Divide your work into steps, that is:
1. If you are keeping a database in a website then there should be a piece of code on the website which takes requests in form of username and password, and returns the data.
2. If you can't do this but the data is on the internet then the unsafe way would be to download the whole database and then authenticate and search using client side code (security experts will want to murder you, though).
3. If you are going to populate the data from scratch only using your application, then Firebase by Google is a good and free solution for student level apps. Here you can have the data on Google's servers and request the data using user-password authentication. This is very safe method.
If you decide to use Sql, the typical unsafe query would be similar to querying using WHERE command wherein the parameters are username and password. But that should only be done on your website, and not on the client.