With this query on mysql I can see the delete_priv value
select user,Delete_priv from user ;
I see there is a lot of _priv columns, how to see all priv values?
I have tried
select user,*_priv from user ;
select user,%%priv%% from user;
But is wrong syntax.
No.
In standard SQL, you need to enumerate all names of the columns you want to select. Or, you can use select *, and get all the columns in the table.
Alternatively, you can use dynamic SQL: that is, write a query that searches information_schema.columns and generates the list of columns that matches your filter, concatenate a query string from that, then execute it. But this is really a more complex beast, that is probably overkill for your use case.
Related
I'm working through an SQL injection tutorial. I don't understand one aspect of an SQL statement which is used determine where the different columns in the table will be displayed on the web page and then used to execute statements. A previous SQL injection statement has been used to determine the number of columns in the table, which is 6. The SQL statement is
SELECT * FROM TableName Where id=12 union all select 1,2,3,4,5,6
I've researched the SELECT and UNION ALL statements and haven't been able to work out what is actually going on. My thinking is that the numbers in the 2nd select statement respresent the column numbers.
The second statement used to get the values from the table is:
SELECT * FROM TableName Where id=12 union all select 1,2,3,4,user(),6
What does the select 1,2,3,4,5,6 and select 1,2,3,4, user(),6 component of the SQL injection query actually do?
They are not column numbers but values. Assuming you can somehow inject the statement you now need something to do with it. The first example counts the columns. theUNION will fail when there are not enough columns. By adding more columns to the UNION eventually the statement will execute. Now you know how many columns there are.
The second one is injecting the user into the return result set. Assuming the result set gets displayed on the screen for some reason, you now have a user name (or service account name) with which to execute more statements on your database, escalate privileges or make service calls.
It's doing something like that. Without knowing more it's hard to know what exactly.
I have always had the understanding that you use SELECT to select columns from a table. However, I was thrown off when I saw SELECT LAST_INSERT_ID(). I understand what it does... but I don't understand how we can simply just ask for the last inserted id like that. Isn't it true that the SELECT keyword expects to see column names immediately afterwards... so how does that function call satisfy that requirement?
The SELECT statement normally works with a FROM clause to select columns -- and expressions on columns and constants -- from rows in a table.
Without the FROM clause, a SELECT simply evaluates the expressions and returns one row. The function LAST_INSERT_ID() is simply an expression that returns a value, so:
SELECT LAST_INSERT_ID()
returns a result set with single row with a single (unnamed) column.
Some databases do not like the idea of a SELECT without a FROM. Oracle is one of them. It requires a FROM clause and provides a table with one column and one row. MySQL also supports dual, so you could write:
SELECT LAST_INSERT_ID()
FROM dual;
This is handy, if you want to include a WHERE clause with the SELECT (the WHERE requires a FROM in MySQL).
Is it possible to retrieve the count of the number of columns a query returns? This can be easily done with a bound scripting language such as php, but I'm looking for db only solution.
Example:
CountCols(SELECT 'a','b','c')
=> 3
CountCols(SELECT * FROM information_schema.session_variables)
=> 2
Would this work for you?
select
count(*)
from
`information_schema`.`columns`
where
`table_schema` = 'my_table_schema' and `table_name` = 'my_table_name';
You only need to use table_schema if the table name exists in more than one database.
Based on your response comment, you are looking to count a dynamic number of columns. You may be able to do this with a temporary table, but you cannot access the data of a temporary table without possibly installing a patch.
Of note, there is a similar outstanding SO question asking how to select columns from a temporary table.
Well if you want to know the columns in a table just do:
DESCRIBE `table_name`
Otherwise there is no "real" way to get the number of columns in a select query since other than selecting * you select certain columns --> so you will know how many columns you are selecting.
You'll find your answer here most likely: http://dev.mysql.com/doc/refman/5.0/en/columns-table.html
Write a query off of that that takes a table name param and then query for columns of that table and sum that up.
Here is the query I'm trying to execute, and it's supposed to return a table containing data for the pools that are not full (members_nr < members_max).
SELECT id, name,
(
SELECT COUNT(*) FROM pools_entries WHERE pool_id=p.id AND pending=0
) AS members_nr,
members_max, open
FROM pools p
WHERE id IN(1,2,3,4) AND members_nr < members_max;
The problem is MySQL won't recognize members_nr as a field since it's a result from a subquery. Is there a logic solution to this little issue?
Any help will be much appreciated :)
N.B. is correct, you need the having clause. But for the sake of the googler's i'll share a little knowledge.
The WHERE clause is used for restricting the resultset to specific records, it is also used for optimisation. Mysql uses the WHERE clause to identify which index's it can use to speed up the query.
The HAVING clause is executed right at the end of the query. It is used for filtering the recordset. So imagine you have a list of stuff from the database that matches your WHERE clause. You can then use HAVING to filter that list down further on some set conditions.
My basic rule of thumb is: if you need to select based on a column's value, use WHERE, if you need to select based on the value of something which is not a column in the table, use HAVING.
I have a database with many columns and sometimes I need to select quite a few.
Selecting all columns would be too much data. So lets say that:
DESC table_name
gives ordered column names, for example (A,B,C,D,E,F,G,H,I,J....). Is it possible that instead:
SELECT C,D,E,F FROM table_name;
I do something like this:
SELECT [3:6] FROM table_name
I know it makes no difference in this example, but I need to select over 40 columns with long names.
No, you can't SELECT [3:6] FROM table_name What do you think this is, some kind of modern computer language with sequences and ranges as first class data types? :-) :-). This is SQL.
You can, as a commenter pointed out, fetch the names of the columns in the table and then programmatically generate your SQL queries. This is, of course, something a bunch of different data-access-object packages do automatically.