This document covers essential SQL statements for database operations, based on MySQL/MariaDB syntax. These are fundamental operations needed for database interaction and SQL injection understanding.
CREATE DATABASE users;SHOW DATABASES;USE users;CREATE TABLE logins (
id INT NOT NULL AUTO_INCREMENT,
username VARCHAR(100) UNIQUE NOT NULL,
password VARCHAR(100) NOT NULL,
date_of_joining DATETIME DEFAULT NOW(),
PRIMARY KEY (id)
);Common Constraints:
NOT NULL- Field cannot be emptyUNIQUE- Field must be uniqueAUTO_INCREMENT- Automatically increment valueDEFAULT NOW()- Set default to current timestampPRIMARY KEY- Unique identifier for records
-- Show all tables
SHOW TABLES;
-- Describe table structure
DESCRIBE logins;INSERT INTO logins VALUES(1, 'admin', 'p@ssw0rd', '2020-07-02');INSERT INTO logins(username, password) VALUES('administrator', 'adm1n_p@ss');INSERT INTO logins(username, password) VALUES
('john', 'john123!'),
('tom', 'tom123!');SELECT * FROM logins;SELECT username, password FROM logins;SELECT * FROM logins WHERE id > 1;
SELECT * FROM logins WHERE username = 'admin';Example Output:
+----+---------------+------------+---------------------+
| id | username | password | date_of_joining |
+----+---------------+------------+---------------------+
| 1 | admin | p@ssw0rd | 2020-07-02 00:00:00 |
| 2 | administrator | adm1n_p@ss | 2020-07-02 11:30:50 |
| 3 | john | john123! | 2020-07-02 11:47:16 |
| 4 | tom | tom123! | 2020-07-02 11:47:16 |
+----+---------------+------------+---------------------+
UPDATE logins SET password = 'change_password' WHERE id > 1;UPDATE logins SET username = 'newuser', password = 'newpass' WHERE id = 1;Important: Always use WHERE clause to avoid updating all records!
DELETE FROM logins WHERE id = 1;
DELETE FROM logins WHERE username = 'admin';ALTER TABLE logins ADD newColumn INT;ALTER TABLE logins RENAME COLUMN newColumn TO newerColumn;ALTER TABLE logins MODIFY newerColumn DATE;ALTER TABLE logins DROP newerColumn;ALTER TABLE logins ADD CONSTRAINT UNIQUE (username);DROP TABLE logins;DROP DATABASE users;Warning: DROP operations are permanent and cannot be undone!
-- Equality
SELECT * FROM logins WHERE id = 1;
-- Inequality
SELECT * FROM logins WHERE id != 1;
SELECT * FROM logins WHERE id <> 1;
-- Greater/Less than
SELECT * FROM logins WHERE id > 1;
SELECT * FROM logins WHERE id < 10;
SELECT * FROM logins WHERE id >= 1;
SELECT * FROM logins WHERE id <= 10;-- LIKE with wildcards
SELECT * FROM logins WHERE username LIKE 'admin%'; -- Starts with 'admin'
SELECT * FROM logins WHERE username LIKE '%min'; -- Ends with 'min'
SELECT * FROM logins WHERE username LIKE '%min%'; -- Contains 'min'
-- IN clause
SELECT * FROM logins WHERE id IN (1, 2, 3);
-- BETWEEN
SELECT * FROM logins WHERE id BETWEEN 1 AND 5;-- AND (both conditions must be true)
SELECT * FROM logins WHERE id > 1 AND username = 'admin';
-- OR (at least one condition must be true)
SELECT * FROM logins WHERE id = 1 OR username = 'admin';
-- NOT (negates the condition)
SELECT * FROM logins WHERE NOT id = 1;-- AND evaluation (returns 1 for true, 0 for false)
SELECT 1 = 1 AND 'test' = 'test'; -- Returns: 1 (true)
SELECT 1 = 1 AND 'test' = 'abc'; -- Returns: 0 (false)
-- OR evaluation
SELECT 1 = 1 OR 'test' = 'abc'; -- Returns: 1 (true, first condition true)
SELECT 1 = 2 OR 'test' = 'abc'; -- Returns: 0 (false, both conditions false)
-- NOT evaluation
SELECT NOT 1 = 1; -- Returns: 0 (false, negation of true)
SELECT NOT 1 = 2; -- Returns: 1 (true, negation of false)-- && (same as AND)
SELECT 1 = 1 && 'test' = 'abc'; -- Returns: 0
-- || (same as OR)
SELECT 1 = 1 || 'test' = 'abc'; -- Returns: 1
-- != (same as NOT EQUAL)
SELECT 1 != 1; -- Returns: 0
SELECT 1 != 2; -- Returns: 1-- NOT with inequality
SELECT * FROM logins WHERE username != 'john';
-- Multiple conditions
SELECT * FROM logins WHERE username != 'john' AND id > 1;
-- Complex logic
SELECT * FROM logins WHERE (id > 1 AND username = 'admin') OR (id < 5 AND username != 'tom');- Arithmetic: Division (/), Multiplication (*), Modulus (%)
- Arithmetic: Addition (+), Subtraction (-)
- Comparison: =, >, <, <=, >=, !=, LIKE
- Logical: NOT (!)
- Logical: AND (&&)
- Logical: OR (||)
-- Expression: username != 'tom' AND id > 3 - 2
-- Step 1: Arithmetic first: 3 - 2 = 1
-- Step 2: Comparison: username != 'tom' AND id > 1
-- Step 3: Evaluate both comparisons, then AND
SELECT * FROM logins WHERE username != 'tom' AND id > 3 - 2;
-- This is evaluated as:
-- SELECT * FROM logins WHERE (username != 'tom') AND (id > 1);-- Force different evaluation order with parentheses
SELECT * FROM logins WHERE (username = 'admin' OR username = 'tom') AND id > 1;
-- Without parentheses (different result):
SELECT * FROM logins WHERE username = 'admin' OR username = 'tom' AND id > 1;
-- Evaluated as: username = 'admin' OR (username = 'tom' AND id > 1)-- DANGEROUS: This might not work as expected!
SELECT * FROM logins WHERE username = 'admin' OR password = 'pass' AND id = 1;
-- Evaluated as: username = 'admin' OR (password = 'pass' AND id = 1)
-- SAFE: Use parentheses for clarity
SELECT * FROM logins WHERE (username = 'admin' OR password = 'pass') AND id = 1;-- Check for NULL values
SELECT * FROM logins WHERE password IS NULL;
SELECT * FROM logins WHERE password IS NOT NULL;-- Concatenation
SELECT CONCAT(username, ':', password) FROM logins;
-- String length
SELECT username, LENGTH(username) FROM logins;
-- Substring
SELECT SUBSTRING(username, 1, 3) FROM logins;
-- Case conversion
SELECT UPPER(username), LOWER(username) FROM logins;-- Current date/time
SELECT NOW();
SELECT CURDATE();
SELECT CURTIME();
-- Date formatting
SELECT DATE_FORMAT(date_of_joining, '%Y-%m-%d') FROM logins;-- Count records
SELECT COUNT(*) FROM logins;
-- Maximum/Minimum
SELECT MAX(id), MIN(id) FROM logins;
-- Group by
SELECT username, COUNT(*) FROM logins GROUP BY username;-- NEVER store plain-text passwords!
INSERT INTO logins VALUES(1, 'admin', 'password123', NOW());
-- NEVER use SELECT * in production
SELECT * FROM users; -- Exposes all data-- Use specific column selection
SELECT username, email FROM users;
-- Use parameterized queries (application level)
-- Instead of: "SELECT * FROM users WHERE id = " + userInput
-- Use prepared statements with placeholders
-- Hash passwords before storage
-- INSERT INTO logins VALUES(1, 'admin', SHA2('password123', 256), NOW());Target Database: employees
Connection: mysql -u root -ppassword -h target --skip-ssl
-- 1. Show available databases
SHOW DATABASES;
-- 2. Select target database
USE employees;
-- 3. Show tables
SHOW TABLES;
-- 4. Examine table structure
DESCRIBE departments;
DESCRIBE employees;
-- 5. Extract data
SELECT * FROM departments;
SELECT * FROM employees WHERE department = 'Development';
-- 6. Find specific information
SELECT department_id FROM departments WHERE department_name = 'Development';- Connect:
mysql -u root -ppassword -h target --skip-ssl - List:
SHOW DATABASES; - Select:
USE database_name; - Explore:
SHOW TABLES; - Query:
SELECT * FROM table_name; - Target:
SELECT column FROM table WHERE condition;