absolute_field's blog

Sql inject

 
  • Feb 18, 2020

SQL注入

mysql基础语法:

查:

SELECT column_name,column_name FROM table_name;

筛选:返回唯一值

SELECT DISTINCT column_name,column_name FROM table_name;

where过滤:

SELECT column_name,column_name
FROM table_name
WHERE column_name operator value;

ORDER BY:

SELECT column_name,column_name
FROM table_name
ORDER BY column_name,column_name ASC|DESC;

你以为我是拿来排序的,实际上我是看你字段数的!

插:

INSERT INTO table_name (column1,column2,column3,...)
VALUES (value1,value2,value3,...);

改:

UPDATE table_name
SET column1=value1,column2=value2,...
WHERE some_column=some_value;

删:

DELETE FROM table_name
WHERE some_column=some_value;

limit:

SELECT * FROM Websites LIMIT 2;

group_concat()

拼接字符串

union select:

SELECT expression1, expression2, ... expression_n
FROM tables
[WHERE conditions]
UNION [ALL | DISTINCT]
SELECT expression1, expression2, ... expression_n
FROM tables
[WHERE conditions];

copy:

CREATE TABLE newadmin AS
(
    SELECT username, password FROM admin
)
Search