SQL

SQL is important to know how to use.  It is the standard system for creating, using, modifying relational databases.

In my opinion, SQL's big flaw is its text-based library command interface.  When you use SQL from
any platform, you have to generate a text string to indicate what you want SQL to do and then
You call a library function to parse and execute that command.  A better system would be to have
Several different library functions with parameters for creating, adding, removing, modifying, reading, etc.  By making the programmer convert everything to text strings you make it easy for an
"Injection attack".

INSERT INTO Students (Name,DOB,Address) values ('George','5-DEC-2015','24 Main St')

Sqlcmd = "INSERT INTO Students (Name,DOB,Address) values ('"+NAME+"','"+DOB+"','"+ADDRESS
+"')"

INSERT INTO Students (Name,DOB,Address) values ('Robert');DROP TABLE Students;--','5-DEC-2015','24 Main St')

Randy's solution is to use ?'s (which indicates a new argument is coming).

My solution is to scan the user input and remove the quotes from it.

In 344, we will not concern ourselves with injection attacks.  I will not try to crash your stuff with injection attacks.