Database basics exercise part 2

MYSQL（MariaDB） Advanced operation

1. order by Usage of

select * from result order by score desc;  

take result Data installation scores in the table （score） Sort high and low

among ,desc Representation of descending order （ Decline ）; If from low to high （ Ascending ） Arrange , Then you can put desc Switch to asc; If you don't add this parameter , By default, they are arranged in ascending order

select id,name,score from result order by 1;  

take result The data in the table is displayed by id Sort

select id,name,score from result order by 2;

take result The data in the table is displayed by name Sort

select id,name,score from result order by 3;

take result The data in the table is displayed by score Sort

select id,name,score from result order by 4;

Prompt error No fourth column  

order by Back number (M) Must be less than n( Number of fields in database query ) To display properly . If M>N, The database will report an error

1. Limit Usage of

Limit M,N    // Says from the first M+1 Data began to look down N Data

Limit M   // Indicates before query M Data

select * from result limit 0,2;

The first... In the query table 2 Data

select id,name,score from result limit 1,3;

From 2 Data starts , Go down to query 3 Of data id、name and score Field

1. union select Usage of

（1）select * from result union select 1,2,3,4;

The query result of this statement , That is select * from result and union select 1,2,3,4 Splicing of query results

（2） Try the following 3 statement ：

select id,name,score from result union select 1,2,3;

Normal display

select id,name,score from result union select 1,2;

Report errors

select id,name,score from result union select 1,2,3,4;

Report errors

The above results are summarized , For the following commands ：

Select c1,c2…,cn from result union select d1,d2,…dm;

The second half of the sentence union select Number of fields queried （M） Must be the same as the first half of the sentence select Number of fields queried （n） equal , The database can display the results normally . And order by be similar , This feature can be used to judge the number of fields queried in the database .

（3） Try the following statement

select id,city from result where id=1 and 1=2 union select name,score from result;

From the above results, we can sum up , When the field name is known , An attacker simply places the field anywhere it can be displayed , You can expose the value of this field 、

1. union select combination information_schema database

MySQL (MariaDB) 5.5 The above version comes with information schema database , It's about MySQL Information about all other databases maintained by the server , Such as database name, database table 、 Data type and access right of table column . You can put information schema Database as MySQL (MariaDB) Of ” Catalog "!

1. Try to execute the following two statements

Show databases;

Select schema_name from information_schema.schemata;

The execution results of the two statements are the same

（2） Try to execute the following two sets of statements

The first group

Use student;

The second group

select table_name from information_schema.tables where table_schema='student';

The execution results of the two groups of commands are the same