So, SQL is a library that can be used with a number of languages on a number of platforms.  You just import it and use it.

The downside about the library, is that the library essentially has only one method.  It takes the SQL command as a string, parses the string, does the operation and then returns the answer as a matrix (two-dimensional array) of string.

Since the method has to take the command in the form of a string, your program will probably have to build the command as a string, and if you are not careful, your program might accidentally build a bad or dangerous string.

The command for adding to a database is

INSERT INTO <tablename> (...<the stuff you want to enter>...)

In your program you would build a string by copying over INSERT INTO <tablename> and a left parenthesis and a quote then pasting the information you wanted to enter and paste in a quote and a right parenthesis

What if the name that copied in was this?

Robert');DROP TABLE students;--

INSERT INTO students ('Robert');DROP TABLE students;--')

This is called an SQL Injection attack.  And it is imperative that serious SQL programmers "sanitize their inputs".  This means they go through every user-entered string to make sure there's no injection attack in there.