Fundamentals of SQL database operation

One 、MySQL Basic operation

1. Connect to database

stay MySQL Of bin Under the table of contents cmd

Enter the command

mysql -uroot -p

appear Enter password Tips , Enter the password to log in

2. Displays the names of all databases in the system

show databases;

  Be careful ： most SQL Commands end with a semicolon ！！！

2. New database boke

create database boke;

 4. Using a database boke

use boke;

 5. In the database boke Create a table artical

create table artical(id int(8),name varchar(20),score int(5));

 6. In the table boke Add data to

insert into artical(id,name,score) values(3,"aa",10);
insert into artical(id,name,score) values(6,"cc",56);
insert into artical(id,name,score) values(1,"ee",63);
insert into artical(id,name,score) values(4,"jj",98);
insert into artical(id,name,score) values(2,"vv",75);
insert into artical(id,name,score) values(5,"qq",69);

   Be careful ： If the data is character type （varchar）, You must use single or double quotation marks to wrap ！！！

7. Query the data in the table

Query all

select * from artical;

Inquire about id=5 Of score

select score from artical where id=5;

8. Delete a piece of data

Delete id=6 The data of

delete from artical where id=6;

9. Modify a piece of data

modify id=5 The data of , Put it score Set to 30

update artical set score=30 where id=5;

  Two 、MySQL Advanced operation

1.order by Usage of

(1） take result The data in the table are based on score Sort from low to high :

select * from artical order by score asc;

among ,asc Expressing ascending order ( Increasing ); If from high to bottom ( Descending ) Arrange , Then you can put asc Switch to desc; If you don't add this parameter , By default, they are arranged in ascending order .

(2) Try the following commands :

select id,name,score from artical order by 1;

  Normal display with id The result of ascending order

select id, name,score from artical order by 2;

Normal display with name The result of ascending order

select id, name,score from artical order by 3;

  Normal display with score The result of ascending order

select id, name,score from artical order by 4;

  Be careful ：order by Back number （M） Must be less than or equal to n（ Number of fields in database query ）, To display properly . If M>n, The database will report an error . This feature can be used to judge the number of fields queried in the database ！！！

2.limit Usage of

 The basic format is :
limit M,N    // Says from the first M+1 Data starts , Query down in sequence N Data 
limit M    // Indicates before query M Data 

  In the query table 3,4 Data  

select* from artical limit 2,2;

The first... In the query table 3 Data

select * from artical limit 3;

3.union select Usage of

select * from artical union select 1,2,3;

  The query result of this statement , That is select * from artical and select 1,2,3 Splicing of query results

Try the following 2 statement :

select id,name from artical union select 1,2;

  Normal display !

select id,name from artical union select 1,2,3;

Report errors ！ 

Be careful ： The second half of the sentence union select Number of fields queried (m) Must be the same as the first half of the sentence select Number of fields queried (n) equal , The database can display the results normally . And order by be similar , This feature can be used to judge the number of fields queried in the database ！！！

select id,name from artical where id=1 and 1=2 union select name,score from artical;

  From the above results, we can sum up , When the field name is known , An attacker simply places the field anywhere it can be displayed , You can expose the value of this field .

4.union select combination information_schema database

MySQL5.0 There is a version called information_schema The database of , It stores all the information in the database , It's about MySQL Information about all other databases maintained by the server . Such as database name , Table of database , Data type and access right of table column . and 5.0 There is no . You can put information_schema Database as MySQL The catalog of .

show databases;
select schema_name from information_schema.schemata;

The execution results of the two statements are the same ！

use boke;
show tables;

select table_name from information_schema.tables where table_schema='boke';

  The execution results of the two groups of statements are the same ！