INTRODUCTION

TO DATABASE
History of Database Systems

Characteristics of Database
Approach

Users of Database Systems

Advantages of DBMS
Approach
History of the Database

File System
Traditional
Database
Applications

Geographi
Multimedi Data
c
a Warehouses
Information
Database
Systems
Active Online
Database Real-time Analytica
Technology Database l
Processing
 Database
• a collection of interrelated data items that
are managed as a single unit

Database Management Systems (DBMS)

• a collection of programs that enables users to create
and maintain a database
History of the Database object
Database • a named data structure that is stored in a database

Database model
• a presentation in which a database organizes its
data to pattern the real world
File
• a collection of related records that are stored as a
single unit
 History of the Database
Tbl_Student
◦ Example Stud_no Stud_name Program_Code
001 Mel Smith BSIT
002 Cel Cyrus BSCS
003 Mike Dion BSCS

Tbl_Program
Program_Code Program
BSIT Bachelor of Science in
Information Technology

BSCS Bachelor of Science in

Computer Science
Characteristics of Database Approach

Self-describing nature of a database system

Insulation between programs and data, and data abstraction

Support of multiple views of the data

Sharing of data and multiuser transaction processing

File Processing
• where the user defines and implements the files needed for a specific software
application as part of developing the application
Users of
Database
Systems
People who use large database:
 Database Administrators
 Database Designers
 End Users
 System Analysts and Programmers / Software
Engineers

People who design, develop, implement, and maintain

DBMS include:
 DBMS System Designers and Implementers
 Tool Developers
 Operators and Maintenance Personnel
Advantages of DBMS Approach
Controlling Redundancy

Restricting Unauthorized Access

Providing Persistent Storage for Program Objects

Providing Storage Structures and Search Techniques for Efficient Query Processing

Providing Back-up and Recovery

Providing Multiple User Interfaces

Representing Complex Relationships among Data

Enforcing Integrity Constraints

Permitting Inference and Actions Using Rules

DATABASE SYSTEM
CONCEPTS AND
ARCHITECTURE
Database System Concepts and Architecture

Schemas and Data

Data Models Instances Independence

Data
Languages Database
Models
and Interfaces
 Data Models

Data Model Data Abstraction

a collection of concepts that can be used to refers to the suppression of details of data
describe the structure of a database— organization and storage, and the
provides the necessary means to achieve highlighting of the essential features for an
data abstraction improved understanding of data
Data Models
Three Categories of Data Models According to Types of Concepts Used in Describing Database
Structure:
1. High-level or Conceptual Data Models
2. Low-level or Physical Data Models
3. Representational or Implementation Data Models

Entity
 represents a real-world object or concept

Attribute
 represents some property of interest that further describes an entity

Relationship
 represents an association among the entities
Schemas and Instances
Data Schema
 the description of the database which is identified in database designing

Database state or snapshot

 also called as current set of occurrences or instances
 the data in the database at a particular moment

Figure 2. 1 Schema diagram

Data Independence
 the capacity to change the schema at one level of a database system without having to change the schema at the next higher level

Two Types of Data Independence:

1. Logical Data Independence

2. Physical Data Independence

Three-Schema Architecture
 proposed to achieve and visualize the important characteristics of database approach
Three Levels of Three-Schema Architecture
1. Internal Level
2. Conceptual Level
3. External Level or View Level
 Database Language
• used to create and
maintain database
Data • Data Definition Language
Languages (DDL)
• Data Manipulation Language
and (DML)
Interfaces • Data Control Language
(DCL)
• Data Query Language (DQL)
 Data Languages and Interfaces
Interfaces
 a set of commands or menus through which a user communicates with a program
 Menu-Based Interfaces for Web Clients or Browsing
 Forms-Based Interfaces
 Graphical User Interfaces
 Natural Language Interfaces
 Speech Input and Output
 Interfaces for the DBA
  the architecture that the DBMS
uses to store objects within the
database and relate them to one
another

Databas  Hierarchical Model

e Models  Network Model

 Relational Model
 Object-Oriented Model
 Object-Relational Model
RELATIONAL DATABASE
COMPONENTS
Relational Database Components

CONCEPTUAL LOGICAL/PHYSICAL DATABASE

DATABASE DESIGN DESIGN COMPONENTS
COMPONENTS
 Entity

• a person, place, thing, event, or

concept about which data is collected
Conceptual
Database Attribute

Design • a unit fact that characterizes or

describes an entity in some
Component way

s Relationship

• refers to the associations among

the entities
Conceptual Database Design
Components
Relationship

 One-to-One Relationship A1 b1

A2 b2

A3 b3

A4 b4
 Conceptual Database Design
Components
Relationship

A1 b1
 One-to-Many Relationship

A2 b2

A3 b3

b4
 Conceptual Database Design
Components
Relationship

A1 b1
 Many-to-Many Relationship

A2 b2

A3 b3

A4 b4
 Tables
 primary unit of storage in a relational model,
representing collection of related data values

Columns and Data Types

 Column is the smallest named unit of data

Logical/Physical that can be referenced in a relational

database
Database  Data type is a category for the format of a

particular column
Design
Components Constraints
 rule placed on a database object that
restricts the allowable data values for that
database object in some way
 Primary Key Constraints

 Referential Key Constraints

 Integrity Constraints
 a constraint promoting accuracy of
a data within a database
 NOT NULL constraints
 CHECK constraints
Logical/Physical  Constraints Enforced with Triggers
Database
Design Views
Components  a stored database query that
provides a database user with a
customized subset of the data from
one or more tables in the database
INTRODUCTION
TO SQL
Introduction to SQL

History of SQL

Data Query Language

Data Manipulation Language

Data Definition Language

Data Control Language

 SQL is originated from QUEL in the
specifications for System/R

Relational Software’s Oracle and Relational

Technology’s Ingres beat IBM
History of SQL
IBM released SQL/DS in 1982 with
Structured English Query Language (SEQUEL)

SEQUEL was changed to SQL, pronounced as

‘sequel’ or ‘S-Q-L’
 Data Query Language (DQL)
 refers to the statement that query the database but
do not modify any data or database objects
 SELECT statement

SELECT statement
 retrieves data from the database

Data Query  basic clauses:

◦ Select - used to list the attributes desired in the
result of a query
Language ◦ From - lists the tables or views to be scanned in
the evaluation of an expression
◦ Where – provides the condition for selection of rows
in the results
 A typical SQL query looks like:
SELECT A1, A2… An FROM Rn
WHERE p
Data Query Language
Data Query Language (DQL)

Query:
SELECT * FROM tbl_Personnel
Output:
o Figure 4. 1 tbl_Personnel
Data Query Language
Data Query Language (DQL)

The basic operators of WHERE clause:

Boolean operators of WHERE clause:

 AND operator  BETWEEN operator

 OR operator  IN operator
 NOT operator
 Data Query Language
Data Query Language (DQL)
Output:

Query:
SELECT ENAME, DEPT FROM tbl_Personnel
WHERE SALARY = 40000

Output:
Query:
SELECT ENAME FROM tbl_Personnel WHERE DEPT
= ‘Dbsystems’
 Data Query
Output:
Language
Data Query Language (DQL)

Query:
SELECT ENAME FROM tbl_Personnel Output:
WHERE DEPT = ‘Dbsystems’ AND MGR =
‘4016’

Query:
SELECT ENO, ENAME, SALARY FROM
tbl_Personnel WHERE SALARY < 65000
OR ENO > 35000
 Data Query Language
Data Query Language (DQL)

Output:
Query:
SELECT ENO, ENAME FROM tbl_Personnel
WHERE NOT (DEPT = ‘Dbsystems’)

SELECT ENO, ENAME FROM tbl_Personnel

WHERE NOT DEPT <> ‘Dbsystems’
Data Query Language
Data Query Language (DQL)
Output:
Query:
SELECT ENAME, DEPT, SALARY FROM
tbl_Personnel WHERE SALARY
BETWEEN 2000 and 40000

SELECT ENAME, DEPT, SALARY FROM

tbl_Personnel WHERE SALARY >=
BETWEEN 2000 and SALARY <= 40000
Data Query Language
Data Query Language (DQL)
Output:
Query:
SELECT ENAME FROM tbl_Personnel
WHERE SALARY BETWEEN = 40000 AND
SALARY = 39000 AND SALARY =
75000

SELECT ENAME FROM tbl_Personnel

WHERE SALARY IN (400000, 39000,
75000)
 Data Query Language (DQL)

Aggregate functions:

◦ DISTINCT - used to remove duplicate rows from an output

◦ AVG - calculates the average of all value for a specified column

◦ COUNT - counts the number of values or records found in a

column

Data Query ◦ MAX -finds the maximum or highest value in a specified column

Language
◦ MIN - finds the minimum or lowest value in a specified column

◦ SUM - gives the total or sum of all the values in a specified

column

◦ ORDER BY - specifies the order in which rows are to be

returned.

◦ GROUP BY- groups rows by the values in one or more columns,

and to apply the aggregate function to each group
Data Query Language
Data Query Language (DQL) Output:

Query:
SELECT DISTINCT DEPT FROM
tbl_Personnel

Query:
SELECT SUM(SALARY) FROM
tbl_Personnel Output:
Data Query Language
Data Query Language (DQL) Output:

Query:
SELECT AVG(SALARY) FROM
tbl_Personnel

Query:
SELECT MIN(SALARY) FROM Output:
tbl_Personnel
Data Query Language
Data Query Language (DQL) Output:

Query:
SELECT MAX(SALARY) FROM
tbl_Personnel

Query:
SELECT COUNT(ENAME) FROM Output:
tbl_Personnel
Data Manipulation
Language
Data Manipulation Language (DML)
 used to alter data stored in database
 INSERT, UPDATE, and DELETE statements

INSERT statement
 used to add new data to tables
 two basic ways to add data:
1. Insert specific data that is listed in an INSERT
statement, and

2. Insert data that is obtained from a

SELECT statement
 Data Manipulation Language
Data Manipulation Language (DML)
Query:
INSERT INTO tbl_Student (LastName, FirstName, ProgramCode) VALUES
(‘Albuena’,’Andy’,’BSCS’), (‘Peralta’,’Vincent’,’BSED’), (‘De Vega’,
‘Lea’, ‘BSIT’))

Output:
 Data Manipulation Language
Data Manipulation Language (DML)
UPDATE statement
 used to modify data in a table
 general format of an UPDATE statement:
UPDATE table
SET Col
= Exp , Col = Exp , Output:
…
1 1 2 2

WHERE condition
Query:
UPDATE tbl_Student SET
ProgramCode = ‘BSHRM’
WHERE StudentID = ‘003’
 Data Manipulation Language
Data Manipulation Language (DML)
DELETE statement
 used to delete a row in a table
 general format of DELETE statement:
DELETE FROM table WHERE condition
Query:
DELETE from tbl_Student WHERE StudentID = ‘005’

Output:
Data Definition Language
Data Definition Language (DDL)
 used to create and modify database objects
 CREATE, ALTER, and DROP statements

CREATE statement
CREATE DATABASE
 used to create a database
 Syntax:
CREATE DATABASE[database_name]
 Example:
CREATE DATABASE enrollmentDB
Data Definition Language
Data Definition Language (DDL)
CREATE statement
CREATE TABLE
 allows to create new tables in a database
 Example:
CREATE TABLE tbl_Student (studentNumber INT PRIMARY KEY, studentName
VARCHAR (50), programOfStudy VARCHAR (20))
 Output:
Data Definition Language
Data Definition Language (DDL)
ALTER statement
 used to modify the definition of an existing database object
 To add a column in an existing table:

ALTER TABLE tbl_Students ADD section VARCHAR (10)

 To delete a column in an existing table:
ALTER TABLE tbl_Student DROP COLUMN programOfStudy

 Output:
Data Definition Language
Data Definition Language (DDL)

DROP statement

 used to drop or destroy or dump an existing database object

 Example:

DROP TABLE tbl_Student

Data Control Language
Data Control Language (DCL)
 Authorizations on data include:
 Authorization to read data
 Authorization to insert new data
 Authorization to update data
 Authorization to delete data

 each type of authorization is also called as privilege

 all privileges privilege is a short form for all the allowable
 Authorizations that may be granted or revoked:
 SELECT

 UPDATE

 INSERT

 DELETE
Data Control Language
Data Control Language (DCL)
 statements that manage privileges that database users have regarding the database and its
stored objects
 GRANT and REVOKE statements

GRANT command
 command used to provide access or privileges on the database objects to the users
 basic syntax:
grant <privilege_name>
on <object_name>
to <user or role_name>
 where:
 privilege_name - access right or privilege granted to the user: ALL, EXECUTE, and SELECT
 object_name - name of a database object: TABLE, VIEW, STORED PROC and SEQUENCE
 user_name - name of the user to whom an access right is being granted
Data Control Language
Data Control Language (DCL)

GRANT command
 Example 1:
GRANT SELECT ON tbl_Student TO Juanito

 Example 2:
GRANT UPDATE (StudentNo) ON tbl_Student TO Juanito, Juanita
Data Control Language
Data Control Language (DCL)
REVOKE command
 used to revoke an authorization from a user
 basic syntax:
REVOKE <privilege_name>
ON <object_name>
FROM <user or role_name>
 where:
 privilege_name - the access right or privilege revoked from the user

 object_name - name of a database object

 user_name - name of the user from whom a right is being disallowed

 role_name - set of disallowed privileges grouped together

Data Control Language
Data Control Language (DCL)

REVOKE command
 Example 1:
REVOKE SELECT ON tbl_Student FROM Juanito

 Example 2:
REVOKE UPDATE (StudentNo) ON tbl_Student FROM Juanito, Juanita
JOIN CLAUSES
JOIN Clauses

Inner Join

Outer Join
Join

Joins are clauses used to combine records from

more than one table

Efficient and effective forms of join are between

related primary and foreign key fields
Inner Join
 Used to have intersection between two tables using matching field
values, returning records when there is at least one match in both
tables
 Syntax:
SELECT * FROM table1 INNER JOIN table2
ON table1.Pkey = table 2.Fkey
Inner Join
 Example 1:

 Statement:

SELECT * FROM StudentInfo

INNER JOIN
ProgramOfStudy ON
StudentInfo.ProgramCode
=
ProgramOfStudy.ProgramC
o de
Inneutr Join
 Output:
Inner Join
 Example 2:

 Statement:

SELECT * FROM
EmployeeINNER JOIN
LogRecords
ON Employee.EmployeeID =
LogRecords.EmployeeID
Inner Join
Inner Join
🢩 Other formats of INNER JOINS
 Table order

Output:

 Alternative

SELECT * FROM Employee , LogRecords

WHERE Employee.EmployeeID = LogRecords.EmployeeID
 Inner Join
🢩 Other formats of INNER JOINS
 Specified columns

 Output:
Outer Join
 Does not require each record in the two joined tables to have a matching record
 Subcategories:
 LEFT JOIN
- Returns all rows from the left table (or the first table), even if there are no matches in the right table

 RIGHT JOIN
- Returns all the rows from the right table (or the second table), even if there are no matches in the left table

 FULL JOIN
- Both tables are secondary (or optional), such that if rows are being matched in table A and table B, then
all rows from table A are displayed even if there is no matching row in table B, and vice versa
Outer Join

 Example 1:
Inner Join
LEFT JOIN

 LEFT JOIN Example 1:

SELECT * FROM Employee AS e
LEFT JOIN LogRecords AS L
ON e.EmployeeID = L.EmployeeID
LEFT JOIN TimeRecords AS t
ON t.LogID = L.LogID
Outer Join
LEFT JOIN

 Output:
Outer Join
LEFT JOIN

 LEFT JOIN Example 2:

SELECT e.EmpName, L.LogDate, t.TIn, t.TOut
FROM Employee AS e
LEFT JOIN LogRecords AS L
ON e.EmployeeID = L.EmployeeID
LEFT JOIN TimeRecords AS t
ON t.LogID = L.LogID

 Output:
Outer Join
LEFT JOIN

 LEFT JOIN Example 3:

SELECT e.EmpName, L.LogDate, t.InTime, t.OutTime
FROM Employee AS e
LEFT JOIN LogRecords AS L
ON e.EmployeeID = L.EmployeeID
LEFT JOIN TimeRecords AS t
ON t.LogID = L.LogID
WHERE L.LogDate IS NOT NULL
 Output:
Outer Join
RIGHT JOIN

 RIGHT JOIN Example 1:

SELECT e.EmpName, L.LogDate, t.TIn, t.TOut
FROM TimeRecords AS t RIGHT JOIN LogRecords AS L
ON t.LogID = L.LogID RIGHT JOIN Employee AS e
ON e.EmployeeID = L.EmployeeID

 Output:
Outer Join
FULL JOIN
 Both tables are secondary (or optional)
 In this case, if we’re matching rows in table A and B, then we display:
 all rows from table A even if there is no matching row in table B, and
 all rows from table B even if there is no matching row in table A.
Outer Join
FULL JOIN
 FULL JOIN Example:
Outer Join
FULL JOIN
 FULL JOIN statement:
SELECT MovieTitle, GenreDesc
FROM MovieList AS m
FULL JOIN Genres AS g
ON m.GenreCode = g.GenreCode

 Output:
NORMALIZATION
 Normalization

DATABASE FUNCTIONAL NORMAL FORMS

NORMALIZATION DEPENDENCY
Database Normalization
Normalization
 A technique used to perform logical database design, and for
producing set of relations that possess a certain set of properties
 Process of organizing data in a database, which includes
creating tables and establishing relationship between tables to
eliminate redundancy and inconsistent dependency
Database Normalization
 Any relation (table) will be taken and a unique identifier (primary key) will be chosen for the
entity (table) that the relation represents

Figure 6. 1 Normalization Process

Database Normalization
The Need for Normalization
Normalizing relations is practiced to remove ‘anomalies’ from the data
 Insert Anomaly
- Refers to a situation wherein a new tuple (row) cannot be inserted in a relation because of an artificial dependency on another relation

 Delete Anomaly
- Refers to the situation wherein deletion of data about one particular entity causes unintentional loss of data that represents another entity

 Update Anomaly
- Refers to a situation in which an update of a single data value requires multiple tuple (rows) of data to be updated
Functional Dependency

 Describes the relationship between two sets of attributes (column) from the database

 If two tuples have same values for attributes A1, A2…An, then those two tuples must have same
values for attributes B1, B2….Bn

 Represented by an arrow sign ( → )

Functional Dependency

Classification of Function Dependency

◦ Full Functional Dependency
- If A and B are attributes of a table, B is fully functionally dependent on A if B is functionally dependent on A, but
not on any proper subset of A

- Example:

Given a relation R and Functional Dependency X→Y:

Y is fully functionally dependent on X and there should not be any Z → Y, where Z is a proper subset of X
Functional Dependency
Classification of Function Dependency
◦ Partial Dependency
- If A and B are attributes of a table, B is partially dependent on A if there is some attribute that can be removed from A and yet the
dependency still
holds Example:
Given a relation R (A, B, C, D, E), Functional Dependency AB → CDE, and Primary Key AB

A → C is partial dependency

A → D is partial dependency

A → E is partial dependency

B → C is partial

dependency B → D is partial

dependency B → E is

partial dependency
Functional Dependency

Classification of Function Dependency

◦Transitive Dependency
- A condition where A, B, and C are attributes of a table such that, if A is functionally
dependent on B and B is functionally dependent on C then C is transitively dependent on
A via B
- Example:
Given a relation R (A, B, C, D, E), and dependency A → B, B → C is transitive
dependency, since A → C is implied
Normal Forms
Un-normalized Form

Figure 6.3 Students table

Normal Forms
First Normal Form (1NF)
◦ No rows of data must contain repeating group of information that is each set of column must have a unique value, such
that multiple columns cannot be used to obtain same row

◦ Increases data redundancy, since there will be many columns with same data in multiple rows, but each row will be unique

Figure 6. 4 1NF
Normal Forms
Second Normal Form (2NF)
◦ There must be no partial dependency of any column on primary key

◦ A table that has concatenated primary key, each column in the table, which is not part of the primary key, must depend upon
the entire concatenated key for its existence

Figure 6. 5 2NF
Normal Forms
Third Normal Form (3NF)
◦ Each column is directly
dependent on the primary key
while non- primary key columns
aren’t dependent on other non-
primary key columns
◦ Transitive functional
dependency should be removed
from the table, and must have
been in 2NF
Figure 6. 6 3NF
Normal Forms
Boyce-Codd Normal Form (BCNF)
◦ Referred as “third and a half (3.5) normal form”
◦ Named after Ray Boyce who was one of the creators of SQL, and
Edgar Codd who is the ‘Father of Relational Databases’
◦ Eliminates most of the anomalies known in databases today
◦ Most common standard for normalization in commercial databases
and computer-aided software engineering tools
Normal Forms
Fourth Normal Form (4NF)
◦ A relation is in the fourth normal form (4NF) if and only if it does not contain Multi-Valued Dependency
(MVD) that exists in a table

 Multi-Valued Dependency
- occurs when the presence of one or more rows in a table implies the presence of one or more other rows in
that same table

Fifth Normal Form (5NF)

◦ Also called the “projection-join normal form” (PJ/NF)
◦ A relation is in the fifth normal form if and only if every join dependency in the relation is a consequence
of the candidate keys of the relation
 DATABASE
BACKUP AND
RECOVERY
Database Backup and Recovery

Database Backup

Database Recovery
Database Backup
The Need for Database Backup
 Backup can be performed in any of the several ways:
 Use SQL to create backup tables and copy data into t hem.
 Use an implementation-defined mechanism that backs up the
whole database or portions of it
 Using DBMS installation
Database Backup
Log File
 The DBMS maintains a special file called log file to keep track of database
transactions
 It may contain the following:
 Transaction identifier

 Type of log record

 Identifier of data item affected by the database action

 Before-image of the data item which means its value before change

 After-image of the data item which means the value after change

 Log management information

Database Backup
Checkpointing
 It is the point of synchronization between the database and the
transaction log file
 Checkpoints involves the following operations:
 Writing all log records in main memory to secondary storage

 Writing t he modified blocks in t he database buffers t o

secondary storage
 Writing a checkpoint record to the log file
Database Recovery
The Need for Recovery
 There are many different types of failure that can affect database
processing
 Some causes of failures are as follows:
 System crashes

 Media failures

 Application software errors

 Natural physical disasters

 Carelessness

 Sabotage
Database Recovery
The Need for Recovery
 A DBMS should provide the following facilities to assist with
recovery
 A backup mechanism

 A logging facilities

 A checkpoint facility

 A recovery manager
Database Recovery
Recovery Techniques
 The recovery technique that must be selected is dependent on the
extent of the damage that has occurred to the database
 If the database has been extensively damaged, for example a
disk head crash has occurred and destroyed the database
 If the database has not been physically damaged but has
become inconsistent
Database Recovery
Recovery Techniques
 Using the Deferred Update
 In the deferred update protocol, the updates are not written to the database until
after a transaction has reached its commit point
 In this protocol, the log file is used as follows:
◦ Write the transaction start record to the log
◦ Write a log record containing the entire log data specified previously
◦ Write a transact commit log record
◦ If the transaction aborts, ignore the log records for the transaction and do not
perform the writes
Database Recovery
Recovery Techniques
 Using the Immediate Update
 In the immediate update protocol, the updates are applied to the database as
they occur without waiting to reach the commit point
 In this protocol, the log file is used as follows:
◦ Write the transaction start record to the log
◦ Write a log record containing the necessary data to the log file
◦ Write the update to the database buffers
◦ Write a transaction commit record to the log
DATABASE
SECURITY
 Database Security

DATABASE SECURITY SQL INJECTION CHALLENGES OF

ISSUES DATABASE SECURITY
Database Security Issues

◦ Legal and ethical issues regarding right to access certain information

◦ Policy issues on governmental, institutional, or corporate level to a certain

kind of information that should not be publicized

◦ System-related issues at which security functions should be enforced

◦ Need in some organization to identify multiple security levels and to

categorize data and users based on classification
Database Security Issues
Threats to Database

◦ Loss of Integrity

◦ Loss of Availability

◦ Loss of Confidentiality

Two Types of Database Security Mechanisms

1. Discretionary Security Mechanism

2. Mandatory Security Mechanism

Database Security Issues
Control Measure
1. Access Control
2. Inference Control
3. Flow Control
4. Data Encryption

Data Sensitivity

- measure of importance assigned to the data by its owner for the purpose of representing its need for
protection

Factors to Consider in Revealing a Data

◦ Data Availability

◦ Access Acceptability

◦ Authenticity Assurance
Database Security Issues
Data Security vs. Data Privacy
 Security refers to many aspects of protecting a system from unauthorized use, including authentication of
users, information encryption, access control, firewall policies, and intrusion detection

 Privacy is the ability of individuals to control the terms under which their personal information is acquired and used

 Security involves technology to ensure that information is appropriately protected and is a required building block for
privacy to exist. Privacy involves mechanisms to support compliance with some basic principles and other explicitly
stated policies
SQL Injection
 A technique where malicious users can inject malicious SQL commands into an SQL statement, via web page input

Other Frequent Attacks on Database

 Unauthorized privilege escalation

 Privilege abuse

 Denial of service

 Weak authentication

Different Types of Injection Attacks

 SQL Manipulation

 Code Injection

 Function Call Injection

SQL Injection
Risk Associated with SQL Injection
 Database Fingerprinting
 Denial of Service
 Bypassing Authentication
 Identifying Injectable Parameters
 Executing Remote Commands
 Performing Privilege Escalation

Protection Techniques Against SQL Injection

 Bind Variables
 Filtering Input
 Function of Security
Challenges of Databases Security

 Data Quality
 Intellectual Property Rights
 Database Survivability