and runs in your browser.
Try SQL Formatter ->References
- Codd, E. F. A Relational Model of Data for Large Shared Data Banks. https://dl.acm.org/doi/10.1145/362384.362685
- ISO/IEC 9075:2023. Information technology - Database languages - SQL.
- OWASP Foundation. SQL Injection. https://owasp.org/www-community/attacks/SQL_Injection
- PostgreSQL Global Development Group. PostgreSQL Documentation. https://www.postgresql.org/docs/
- MySQL. MySQL Reference Manual. https://dev.mysql.com/doc/