SQL injection (SQL injection attack) for the beginner tutorial

Source: Internet
Author: User
Tags sql injection sql injection attack
Because the current SQL injection is very popular and the technology threshold is lower attack means, and very practical, light can get some of the site's accounts, such as a movie site to get the gold member of the account number, heavy use of its website building more intrusion into the entire server and so on.
This is intended as a topic to explain SQL and its injection. Where the SQL is not clear where you want to look at their own data. This post will be updated for a long time ...
One, SQL overview
The SQL (structured query Language) language is a structured query language. There are 9 keywords in the SQL language that complete the core functions: SELECT (data query), creat, DROP, ALTER (data definition), INSERT, Updata, DELETE (data manipulation), GRANT, REVOKE (Data Control).
1, Data definition section
(1) Create a basic table
creat table Employee (
Eno Char (6) NOT null unique,
Ename char (unique)
Esex Char (2)
eage int
Edept Char (10)
Espe Char (20)
)
The statement creates a data table named employee. There are six columns, character type (length 6, non-empty, unique) employee number ENO, character type (length 20, unique) employee number name ename, character type (length 2) Employee sex, integral type of employee age, character type ( The employee Department of length 10, character type (length 20) employee specialty.
(2) Delete the basic table
DROP TABLE Employee
(3) Change the basic table
ALTER TABLE Employee ADD esalary CHAR (5)
Add a column to the employee table with a character type (length of 5) for the employee's salary.
ALTER TABLE wmployee DROP UNIQUE (ename);
Removes the unique attribute of the employee's name from the employee table.
ALTER TABLE Employee MODIFY esex CHAR (1);
Change the gender column in the employee table to a character type.
2, the data query part
This is the most flexible and powerful part of the SQL statement.
(1) Basic query statement
SELECT Eno,ename,esex from Employee
Query the Eno,ename,esex three columns in the Employee table
SELECT * from Employee
Queries all columns in the Employee table.
SELECT DISTINCT Eno from Employee;
Queries the ENO column in the Employee table and removes duplicate rows.
(2) condition (WHERE) query statement
The Sussu conditions are concatenated as follows: Not,=,>,<,>=,<=,!=,<>,!>,!<,between And,not BETWEEN and (scoping), Like,not like ( Character matching), is null,is NOT null (null value), And,or (multiple conditional connection).
? Comparison
SELECT Eno from Employee WHERE eage <=25
List employee numbers older than 25 in the table
? Determine scope
SELECT Eno,ename from Employee
WHERE eage [NOT] BETWEEN and 30

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.