MySQL
MySQL - Monday, March 24, 2008 22:49 - 0 Comments
SQL Commands - Basic
SQL SELECT
The SQL SELECT clause selects data from one or more database tables and/or views. In its basic form the SQL SELECT syntax looks like this:
SELECT ColumnName1, ColumnName2, …
FROM Table1
Let’s have a look at the SELECT SQL statement above. The first part starts with the SELECT clause followed by a list of columns separated by commas. This list of columns defines which columns we are selecting data from. The second part of our SQL SELECT starts with the FROM clause followed by name of table from where we are extracting data.
We will use a table called Weather with 3 columns – City, AverageTemperature and Date, to give a real world SQL SELECT example:
| City | AverageTemperature | Date |
| New York | 22 C | 10/10/2005 |
| Seattle | 21 C | 10/10/2005 |
| Washington | 20 C | 10/10/2005 |
SQL Injection Attacks by Example
![[SQL Injection logo]](http://www.unixwiz.net/images/sqlinjection.jpg)
A customer asked that we check out his intranet site, which was used by the company’s employees and customers. This was part of a larger security review, and though we’d not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.“SQL Injection” is subset of the an unverified/unsanitized user input vulnerability (”buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises.
We’ll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different — and better — approaches. But the fact that we were successful does suggest that we were not entirely misguided.
There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation. Continue…
Most Popular Content
- Kopete, The KDE Instant Messenger
- Warning Signs You Can’t Ignore
- Robotic Jellyfish Swim and Fly at Hannover Fair
- The Real Indiana Jones
- Popular Wealth - Free Photoshop Brushes To Download
- 5 Ways To Combat Aging
- Inflatable robots could explore Mars
- Thinking the Way Animals Do
- Top 10 things to do in a blackout
- The most natural drug
- 30 Websites to follow if you’re into Web Development
- Please,I want you to help me with some of your books that will enable me to keep...
- You should also mention Ubercart (http://www.ubercart.org) a very powerful Drupa...
- Hello i am interessted on this script please can you contact me!?...
- Excellent article and oh so true.
Thanks...
- Well done.
If you use Ubuntu for, say, half a hour, you'll never go back to W...
- I own a "Super Battery" chinesse mobile phone, Chivak78, and I can assure you th...
- Thank You Very MUCH!!!
I had a working key, but the last time I reinstalled, it...
- Is this big deal end yet ?...
