I havnt posted in a long long long time here, but ive hit a bit of a wall in my learning.

Sql data bases seem rather interesting, storing a lot of personal information on users and such. So I started thinking, how do people steal the databases? I asked a few freinds and the most I got out of them was something along the lines of:

"Oh it's easy you just send the right packet to the server and it will respond by sending you the database"

Naturally this is not enough information.

Is this guy talking absolute crud? If not what kind of packets are we talking about and how would one go about stopping this kind of attack?

I don't think this is in the league of sql injection, but perhaps it is needed here also?

Remember I am trying to retrieve the database, not inject into it.

Any help is greatly appreciated