Users enter their own SQL statement to extract the data.

The SQL statement is then executed and the result returned.

It can embed any SQL statement almost anywhere in a program.

These can be called from the client using SQL statements.

This becomes particularly important for complex series of SQL statements.

SQL statements which deviate from the model raise an alarm as a database attack.

The limitation of white box testing is that SQL statements are not covered.

The primary difference is that procedures cannot be used in a SQL statement.

Likewise, foreign keys can be defined as part of the SQL statement.

Data searches can be carried out using simple criteria or SQL statements.