SQL Script
SQL files store database commands as plain UTF-8 text — CREATE, SELECT, INSERT, UPDATE, DELETE, and schema definitions. Standardized as ISO/IEC 9075 since 1986, SQL is the dominant language for relational database management across MySQL, PostgreSQL, SQLite, SQL Server, and Oracle.
SQL scripts are database commands, not a convertible data format.
أسئلة شائعة
What is the difference between SQL and SQLite?
SQL is a query language defined by ISO/IEC 9075, used across all relational databases. SQLite is a specific database engine that stores data in a single file and uses a subset of SQL. MySQL, PostgreSQL, and Oracle are client-server databases requiring a running process; SQLite is embedded and serverless.
How do I prevent SQL injection attacks?
Always use parameterized queries (prepared statements) instead of string concatenation. In Node.js: db.query('SELECT * FROM users WHERE id = $1', [userId]). In Python: cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,)). ORMs handle parameterization automatically.
Why does my SQL dump fail to import on a different database engine?
SQL dumps contain dialect-specific syntax: MySQL uses backtick quoting and AUTO_INCREMENT, PostgreSQL uses double quotes and SERIAL/IDENTITY, SQLite lacks ALTER TABLE support. Use a conversion tool like pgloader or manually adjust the syntax for the target engine.
How do I find slow queries in my database?
Use EXPLAIN (PostgreSQL/MySQL) or EXPLAIN QUERY PLAN (SQLite) before your SELECT statement to see the execution plan. Look for sequential scans on large tables — they indicate missing indexes. In production, enable the slow query log (MySQL) or pg_stat_statements extension (PostgreSQL).
ما يميز .SQL
What is a SQL file?
SQL (Structured Query Language) files contain database commands and queries written in the SQL language. They can include table creation statements (CREATE TABLE), data insertion (INSERT), queries (SELECT), stored procedures, triggers, and database migration scripts. SQL was developed at IBM in the 1970s based on Edgar Codd's relational model and standardized by ANSI in 1986. It remains the dominant language for relational database management nearly 50 years later.
اكتشف التفاصيل التقنية
SQL files are plain text and can be opened in any text editor. They are executed against a database server — the file itself contains no data, only the instructions for creating or manipulating it.
How to open SQL files
- MySQL Workbench (Windows, macOS, Linux) — Free GUI for MySQL and MariaDB
- DBeaver (Windows, macOS, Linux) — Free, connects to any database engine
- pgAdmin (Windows, macOS, Linux) — PostgreSQL administration tool
- VS Code (with SQLTools extension) — Syntax highlighting and query execution
- Any text editor — View and edit the raw SQL text
Technical specifications
| Property | Value |
|---|---|
| Language | Structured Query Language |
| Standard | ISO/IEC 9075 (SQL:2023 is the latest) |
| Dialects | MySQL, PostgreSQL, SQLite, T-SQL (SQL Server), PL/SQL (Oracle) |
| Encoding | UTF-8 |
| Comments | -- single-line, /* */ multi-line |
| MIME type | application/sql |
Common use cases
- Database migrations: Schema changes tracked as versioned SQL files (e.g., Flyway, Liquibase)
- Data dumps:
mysqldumpandpg_dumpexport databases as.sqlfiles for backup and transfer - Seed data: Initial data population for development and testing environments
- Reporting queries: Complex multi-table joins and aggregations for business intelligence
- ETL pipelines: Extract, transform, and load operations in data warehouses
SQL statement categories
-- DDL: Define structure
CREATE TABLE users (
id SERIAL PRIMARY KEY,
name VARCHAR(100) NOT NULL,
email TEXT UNIQUE
);
-- DML: Manipulate data
INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com');
SELECT name, email FROM users WHERE id > 10 ORDER BY name;
UPDATE users SET name = 'Bob' WHERE id = 1;
DELETE FROM users WHERE email IS NULL;
-- DCL: Control access
GRANT SELECT ON users TO readonly_role;
SQL is divided into DDL (Data Definition Language), DML (Data Manipulation Language), DCL (Data Control Language), and TCL (Transaction Control Language — COMMIT, ROLLBACK).
SQL dialects and portability
While the ISO standard defines core SQL, each database engine extends it with proprietary syntax. Code written for PostgreSQL may not run on MySQL without changes. Key differences appear in: string functions, date handling, window functions, JSON support, and auto-increment syntax (SERIAL vs AUTO_INCREMENT vs IDENTITY). SQLite is the most portable but lacks features like FULL OUTER JOIN.
Security: SQL injection
SQL injection is the most common and dangerous web vulnerability. It occurs when user input is concatenated directly into SQL queries:
-- DANGEROUS — never do this
"SELECT * FROM users WHERE name = '" + userInput + "'"
If userInput is ' OR '1'='1, the query returns all users. Always use parameterized queries or prepared statements, which separate SQL code from data and prevent injection entirely. Most ORMs (Sequelize, SQLAlchemy, ActiveRecord, Prisma) handle this automatically.
Performance considerations
Slow queries are the most common cause of database bottlenecks. Add indexes on columns used in WHERE, JOIN, and ORDER BY clauses. Use EXPLAIN (PostgreSQL/MySQL) or EXPLAIN QUERY PLAN (SQLite) to see how the database executes a query and whether it uses indexes. Avoid SELECT * in production code — select only the columns you need.
المرجع التقني
- نوع MIME
application/sql- المطوّر
- IBM (Edgar Codd / Donald Chamberlin)
- سنة التقديم
- 1974
- معيار مفتوح
- نعم — عرض المواصفات
البنية الثنائية
SQL files are plain text with no binary structure. A SQL file contains one or more SQL statements, typically terminated by semicolons. Statements fall into four categories: DDL (Data Definition Language — CREATE, ALTER, DROP, TRUNCATE), DML (Data Manipulation Language — SELECT, INSERT, UPDATE, DELETE), DCL (Data Control Language — GRANT, REVOKE), and TCL (Transaction Control Language — BEGIN, COMMIT, ROLLBACK, SAVEPOINT). Comments use double-dash (-- comment) for single-line and /* comment */ for multi-line. Database dump files from mysqldump or pg_dump typically begin with a comment block containing the tool version, database name, and generation timestamp, followed by SET statements configuring the session (character set, foreign key checks), then CREATE TABLE statements, and finally INSERT statements with the data. Encoding is typically UTF-8, though some tools emit files with a UTF-8 BOM or use the database's configured character set. SQL files have no magic bytes, no header structure, and no maximum size limit — dump files from production databases regularly exceed multiple gigabytes.
نقاط الضعف
- SQL injection — user input concatenated into SQL queries allows attackers to bypass authentication, extract data, modify records, or execute administrative operations (DROP TABLE, GRANT)
- Arbitrary DDL/DML execution — executing an untrusted .sql file runs all contained statements, which may DROP tables, INSERT malicious data, create backdoor user accounts, or GRANT elevated privileges
- Data exfiltration via INTO OUTFILE — MySQL's SELECT INTO OUTFILE writes query results to the server filesystem, potentially leaking sensitive data if an attacker controls the query
- Stored procedure injection — malicious SQL files can create stored procedures or triggers that execute on future operations, persisting the attack beyond the initial import
الحماية: FileDex displays SQL files as read-only text in the browser. No SQL execution, no database connection, no server-side processing. SQL content is rendered for viewing and format reference only.