I'm trying to do an SQL Injection attack, (This is for an assignment, so I'm not doing anything illegal) and I need to see what the current database name is. However, I'm limited to 15 characters for the input, which is 13 when you factor in escaping the string and commenting out the remainder. SELECT DATABASE() is too long because of this, so is there a way to return the database name in 13 characters or less?
You can use SCHEMA() as it's a synonym for DATABASE(). See https://dev.mysql.com/doc/refman/5.7/en/information-functions.html#function_schema
Use STATUS. It gives you several status variables including the name of the database you are connected to.
https://dev.mysql.com/doc/refman/5.7/en/show-status.html
The command SHOW TABLES is only 11 characters, and the heading of the result set reveals the current database.
Here's an example:
mysql> use test;
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| ... |
+----------------+
Related
here and in a lot of other websites I have find a lot of posts regarding this question but for some strange reason no one works.
I have a Wordpress database and I need to find all the terms contained in wp_terms that have any special character.
In fact I need to find all that contains anything else of number or letter.
Why this doesn't work? The MySQL query return 0 results.
SELECT * FROM wp_terms WHERE name LIKE '%[^0-9a-zA-Z ]%'
You can use REGEXP to find out this. Also the ^must be outside from [].
SELECT * FROM wp_terms WHERE name REGEXP '[^0-9a-zA-Z ]'
Test
MariaDB [(none)]> SELECT "Hello" REGEXP '[^0-9a-zA-Z ]' as resut;
+-------+
| resut |
+-------+
| 1 |
+-------+
1 row in set (0.00 sec)
MariaDB [(none)]> SELECT "-Hello" REGEXP '[^0-9a-zA-Z ]' as resut;
+-------+
| resut |
+-------+
| 0 |
+-------+
1 row in set (0.00 sec)
It does not work because MySQL supports the ANSI version of LIKE. The form that you are using is an extended form associated with SQL Server.
On the other hand, MySQL supports regular expressions which are much more powerful. The regular expression for what you want is:
WHERE name REGEXP '[^0-9a-zA-Z ]'
Note that regular expressions match the pattern anywhere in the string, so you do not need wildcards at the beginning and the end.
I found some very strange mysql behavior.
If I run the following command:
mysql> select left(concat("A", "B®"), 3);
Then the output is as expected:
+-----------------------------+
| left(concat("A", "B®"), 3) |
+-----------------------------+
| AB® |
+-----------------------------+
1 row in set (0.00 sec)
However, if I change "A" with some number (1 in this case):
mysql> select left(concat(1, "B®"), 3);
The unicode character "®" becomes corrupted:
+---------------------------+
| left(concat(1, "B®"), 3) |
+---------------------------+
| 1B? |
+---------------------------+
1 row in set (0.00 sec)
Anybody knows how to explain this strange behavior and how to avoid it?
The example above is only a reproduction, in the real life it's a concat of numbers together with strings unknown ahead (not hard-coded strings).
Thanks a lot!
Mysql doesn't convert integer to strings literally. It converts number into the binary representation of it, which is not the same. "if the arguments include any binary strings, the result is a binary string. A numeric argument is converted to its equivalent binary string form; if you want to avoid that, you can use an explicit type cast, as in this example:
SELECT CONCAT(CAST(int_col AS CHAR), char_col);
Refer this for details.
I would also like to read from others if someone has different opinion.
I am using MySQL. In one of my table attributes, I have a serial number description like "SM,ST,SK" for one device.
When users enter SM or ST or SK, I want my query to return a result
My current query looks like that:
SELECT CONCAT(lvl1_id,',',lvl2_id)
FROM hier_menus
LEFT JOIN labels ON (hier_menus.id=label_id AND tbl=65 AND fld=2 AND lang_id=5)
WHERE
hm_type=13 AND lvl1_id=141 AND lvl2_id=id AND label='".addslashes($serial)."'";
It is only able to look at the first comma part of serial number column. When users enter ST, it will not return anything.
Is it possible to search the whole of the long string "SM,ST,SK" to return a matching row?
mysql> select find_in_set('SK', 'SM,ST,SK');
+-------------------------------+
| find_in_set('SK', 'SM,ST,SK') |
+-------------------------------+
| 3 |
+-------------------------------+
1 row in set (0.00 sec)
mysql> select find_in_set('SP', 'SM,ST,SK');
+-------------------------------+
| find_in_set('SP', 'SM,ST,SK') |
+-------------------------------+
| 0 |
+-------------------------------+
You are looking for find_in_set,
however, this is not an optimize solution
you should seek to normalize your serial number into another table,
where each SM,ST, and SK is stored as one row
another way is to convert the data type to set
Try FIND_IN_SET():
SELECT ... WHERE FIND_IN_SET($serial, label)
and as ajreal's pointed out, don't use addslashes. use mysql_real_escape_string (or whatever your DB abstraction library provides). addslashes is hopelessly broken and WILL allow someone to attack your database with ease.
I have an ugly server issue, and i'm trying not to overlook any details on this.
My virtual email users' passwords are stored with MySQL's ENCRYPT function. My basic idea was I'll dump my virtual users' table from the old machine, then import it in the new one.
Just for double-check I tried to store a string with ENCRYPT then again, and the stored data was different. Does this mean I can't export/import my users simply as I thought?
What Datajam has already described is correct. Here's some further explanation.
If you don't supply a salt to the ENCRYPT() function then a random one will be generated and used to encrypt the string. The salt is just two bytes/characters.
First I'll demonstrate that if I run ENCRYPT() twice with the same string it'll give different values (because the random salt differs)
mysql> SELECT ENCRYPT('hello');
+------------------+
| ENCRYPT('hello') |
+------------------+
| 5Q5CiJWj4GItY |
+------------------+
1 row in set (0.02 sec)
mysql> SELECT ENCRYPT('hello');
+------------------+
| ENCRYPT('hello') |
+------------------+
| 7QHPY3iSLVdas |
+------------------+
1 row in set (0.00 sec)
Now if I use the last entry and attempt to ENCRYPT() again using the value we have already as the salt we'll get the same result back:
mysql> SELECT ENCRYPT('hello', '7QHPY3iSLVdas');
+-----------------------------------+
| ENCRYPT('hello', '7QHPY3iSLVdas') |
+-----------------------------------+
| 7QHPY3iSLVdas |
+-----------------------------------+
1 row in set (0.00 sec)
Just to prove that if we get the string (password) wrong with the same salt we'll get a different value. Note that in this example the two first characters (which are just the salt) remain the same.
mysql> SELECT ENCRYPT('helloX', '7QHPY3iSLVdas');
+------------------------------------+
| ENCRYPT('helloX', '7QHPY3iSLVdas') |
+------------------------------------+
| 7QKDSis4DZnCU |
+------------------------------------+
1 row in set (0.01 sec)
Using this information you should try to run the ENCRYPT() function both of the MySQL servers specifying the same salt with both you should get the same result back. If not then the implementation of crypt() likely varies between the two.
I understand this is an old post but if you have a similar problem you don't need to rebuild all the encrypted passwords. The salt is the first two characters.
It's likely that the ENCRYPT function salts the input with a random value for just that reason - you want encrypting the same data twice to give different ciphertext.
MySQL's ENCRYPT() function has an optional second argument to define the salt used by the hashing algorithm. If you do not provide a salt then the result will be different, even for the same input string.
If you are migrating a database and want to retain the same hashes, just make sure you also use the same salt value. ENCRYPT() should give the same result with the same input string and salt value.
My table filed's value is "<script type="text/javascript"src="http://localhost:8080/db/widget/10217EN/F"></script>",
I want to analyse this string and fetch the id 10217,how to do use mysql regex?
I know python regex group function can return the id 10217,but i'm not familiar with mysql regex.
Please help me,Thank you very much.
MySQL regular expressions do not support subpattern extraction. You will probably have better luck iterating over all of the rows in your database and storing the results in a new column.
As far as I know, you can't use MySQL's REGEXP for substring retrieval; it is designed for use in WHERE clauses and is limited to returning 0 or 1 to indicate failure or success at a match.
Since your pattern is pretty well defined, you can probably retrieve the id with a query that uses SUBSTR and LOCATE. It will be a bit of a mess since SUBSTR wants the start index and the length of the substring (it would be easier if it took the end index). Perhaps you could use TRIM to chop off the unwanted trailing part.
This query get the Id from the field
SELECT substring_index(SUBSTRING_INDEX(testvar,'/',-3),'EN',1) from testtab;
where as testtab - is table name , testvar - is field name
inner substring get string starts with last 3 / which is
mysql> SELECT SUBSTRING_INDEX(testvar,'/',-3) from testtab;
+----------------------------+
| SUBSTRING_INDEX(testvar,'/',-3) |
+----------------------------+
| 10217EN/F"> |
| 10222EN/F"> |
+----------------------------+
2 rows in set (0.00 sec)
outer substring get
mysql> SELECT substring_index(SUBSTRING_INDEX(testvar,'/',-3),'EN',1) from testtab;
+----------------------------------------------------+
| substring_index(SUBSTRING_INDEX(testvar,'/',-3),'EN',1) |
+----------------------------------------------------+
| 10217 |
| 10222 |
+----------------------------------------------------+
2 rows in set (0.00 sec)