rename table employee to user
drop database employees
create database employees
alter table user character set utf8
alter table user add salary decimal(8,2)
update user set salary=5000
update user set name='tt' where id=1
alter table user drop salary//删除列
delete from user where job='IT'//删除行
delete from user
查询语句:
基本查询语句:select from where
查询参数指令:union group by order by limit and or
常用函数:group_contact() database() version()
select * from user
select * from user where id in('3')
select * from user where id=(select * from user where name='admin')
select * from user where id='1' union select * from email where id='1'
(联合注入前后表格列数必须相等)
group by分组(进行列数判断)
select department,count(id)from student group by department;
select * from user where id=9 group by 2
select * from user where id=9 group by 4
order by排序(进行列数判断)
select stu_id from score where c_name='计算机' order by grade desc;
(desc降序)
limit 限制输出内容的数量
select * from user limit 1,3
(限制为从第一行开始显示3行)(报错注入)
and 和 or 判断它是闭合关系来判断它到底是字符型还是数字型
or可以用于post提交注入里面可能会用来作为万能密码
select * from user where id=1 and username='benben'
select * from user where id=2 or username='benben'
常用函数:
group_contact函数 多行变一行
select database()查询数据库名称
select version()查询数据库版本,绕过防火墙做注入