- PHP-based website: http://james.church/index.php
INSERT INTO
customers (name, dateOfBirth)
VALUES
('$name','$dateOfBirth');
- Now we need to do a legal command that messess things up
- Insert the end of command then the new attacking command
INSERT INTO
customers (name, dateOfBirth)
VALUES
('$name','2018-01-01 ->`'); DROP table products; -- ` <-- );
-
The
--
comments out anything else on the line foreign key to p key will allign with a foreign key to another tables primary key -
column must be primary and unique
-
sql constrints foreign key not null unique default check
Create a table with SELECT statement
- CREATE INDEX improves speed
- All changes are made using ALTER TABLE
- ADD, MODIFY, and DROP
- changes column data type
- ALTER
- Adding a column
- You can alter existing tabel by adding 1 or 2 more cols
- Adding primary key, foreign key, and check constraints
- pkey
- fkey syntax
- check contraint sytax
- Adding table rows
- INSERT command
- Updating rows
- UPDATE command
UPDATE table SET colname=expression[,colname=expression...]
- DELETE ROW
DELETE
command
- RESTORE
- rollback changes made before committing
- Used to update attributes
- batch update routine
- Many are similar in use case
- IND object in the DB
- Procedural SQL code automatic invoked by RDBMS
- Parts:
- Timing: when the SQL executes
- Event: what happens
- level: statement, row-level
- PL/SQL code enclosed between the BEGIN and END keywords
- DROP TRIGGER
- remove stuff