A salt can be stored with a password hash, so you can create a salt for each password instead of each user. It is common practice for password hash functions (a slow key output function such as BCrypt or PBKDF2) to return the solar text as part of the password hash, which means that you can store the salt and hash together in the same database field.
To verify the entered password, you first need to look for the hash password (using the username or email address), and then the function can extract the used salt from the stored password and use it to compare hashes. This should actually answer your question, databases usually do not have the corresponding functions for hash passwords, so you cannot perform validation in an SQL query, the verification will be performed in code.
The second salt is actually called pepper, the best way to add this secret on the server side is to encrypt an already hashed password with this secret. Unlike a hash, it will be two-way encryption, which allows you to exchange a key if it is ever needed.