SQL Injection based on batched SQL statements (批处理sql语句,分号分隔)
1 2 3 4
textUserId = getRequestString("UserId"); textSQL = "select * from Users where UserId = " + textUserId; eg: if textUserId = 11; droptable table_name; sql = select * from Users where UserId = 11; droptable table_name;
别名sql aliases
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
# 字段别名 select column_name as alias_name from table_name;
# 表别名 select column_name from table_name as alias_name;
# 字段别名demo select column_name as a, column_name as b from table_name;
# 将几个字段合起来使用别名 select column_name, column_name + ',' + column_name + ',' + column_name as alias_name from table_name; # 这个功能在mysql中,需要用关键字`concat` select column_name, concat(column_name, ',', column_name, ',', column_name) as alias_name from table_name;
# 表别名demo select a.id, a.name, b.score from A_table as a, B_table as b where a.id = b.id;
aliases can be useful when:
There are more than one table involved in a query
Functions are used in the query
Column names are big or not very readable
Two or more columns are combined together
连接查询join - Inner JoinLeft JoinRight Joinfull Join
Inner Join : returns all rows when there is at least one match in both tables
Left Join : return all rows from the left table, and the mached rows from the right table
Right Join : return all rows from the right table, and the mached rows from the left table
Full Join : return all rows when there is a match in one of the tables
1 2 3 4 5 6 7 8 9 10 11 12 13
# Inner Join select column_name from table1 innerjoin table2 on table1.column_name = table2.column_name;
# Left Join select column_name from table1 leftjoin table2 on table1.column_name = table2.column_name; select column_name from table1 leftouterjoin table2 on table1.column_name = table2.column_name;
# Right Join select column_name from table1 rightjoin table2 on table1.column_name = table2.column_name; select column_name from table1 rightouterjoin table2 on table1.column_name = table2.column_name;
# Full Join select column_name from table1 fullouterjoin table2 on table1.column_name = table2.column_name;
联合union
1 2 3
select column_name from table1 unionselectcolumn_namefromtable2; # 默认情况下,union查询的数据是去重复的(distinct),使用union all可以查询所有(包括重复数据) select column_name from table1 unionallselectcolumn_namefromtable2;
notice that each select statement within the union must have the same number of columns. the columns must also have similar data types. also, the columns in each select statement must be in the same order.
将一张表的数据拷贝到另一张表or其他数据库的表中
将数据拷贝到一张新表,根据教程,使用select into,会出错👇
the select int statement copies data from one table and insert it into a new table.
# 方法1 createtable new_table select * from origin_table;
将数据拷贝到已经存在的一张表中inesrt into select
the insert into select statement copies data from one table and inserts it into an existing table. any existing rows in the target table are unaffected.
1 2
insertinto table2 select * from table1; insertinto table2 (column_name, column_name...) select column_name, column_name ... from table1 [where condition];
constraints can be specified when the table is created (inside the create table statement) or after the table is created (inside the alter table statement).
not null : indicates that a column cannot store null value
unique : ensures that each row for a column must have a unique value
primary key : a combination of a not null and unique. ensures that a column (or combination of two or more columns) have a unique identity which helps to find a particular record in a table more easily and quickly
foreign key : ensure the referential integrity of the data in one table to match values in another table
check : ensures that the value in a column meets a specific condition
default : specifies a default value for a column
auto increment
note that you can have more unique constraints per table, but only one primary key constraint per table
# 多个列使用唯一约束 MySql/ SQL Server/ Oracle/ Access create table table_name ( _id intnotnull; firstName varchar(255), lastName varchar(255) notnull, constraint uc_id unique (_id, lastName) #=> 非空 constraint pk_table primary key (_id, lastname) #=> 主键 there is only one primary key (pk_table), however, the value of the primary key is made up of two columns(_id + lastName) constraint fk_table foreign key (other_id) references Other_table(_id) #=> 外键 );
# MySql create table Persons ( _id int not null, check (_id > 0) );
# Sql Server/ Oracle /Access create table Persons ( _id int not null check (_id > 0), );
# check作用在多个列 create table Persons ( _id int not null, lastName varchar(255), sex int, constraint chk_person check (_id > 0 and sex > 18) );
# 修改表时添加check alter table Persons add check (_id > 0); alter table Persons add constraint chk_person check (_id > 0 and sex > 18)
# 删除check约束 alter table Persons drop check chk_person; #=> mysql alter table Persons drop constraint chk_person; #=> sql server/ oracle / access
创建/删除索引index
updating a table with indexes takes more time than updating a table without(because the indexes also need to update).
1 2 3 4 5 6 7 8 9 10 11 12 13
# 创建索引 create index index_name ontable_name (column_name); create unique index index_name ontable_name (column_name);
eg: create index PIndex onPersons (lastName); create index PIndex onPersons (lastName, FirstName);
# 删除索引 drop index index_name ontable_name; #=> access drop index table_name.index_name; #=> sql server drop index index_name; #=> db2/oracle alter table table_name drop index index_name; #=> mysql
# mysql / oracle(prior version 10G) altertable table_name modifycolumn column_name datatype;
# oracle 10G and later altertable table_name modify column_name datatype;
delete a column in a table (notice that some database systems don’t allow deleting a column)
1 2 3 4
altertable table_name dropcolumn column_name;
eg: altertable Persons dropcolumn DateOfBirth;
change data type
1
altertable Persons altercolumn DateOfBirth year;
notice that the ‘DateOfBirth’ column is now of type year and is going to hold a year in a two-digit or four-digit format column is now of type year and is going to hold a year in a two-digit or four-digit format.
创建视图View
a view is a virtual table.
1 2 3 4 5 6 7 8 9 10 11
# 创建视图 createview view_name asselect column_name(s) from table_name where condition;
# 查看视图 select * from view_name where condition;
# 更新视图 createorreplaceview view_name asselect column_name(s) from table_name where condition;
# 删除视图 dropview view_name;
SQL Function
SQL Aggregate Function
avg() : returns ths average value
count() : returns the number of rows
first() : returns the first value
1 2 3 4 5 6 7 8 9 10 11
# access selectfirst(column_name) from table_name;
# sql server select top 1 column_name from table_name orderby column_name asc;
# mysql select column_name from table_name orderby column_name asclimit1;
select column_name, sum(column_name) from table_name groupby column_name;
having : the having clause was added to SQL because the where keyword cloud not be used with aggregate functions
1
select column_name, aggregate_function(column_name) from table_name where column_name operate valuegroupby column_name having aggregate_function(column_name) operate value;
SQL Scalar Function
ucase() : converts a field to upper case
lcase() : converts a field to lower case
mid() : extract characters from a text field
1 2 3 4
selectmid(column_name, start, length) as some_name from table_name; - column_name : required. the field to extract characters from - start : required. specifies the startingposition (startat1) - length : optional. the numberofcharacterstoreturn. if omitted, the mid() functionreturns the rest of the text
len() : returns the length of a text field
1 2 3
selectlen(column_name) from table_name; # 注意,在mysql中是length()函数 selectlength(column_name) from table_name;
round() : rounds a numeric field to the number of decimals specified
now() : returns the current system date and time
1
select column_name, now() from table_name;
format(): formats how a field is to be displayed
1
selectformat(column_name, format) from table_name;
