Page 1 of 1

Good to learn whole language before SQL injection?

PostPosted: Wed Jun 17, 2015 2:32 am
by ghostheadx2
Would it be good to learn all of MySQL, or become proficient in it, before learning SQL injection? I'm planning on learning it after Java. Is that I good idea?

Re: Good to learn whole language before SQL injection?

PostPosted: Wed Jun 17, 2015 2:52 am
by Turn
It's not going to hurt you to learn all of SQL, and if you are already learning it, you SHOULD learn it fully! However, you should definitely be able to do SQLi without grokking it, depending on the application you are trying to attack.

Re: Good to learn whole language before SQL injection?

PostPosted: Wed Jun 17, 2015 3:25 pm
by cyberdrain
Turn wrote:However, you should definitely be able to do SQLi without grokking it, depending on the application you are trying to attack.

I agree with that, I can't code SQL, but SQLi is somewhat doable with a lot of searching and knowing some commands. I won't recommend that if you're serious about it though, so learn it fully if you can and want to.

Re: Good to learn whole language before SQL injection?

PostPosted: Wed Jun 17, 2015 7:32 pm
by ghostheadx2
I'm planning on learning it after Java if I have time while I'm learning assembly. Thanks.

-- Wed Jun 17, 2015 7:33 pm --

I mean after I'm done with data structures in Java and I move onto assembly or during winter break.

Re: Good to learn whole language before SQL injection?

PostPosted: Thu Jun 18, 2015 10:21 pm
by sanddbox
Why would you move on to assembly when your grasp of Java couldn't even be described as basic (no offense intended, I'm just trying to give you an honest evaluation of your skill at this point in time)? Taking a class might have tricked you into thinking that you can just "learn data structures" and then you know how to program, but that's not how it works. Software construction is difficult and takes years of practice to master. You need far more experience building programs before you move on.

Without knowing SQL the only SQLi you'll be capable of is your run-of-the-mill
Code: Select all
' or '1' = '1


That being said, I wouldn't bother learning SQL until you can write a program that actually needs to use a database.

Finally, while Java was my first language as well, I really dislike it as a first language for people to learn. I think Python is an excellent language for noobs to learn because it's intuitive, yet extremely powerful. More importantly, it lets you make simple scripts and cute programs extremely quickly, which is all you can do starting out.

Re: Good to learn whole language before SQL injection?

PostPosted: Fri Jun 19, 2015 2:36 am
by ghostheadx2
Java was what my school is teaching so I have to go with that. I think your right. I'm going to probably finish comp182 this fall and probably try writing something first. That's a better idea. Thanks for telling me that.

Re: Good to learn whole language before SQL injection?

PostPosted: Sat Jun 20, 2015 12:48 am
by mShred
Regarding your initial question concerning SQL, YES.
I absolutely always recommend doing some legitimate work with SQL before diving into injections. You'll learn so much more and be able to manipulate queries in a much more effective way once you understand what's really going on behind the scenes of the SQL server. While you don't necessarily need to be some master SQL querier, it definitely helps.