SQL injection - Fundamentals of SQL database operation

The experiment purpose
be familiar with MySQL(MariaDB) Basic and advanced syntax of database , To deepen the SQL Understanding of command statements ,
For subsequent SQL Injection attack and protection experiments lay a solid foundation .

One .MySQL Basic operation

1. Connect to database

stay cmd Enter... On the command line

Or you can PHPstudy2018 Enter between

2. Display all database names in the system

command ：show databases;

  notes ： most SQL Command to ; As an end sign

3. New database csdn

command ：create database csdn;

 4. Select database csdn

command ：use csdn;

5. In the database csdn Create table on zy

command ：create table zy(

id int(8),

name varchar(20),

city varchar(20),

score int(5));

 6. In the table zy Add data to

command ：

insert into zy(id,name,city,score)values(1,"wang","beijing",75);

insert into zy(id,name,city,score)values(3,"li","shanghai",80);

insert into zy(id,name,city,score)values(5,"chen","fuzhou",70);

insert into zy(id,name,city,score)values(2,"zhou","xian",90);

insert into zy(id,name,city,score)values(7,"han","guangzhou",65);
Be careful : If the data is character type (varchar), Must be wrapped in single or double quotation marks !

  After successful insertion , Use command select * from zy; See the table zy Everything in

 7. In the table zy Delete in 1 Data
for example , Delete id=7 The data of , You can use the following command :
delete from zy where id=7;
After deleting successfully , You can still view the results with the following command :
select*from zy;

8. Modify table zy Medium 1 Data

for example , modify id=5 The data of , Put it score Set to 60, You can use the following command :

update zy set score=60 where id=5;
After modification , You can still view the results with the following command :
select * from zy;

 9. Query table zy Data in

example ： Inquire about zy All fields in the table

command ：select * from zy;

  example ： Inquire about zy In the table name,score Field

command ：select name,score from zy;

Two .MySQL Advanced operation of

1.orderby Usage of
(1) take result The data in the table is calculated according to the score (score) Sort from high to low :

select * from zy order by score desc;
among ,desc Representation of descending order ( Decline ); If from low to high ( Ascending ) Arrange , Then you can put desc Switch to asc; If you don't add this parameter , By default, they are arranged in ascending order .

  With id Ascending order

select id,name,score from zy order by 1;

With name Ascending order

select id,name,score from zy order by 2;

  With score Ascending order

select id,name,score from zy order by 3;

  Report errors

select id,name,score from zy order by 4;

It can be concluded from the above results that , For the following commands :
select c1,c2,...,cn from zy order by M;
orderby Back number (M) Must be less than or equal to n( Number of fields in database query ), To display properly . If M>n, The database will report an error . This feature can be used to judge the number of fields queried in the database .

2.limit Usage of
The basic format is :
limit m,n// Says from the first m+1 Data starts , Query down in sequence n Data

limit m// Indicates before query M Data
Try the following two commands :

select * from zy limit 0,2;// The first... In the query table 2 Data

 select id,name,score from zy limit 1,3;
// From 2 This data starts from , Look down 3 Of data id、name and score Field

3.union select Usage of
(1).select * from zy union select 1,2,3,4;
The query result of this statement , That is select * from zy and select1234 Splicing of query results .

(2). Try the following 3 statement ：

select id,name,score from zy union select 1,2,3;

select id,name,score from zy union select 1,2;     ( Will report a mistake )

select id,name,score from zy union select 1,2,3,4;      ( Will report a mistake )

From the above results, we can sum up , For the following commands :
select c1c2,...,cn from zy union select d1,d2,...dm;
The second half of the sentence union select Number of fields queried (m) Must be the same as the first half of the sentence select Number of fields queried (n)

equal , The database can display the results normally . And orderby be similar , This feature can be used to judge the number of fields queried in the database .
(3) Try the following statement

select id,city from zy where id=1 and 1=2 union select name,score from zy;

From the above results, we can sum up , When the field name is known , An attacker simply places the field anywhere it can be displayed , You can expose the value of this field .
4.union select combination information schema database

MySQL(MariaDB)5.5 The above version comes with information_schema database , It's about MvSQL Information about all other databases maintained by the server , Such as database name 、 Table of database 、 Data type and access right of table column . You can put information_schema Database as MySQL(MariaDB) Of “ Catalog ”!

(1) Try to execute the following two statements :
show databases;

select schema_name from information_schema.schemata;

  The execution results of the two statements are the same !
(2) Try to execute the following two sets of statements :
The first group :

use csdn;
show tables;

The second group :

select table_name from information_schema.tables where table_schema='csdn';

  The execution results of the two statements are the same !