SQL Injection Diary 4
0x00 What we learned yesterday?
We've learned how to add data or insert data into a table.
Then we learned how to select all data of a table and renew some special data of the table
1:LOAD DATA LOCAL INFILE '(location of the file)' INTO TABLE tablename;
LINES TERMINATED BY '\r\n';
this is load data by local files.
2:INSERT INTO tablename
VALUES('','','',···);
this is insert data into table.
Then in the last we've mentioned something about retrieving data from table:
SELECT * FROM tablename; can select the whole table.
then UPDATE can renew data in table without reloading
on the contrary DELETE also can renew data but need to reload all data after the renewed point.
Then let's learn more ways to retrieving data from tables!
0x01 Selecting Particular Rows
We can select only one row by select command like this:
SELECT * FROM tablename WHERE xx='xx';
for example, we have this table: exam
| name | ID | age |
| Kun | 1 | 19 |
| Kun2 | 2 | 13 |
| Kun3 | 2 | 15 |
I want to select the first row, I need this:
SELECT * FROM exam WHERE name='Kun';
then we will get this:
| name | ID | age |
| Kun | 1 | 19 |
We can also specify a condition on any columns. Like this:
SELECT * FROM exam WHERE ID='1';
We can also combine conditions like this:
SELECT * FROM exam WHERE name='Kun' AND ID='1';
It's the same effect as the first table we've shown.
If we need to select two or more rows, we can use OR
AND can select a row by two or more properties, OR can select two or more rows by one property.
like this:
SELECT * FROM exam WHERE ID='1' OR ID='2';
then you will get this:
| name | ID | age |
| Kun | 1 | 19 |
| Kun2 | 2 | 13 |
| Kun3 | 2 | 15 |
AND is a higher precedence than OR.
We can combine AND and OR to get our targets.
0x02 Selecting Particular Columns
Easier than selecting rows.Just use select:
SELECT columnname1,columnname2 FROM tablename;
SELECT name,ID FROM exam;
and this is the outcome:
| name | ID |
| Kun | 1 |
| Kun2 | 2 |
| Kun3 | 2 |
If there's a column appear more than once, we can use DISTINCT to get only one data.
For example, I have two pets, and the two pets' information has been written into a table named pet.
If we use SELECT owner FROM pet;
I would receive two rows, cause I'm the two pets' owner.
so use SELECT DISTINCT owner FROM pet;
I can receive only one row from the table.
0x03 Selecting Particular Data By The Combination Of Rows And Columns
SELECT name FROM exam
WHERE ID='1';
| name | ID |
| Kun | 1 |
This is what we've learned today!
And tomorrow if we have time, we will start our SQL injection's study.
