SQL DATABASES

Standard format and interface for Databases.

INSERT INTO STUDENTS ('Anderson','Kurt',......)

INSERT INTO STUDENTS ('Smith','Robert');DROP TABLE Students;--')

The reason injection attacks are even possible is that SQL is poorly designed.

The reason injection attacks work is that the SQL interface is based entirely upon text strings.

Interface:  If you are programming in C++ or Java or Kotlin or Python or anything else, you will import libraries into your IDE or compiler that contain the SQL functions.  Oversimplification:  All SQL commands are handled from a single library method that accepts a string and returns
a two-dimensional array of string.  The input string contains the SQL command that needs to be run.  SQL then parses the string and does what the text command tells it to.  So, if you can trick the programming language into generating a dangerous command SQL, you can have SQL do that dangerous thing.

If you want to avoid injection attacks in SQL, just make sure that when you build your commands from user input data, that there are no quotes in that user input data.

What is the difference between SQL and SQLite?

What is the hardest task that comprehensive database software has to accomplish (on a daily basis)?  Handling more than one user in the database at the same time, making changes.  Crudely, one way to do it is to allow as many readers as want to be there, but if someone makes a modification, that user has to be the only one in there doing anything.  This can be handled with locks.  SQL provides this sort of coordination.  It locks requests until they can be safely handled.  Computers will run "SQL Servers" to handle this.

SQLite is pared down version of SQL.  It does not require a server.  But it uses the same databases and the same interface.  But there is no server to coordinate multiple users on the same database.  BUT, since this is Android Programming, how many users are there going to be?  Usually, the Android runs one program at any given time, and there's not much of a mechanism for multiuser use.  SQLite is PERFECTLY FINE.