What is SQL?
SQL is the language for asking questions of relational data stored in tables. You describe what you want — these columns, from these tables, matching these conditions — and the database figures out how to get it. It is declarative, decades old, and still the backbone of most backends.
Why it matters
Almost every backend stores its core data in a relational database, and SQL is how you read and write it. Engineers who are fluent in SQL push work into the database where it is fast, instead of pulling everything into application code and looping. It is one of the highest-leverage skills on this track.
What to learn
- SELECT, WHERE, ORDER BY, LIMIT
- INSERT, UPDATE, DELETE and the danger of a missing WHERE
- JOINs: inner, left, and when each applies
- GROUP BY and aggregate functions
- Subqueries and common table expressions
- NULL handling and three-valued logic
- Parameterized queries to prevent injection
Common pitfall
Building queries by concatenating user input into a string. That is how SQL injection happens, and it is still one of the most exploited vulnerabilities. Always use parameterized queries or a query builder that parameterizes for you, so input is data, never executable SQL.
Resources
Primary (free):
- PostgreSQL — SQL tutorial · docs
- Mode — SQL tutorial · docs
- MDN — SQL injection · docs
Practice
Create two related tables — users and orders — and seed a few rows. Write queries to: list each user with their order count, find users with no orders, and total revenue per user. Use a parameterized query for one lookup by id. Done when the join and group-by queries return correct results.
Outcomes
- Write SELECTs with filtering, ordering, and limits.
- Join related tables and choose inner vs left correctly.
- Aggregate data with GROUP BY and aggregate functions.
- Prevent SQL injection with parameterized queries.