A common goal of hackers is to gain access to private or confidential data. Servers store high volumes of data in organized structures known as databases. Databases have their own language that is used within the code of other programming languages when accessing the data. If a web application, for example, needs to access or change the profile information of one of its users it will need to send a command to the database that is written in that database’s appropriate language. These commands are known as queries. One of the most common database languages used for online applications Is the Structured Query Language, or SQL. Exploiting vulnerabilities in SQL has, over the years, been one of the most common methods that hackers have used to access websites and the data contained within them. As programmers have become wise to the vulnerabilities in SQL, they have made great efforts to correct those vulnerabilities, so some of the more simple attacks are less common. Understanding SQL and other database query languages is another essential tool for the hacker. An SQL server can be set up on a hacker’s test machine in order to practice various methods of attack.