Data, information and importances of sql

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


Data and information means a lot to the business and organizations. The data keep tracks their operations, business rules, and statistical data which useful and critical for their future decision making either short term or long term. When most and every business organization keeps their data, the methods of keeping and managing them must be required. The data should be managed in organized method or system to maintaining the data stored. The system or mechanism that highlighted in this article is the database management system or DBMS. Database have been in practically use since the early invention of electronic computing technology. Differs from what we have been used today, the majority of older database systems were linked to the special custom databases to give speed and flexibility. With today's technologies, the database system can be applied to most widely different databases and their special need and function driven by how much volume data stored, networking technologies, and business direction.

In this new and modern age of technologies, the focus of information system management is primarily within the scope of the use of relational database management system or DBMS. DBMS is a set of programs that allows manipulation and controls over the organization, retrieval, management, and storage of data in a database system. In the current state, databases are attached with client and server and internet technologies are the most typical component that has been used by current business organization to manager high volume of data and maintain in their market or business direction. The development of network technologies which caters the involvement of server, client and web environment drag most of current business organization to migrate themselves from a client/server setup to the web environment which proven to be more reliable and no geographic restriction. This means the data can be stored in database server and can be accessed with access from anywhere without limit of location. The concept of centralized database can be seen to save space, time and labor.


The foundation of SQL development was born in early 70's when Dr E. F. Codd published his paper that entitled "A Relational Model of Data for Large Shared Data Banks" and his paper has became the basic foundation for the relational database system. The paper that published by Dr E.F. Codd discuss the new method to structure data in the database system and this concept is what have been used nowadays in database management.

The development of sql structure did not done by Dr E.F.Codd by himself by also get helps from his colleagues. While he defines the structures of the new language, his friend Donald D. Chamberlin and Raymond F. Boyce had been developing a language for the time being known as SQUARE at IBM. SQUARE refers to Specifying Queries As Relational Expressions which they develop based on theory set and predicate math to choose data from the database system. The secret of this language capability is that the language had a terse math syntax and became the foundation which important to database manipulation.

Four years later, by 1974 both Chamberlin and Boyce had published an article entitled "SEQUEL: A Structured English Query Language". This article discuss in details their improvement works to previous SQUARE language and come up with data retrieval aspects of new SEQUEL. The new and improve version of this language was similar to SQUARE but they highlighted that the SEQUEL features is the top down structured programming which appears to gives a look of the syntax be defines as structured English syntax. By using SQUARE language to search all the names and address of students who enrolled in post-graduate programs and whose the coordinator is Jalaludin would be defines like; The same goes with the query in SEQUEL will be defines like;

The above type of syntax possess a lot of advantages as the language are commonly derive from basic English words. It really easy to learn by non IT people who don't have programming background. These two SQUARE and SEQUEL have a feature allows users to give an instruction to a computer on what to do rather than how to do. The concept of declarative language is as an imperative or procedural type of language. SEQUEL was later renamed to SQL because SEQUEL name has been registered as trade mark by the Hawker Siddeley jet company.

System R is a database system that develops by IBM for their research project at Almaden Research Center in 1970s. The system was the first version of implementation of SQL which develop by Chamberlin and Boyce. It was also the first of all system that invented to demonstrate the relational database management system (RDBMS) have the capabilities to provide fair transaction performance. The system was ready to deploy in 1975 and works on multi-table system which the data can be divide and split so all the records did not have to be stored in single large volume of data or called "chunk". The first system was tested by customers in 1978 and 1979 and the first customer for System R is Pratt & Whitney which is an American aircraft engine manufacturer of products widely used in both civil and military aircraft. It's come to time when Codd's ideas were to establishing the system both to be workable and superior to Codasyl. Codasyl is an acronym for Conference on Data Systems Languages and it is an information technology industry consortium that was formed in 1959 to lead the development of standard programming language that possible to be used on many computers. As for today, Codasyl has not longer exist because of the interest in it have been faded from time to time due to the increasing demand on relational database that begin in early 1980s. When Codd's effort is to try bypassing the capability of Codasyl, he really push IBM to start to develop production version of the database system. The system known as SQL/DS, and then renamed to Database 2 or DB2.

In the meantime while System R and SQL was in development and improvement process, a research project has been conducted at the University of California. The research project was started at early of 1970's and end at early 1980s. The research is about the open-source SQL relational database management system that was purposely intended to give support large scale commercial and government application software. INGRES had vast growing global contributors but Ingres Corporation controls the development and improvisation of INGRES by provide certified binaries for download. Since mid 1980s, INGRES has become the base code for the development o commercial database applications. From the numbers including MySQL, NonStop SQL, Sybase, and others. From the INGRES platform, most of the people that working with it become confident with the huge potential of it. So these people setup their own companies and business to commercialize the work together with SQL interface. From the original INGRES, these people rebuilt, redesign and reconstruct the base code to deliver their own products. Sybase, NonStop SQL and Informix is actually is the INGRES itself and they has sold the system to many customers. Even MySQL also is a re-construct version of Sybase and obviously INGRES. The one that differentiate among these arising database system is Larry Ellison's Oracle that developed based on IBM's papers on System R and bypassing the IBM to market the first version of Oracle in 1978.

The development of Larry Ellison's Oracle started when he get inspired by the paper published by Dr E.F. Codd on relational database systems. Then he started the Oracle in 1977, by investing his own USD1400 at that time with the name 'Software Development Laboratories (SDL). But by 2 years later, the company was renamed Relational Software Inc. and then finally renamed Oracle to features the flagship product of their company, The Oracle Database. At that time, he did heard about IBM System R which also based on Codd's papers, and he wanted Oracle to be compatible with the system. But unfortunately for Larry, IBM refuses to share System R's code. Even though IBM has dominated the mainframe relational database market with its system DB2 and SQL/DS, they delayed their steps in entering market segments for relational database on UNIX and Windows. So steps from IBM lefts the chances open for Sybase, Oracle and Informix to dominate the mid-range systems and microcomputers. There's several years which Oracle dominates the industry of midrange computers until the new comers Microsoft SQL Server being introduced in the late 90s and also the acquisition of Informix by IBM to complement their DB2 database. As for today, Oracles main competitors for database license on LINUX, UNIX and Windows based computers is the IBM's DB2, MySQL, and Microsoft SQL Server while IBM's DB2 maintaining its dominance in the market.

Furthermore, in 1982, Michael Stonebraker who once a project leader for INGRES development at University of California present a much better version of INGRES. Then later in 1985, he come back to the university and started the post-INGRES project which have the objective to overcome the problems with contemporary database system that arise during 1980s. The project Postgres have a numbers of features including the ability to clearly defines types and describing relationships which the main thing costly used by most users. The new Postgres, taking a concept which the database itself understood 'relationship' and capable to retrieve data and information n tables using rules. Later, the project was renamed to PostgreSQL to adhere its support for using SQL and its first version has been release in January 1997. The PostgeSQL projects have large community and contributors that supports its development, and the project continues to release minor 'bugfix' version. The released version was all make available through the same license of open source programs.


Even though SQL has been know as the easiest and the most directive computer language, but many of the original SQL features were violated for its purpose. There's an article proposal that written by Christopher J. Date and Hugh Darwen (1995) that propose the incoming future of database management system. The proposal entitled "The Third Manifesto" explain briefly how incomplete the current relational database management systems and proposed the idea to maintain the relational model for database and support objects as user-defined types. In the proposal, both of the writer discuss another alternatives to SQL, which called D. D is the specifically the desirable characteristics of database language, rather than current language which using specific syntax or grammar.

There are a few critics on behalf the adaption of SQL and among the civisms includes the inconsistency of the implementations. The issues arise when the implementation involve multiple or numbers of different vendors and manufacturer that faced problems in particular data and time syntax, string concatenation, nulls value and variable case sensitivity from one manufacturer to another manufacturer. The SQL language also have possibility to miss-construct a WHERE clause on an update or delete. Thereby its affects more rows in a table than user desired it should be. The solution to this issues is to use transactions or habitually type in the WHERE clause at first, after that, fill in the balance later. The grammar in SQL language is said to can't be too complex as it's adapt COBOL-like approach for the keyword. The result could influenced syntax that can lead to more re-use of fewer grammar and syntax rules. Moreover, the SQL language is claimed as it's too easy applied Cartesian join. Cartesian join is a type of join that have an approach to joining all possible combinations. The possible joining results in 'run-away' sets when WHERE clause has been mistyped. Later than 1992, because of the problems in Cartesian join possibility, SQL 1992 introduced the CROSS JOIN keyword that serve the function allows user to clearly defines that Cartesian join is purposely intended. But the current shorthand 'comma-join' without any predicate is still acceptable in SQL syntax which invites the same mistakes in joining.

Another issues SQL language development is the multi vendor or cross-vendor compatibility. Also be called as cross-vendor portability. The most basic implementation of SQL features that supported is such DATE or TIME data types which are the most of Standard SQL syntax. As for the results, the code of SQL cannot be easily transferred or migrates between different database systems without modification to the code itself. The SQL itself lack of portability because of several reason which the entire complexity and size of the standard SQL language means that the most practitioners or implementers does not support the whole language standard. The standard of SQL language does not specifies the syntax behavior in most important part, leaving the practitioners or implementers to decide by themselves on how to behave. Moreover, there's a lot of database supplier or vendors have huge list of current client bases, which the SQL language standard comes to conflicts with the primary behavior of the vendor's database. Unfortunately, and of course, the vendor will not be willingly to modify and break backward their machine for compatibly because of research and cost time consuming. The SQL language specifies the syntax where a database system should be implements. However there is not enough well-explained on the semantics language constructs, and the matters lead to confusing and ambiguity for developers. Being as software developers, they usually willing to create incompatibilities with other platform, as it is one way for them to maintain loyalty from current customers. And it's also one way over to keep customer from migrate to other vendors which does not have compatibility with their software or machines.

When the issues of compatibility and portability of the SQL language at its peak, while in the same time its implementation is vastly used by database practitioners, comes the idea to standardized the SQL language to be used widely and capable to interoperability between different vendors and database manufacturers. In 1986, American National Standards Institute (ANSI) has adopted the SQL as standards called SL-86 and approved by International Organization for Standardization (ISO) in 1987. The original SQL declared that the pronunciation for SQL is "es queue el" but still many developers using the non-standard pronunciation "sequel". SQL also has been claimed as the standard language in relational database communication, based on IBM's implementation on System R originally approved in 1986. After ANSI SQL has been accepted as the international standard by ISO, the SQL standard has been revised again in 1992 which is called SQL-92.

Year of Revision




SQL-86 (SQL-87)

First SQL that formalized by ANSI


SQL-89 (FIPS 127-1)

Minor revision and adopted as FIPS 127-2


SQL-92 (SQL2, FIPS 127-2)

Major revision on ISO 9075, the Entry Level of SQL-92 and adopted as 127-2


SQL:1999 (SQL3)

Added major feature such recursive queries, support for procedural and control-of-flow statements, non-scalar types, expression matching and a few object-triggered features.



Introduced XML-related features, windows functions, auto-generated values, standard sequences and columns.



ISO/IEC 9075-14:2006 which defines in which SQL syntax can be used with XML. This revision allows applications to integrate with their SQL code by using XQuery. XML Query Language was published by the W3C to access normal SQL data and XML documents.



Adding up INSTEAD OF declaration triggers, TRUNCATE statements and legalize ORDER BY which reside out of cursor definition.

Table 1: Revisions of SQL version and its improvements


Within the context of development in SQL syntax and language, we will feel that SQL will bring a lot of advantages to the database practitioners and implementers. With various versions of standards, will become advantages and of course some disadvantages. At most, a standard driven manufactures in the database industry have proven their potential to improve their products. In the scope of SQL, a standard give a rough or basic from of foundation which server as end results, allowing consistency between different ways or method of implementation and better compatibility. Standardization is the best way to bring successful data migration and portability between organizations, while others says that standard just limiting the flexibility and possible potential of specific implementation. While considering the good and bad, the advantages and disadvantages in standardization of SQL, the expected standard that appear in any complete implementation not only push the consistency effort between major competitive SQL practitioners, but with this implementation of standard, the value of one SQL programmers will also increase and market demand will get higher.

With the various positive feedbacks from multiple version of improvement in SQL development, the drawback in practicing SQL in web environment still appears. The drawback or disadvantages does not appear only in SQL but anything shall have its disadvantages. The most popular disadvantages of using SQL are the potential of script injection. The method is called SQL injection. SQL injection is the code injections that function to exploits a security vulnerabilities that occurs in the system or database layer that implement SQL syntax. The vulnerabilities is present at the time when user input is either mistypes or incorrectly filtered for any string literal and escape characters embedded in SQL statements or user providing input that is not typed accurately and resulting unexpectedly behavior. The injection also happens when there's any programming script that embedded inside another. The injection can lead to disastrous information and data leak which crucial data or access to information can be retrieve to those that able to penetrate and execute SQL injection to the database system. There's a research conducted in National Chiao Tung University that adopting software -engineering techniques to design a security tool for web application. The research applied several methods of SQL injection to database for any security assessment and provides method to detect possible SQL injection to the systems.

There are a few forms of vulnerability that has been detected in SQL injection. The most obvious form is incorrectly filtered escape characters. This kind of injection happen when user's character input was not filtered for escape characters and it's given to SQL statement for processing. When it happen, resulting manipulation of the statements performed in the database by the end user. The example that shown codes of vulnerability are;

From the example we can see the SQL code is purposely designed to pull up the records from the specified username from the table of users. But in this example, if the "username" variable is used in a specific method by some user, the statement could do more than the syntax which the author purposely intended to. As for example, the option set for "username" variable is for;

Then the SQL code above being rendered by the original database script, like below; This example of SQL syntax statement always being used to push the SQL selection of a valid username because the evaluation of 'b' = 'b' is true. Another type of SQL injection is the incorrect type handling.