🧜SQL Injection Fundamentals
A SQL injection occurs when a malicious user attempts to pass input that changes the final SQL query sent by the web application to the database, enabling the user to perform other unintended SQL queries directly against the database.
MySQL Syntax
Relational & Non-relational Databases
Relational Databases:
Structure:
Use a structured schema with tables, rows, and columns.
Each table has a predefined structure, and relationships between tables are defined using foreign keys.
Storage:
Store data in a tabular format.
SQL (Structured Query Language) is used for querying and managing the data.
Use Cases:
Suitable for applications with complex queries and transactions, such as financial systems, enterprise resource planning (ERP) systems, and customer relationship management (CRM) systems.
Ideal for scenarios requiring ACID (Atomicity, Consistency, Isolation, Durability) properties.
Non-relational Databases:
Structure:
Use a flexible schema that can store various data formats, such as documents, key-value pairs, graphs, or wide-columns.
Do not require a predefined structure, allowing for more flexibility and scalability.
Storage:
Store data in formats like JSON, BSON, XML, or other non-tabular formats.
Different querying languages depending on the database type (e.g., MongoDB uses a query language similar to JSON).
Use Cases:
Suitable for applications with large volumes of unstructured or semi-structured data, such as social media platforms, big data applications, and real-time analytics.
Ideal for scenarios where horizontal scalability and fast read/write operations are crucial.
MySQL
To connect to mysql/mariaDB database, here is the command ->
When we do not specify a host, it will default to the localhost
server. We can specify a remote host and port using the -h
and -P
flags.
If we wanted to create a database:
To create a table:
If we want to retrieve data, we can use SELECT statement:
We can also select specific columns from a table:
If we wanted to remove the tabke and databases from the server we could use the DROP command:
we can LIMIT the results to what we want only, using LIMIT
and the number of records we want
To filter or search for specific data, we can use conditions with the SELECT
statement using the WHERE clause
Another useful SQL clause is LIKE, enabling selecting records by matching a certain pattern.
If we want to print out conditions to be more specific:
In the 'titles' table, what is the number of records WHERE the employee number is greater than 10000 OR their title does NOT contain 'engineer'?
Last updated