mysql. 小括号绕过

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了mysql. 小括号绕过相关的知识,希望对你有一定的参考价值。

参考技术A 注入错误原因。
SQL注入时,空格的使用是非常普遍的。比如,我们使用union来取得目标数据。
空格被过滤,但括号没有被过滤,可通过括号绕过,我的经验是,在mysql中,括号是用来包围子查询的。因此,任何可以计算出结果的语句,都可以用括号包围起来。

Mysql 练习 总结

 

insert into Course values (\'9-888\',\'高等数学\',\'831\');
#---------------Teacher--添加信息----
insert into Teacher values (\'804\',\'李成\',\'\',\'1958-09-01\',\'副教授\',\'计算机系\');
insert into Teacher values (\'856\',\'张旭\',\'\',\'1969-09-01\',\'讲师\',\'电子工程系\');
insert into Teacher values (\'825\',\'王萍\',\'\',\'1972-09-01\',\'助教\',\'计算机系\');
insert into Teacher values (\'831\',\'刘冰\',\'\',\'1977-09-01\',\'助教\',\'电子工程系\');
#--------------Score -- 添加信息--


insert into Score values (\'\',\'103\',\'3-245\',\'86\');

insert into Score values (\'\',\'105\',\'3-245\',\'75\');

insert into Score values (\'\',\'109\',\'3-245\',\'68\');

insert into Score values (\'\',\'103\',\'3-105\',\'92\');

insert into Score values (\'\',\'105\',\'3-105\',\'88\');
insert into Score values (\'\',\'109\',\'3-105\',\'76\');

insert into Score values (\'\',\'101\',\'3-105\',\'64\');


insert into Score values (\'\',\'107\',\'3-105\',\'91\');

insert into Score values (\'\',\'108\',\'3-105\',\'78\');




insert into Score values (\'\',\'101\',\'6-166\',\'85\');


insert into Score values (\'\',\'107\',\'6-166\',\'79\');

insert into Score values (\'\',\'108\',\'6-166\',\'81\');
练习题表
1、 查询Student表中的所有记录的Sname、Ssex和Class列。
2、 查询教师所有的单位即不重复的Depart列。
3、 查询Student表的所有记录。
4、 查询Score表中成绩在60到80之间的所有记录。
5、 查询Score表中成绩为85,86或88的记录。
6、 查询Student表中“95031”班或性别为“女”的同学记录。
7、 以Class降序查询Student表的所有记录。
8、 以Cno升序、Degree降序查询Score表的所有记录。
9、 查询“95031”班的学生人数。
10、 查询Score表中的最高分的学生学号和课程号。(子查询或者排序)
11、 查询每门课的平均成绩。
12、查询Score表中至少有5名学生选修的并以3开头的课程的平均分数。
13、查询分数大于70,小于90的Sno列。
14、查询所有学生的Sname、Cno和Degree列。
15、查询所有学生的Sno、Cname和Degree列。
16、查询所有学生的Sname、Cname和Degree列。
17、 查询“95033”班学生的平均分。
18、 假设使用如下命令建立了一个grade表:
create table grade(low  int(3),upp  int(3),rank  char(1))
insert into grade values(90,100,’A’)
insert into grade values(80,89,’B’)
insert into grade values(70,79,’C’)
insert into grade values(60,69,’D’)
insert into grade values(0,59,’E’)
现查询所有同学的Sno、Cno和rank列。
19、  查询选修“3-105”课程的成绩高于“109”号同学成绩的所有同学的记录。
20、查询score中选学多门课程的同学中分数为非最高分成绩的记录。
21、 查询成绩高于学号为“109”、课程号为“3-105”的成绩的所有记录。
22、查询和学号为108的同学同年出生的所有学生的Sno、Sname和Sbirthday列。
23、查询“张旭“教师任课的学生成绩。
24、查询选修某课程的同学人数多于5人的教师姓名。
25、查询95033班和95031班全体学生的记录。
26、  查询存在有85分以上成绩的课程Cno.
27、查询出“计算机系“教师所教课程的成绩表。
28、查询“计算 机系”与“电子工程系“不同职称的教师的Tname和Prof。
29、查询选修编号为“3-105“课程且成绩至少高于选修编号为“3-245”的同学的Cno、Sno和Degree,并按Degree从高到低次序排序。
30、查询选修编号为“3-105”且成绩高于选修编号为“3-245”课程的同学的Cno、Sno和Degree.
31、 查询所有教师和同学的name、sex和birthday.
32、查询所有“女”教师和“女”同学的name、sex和birthday.
33、 查询成绩比该课程平均成绩低的同学的成绩表。
34、 查询所有任课教师的Tname和Depart.
35 、 查询所有未讲课的教师的Tname和Depart. 
36、查询至少有2名男生的班号。
37、查询Student表中不姓“王”的同学记录。
38、查询Student表中每个学生的姓名和年龄。
39、查询Student表中最大和最小的Sbirthday日期值。
40、以班号和年龄从大到小的顺序查询Student表中的全部记录。
41、查询“男”教师及其所上的课程。
42、查询最高分同学的Sno、Cno和Degree列。
43、查询和“李军”同性别的所有同学的Sname.
44、查询和“李军”同性别并同班的同学Sname.
45、查询所有选修“计算机导论”课程的“男”同学的成绩表。
查询题目
26.select distinct cno from score where degree>85
27.select * from score where cno in(select cno from course where tno in(select tno from teacher where depart=\'计算机系\'))

28.select tname,prof from teacher where depart=\'计算机系\' and prof not in(select prof from teacher where depart=\'电子工程系\' )union
select tname,prof from teacher where depart=\'电子工程系\' and prof not in(select prof from teacher where depart=\'计算机系\')

29.select * from score where cno=\'3-105\' and degree>any(select degree from score where cno=\'3-245\')

30.select * from score where cno=\'3-105\' and degree>all(select degree from score where cno=\'3-245\')

31.select sname,ssex,sbirthday from student
union
select tname,tsex,tbirthday from teacher

32.select sname,ssex,sbirthday from student where ssex=\'\'
union
select tname,tsex,tbirthday from teacher where tsex=\'\'

33.select * from score a where degree<(select avg(degree) from score b where b.cno=a.cno )

34.select tname,depart from teacher where tno in(select tno from course )

35.select tname,depart from teacher where cno in(select tno from course where cno not in(select distinct cno from score))

36.select class from student where ssex=\'\' group by class having count(*)>1

37.select * from student where sname not like \'王%\'

38.select sname,year(now())-year(sbirthday) from student

39.select max(sbirthday),min(sbirthday) from student

40.select * from student order by class desc,sbirthday

41.select tname,cname from course,teacher where course.tno=teacher.tno and teacher.tsex=\'\'

42.select * from score where degree=(select max(degree) from score)

select * from score order by degree desc limit 0,1

43.select sname from student where ssex=(select ssex from student where sname=\'李军\')

44.select sname from student where ssex=(select ssex from student where sname=\'李军\') and class=(select class from student where sname=\'李军\')

45.select * from score where cno=(select cno from course where cname=\'计算机导论\') and sno in(select sno from student where ssex=\'\')
查询 练习 26-45答案
1.select sname,ssex,class from student
2.select distinct depart from teacher
3.select * from student
4.select * from score where degree between 60 and 80
5.select * from score where degree in (85,86,88)
6.select * from student where class=\'95031\' or ssex=\'\'
7.select * from student order by class desc
8.select * from score order by cno,degree desc
9.select count(*) from student where class=\'95031\'
10.select sno,cno from score order by degree desc limit 0,1
select sno,cno from score where degree = (select max(degree) from score)
11.select avg(degree),cno from score group by cno
12.select  avg(degree) from score where cno in(select cno from score group by cno having count(*)>4  ) and cno like \'3%\'

select avg(degree) from score where cno like \'3%\' group by cno having count(*)>4

13.select sno from score where degree>70 and degree<90

14.select sname,cno,degree from student,score where student.sno = score.sno

15.select sno,cname,degree from course,score where course.cno = score.cno

16.select sname,cname,degree from student,course,score where student.sno=score.sno and course.cno = score.cno

select sname.cname.degree from student join score on student.sno=score.sno join course on course.cno=score.cno

17.select avg(degree) from score where sno in(select sno from student where class=\'95033\' )

18.select sno,cno,rank from score,grade where degree between low and upp

19.select * from score where cno=\'3-105\' and degree>(select max(degree) from score where sno=\'109\')

select * from score where cno=\'3-105\' and degree>(select max(degree) from score where sno=\'109\' and cno=\'3-105\')

20.select * from score where sno in(select sno from score group by sno having count(*)>1) and degree<(select max(degree) from score  where sno in(select sno from score group by sno having count(*)>1))

select * from score a where sno in(select sno from score group by sno having count(*)>1) and degree<(select max(degree) from score  b where b.cno = a.cno )

21.select * from score where degree>(select degree from score where sno=\'109\' and cno=\'3-105\')

22.select * from student year(sbirthday) = (select year(sbirthday) from student where sno=\'108\')

23.select * from score where cno in(select cno from course where tno = (select tno from teacher where tname=\'张旭\'))

24.select tname from teacher where tno=(select tno from course where cno = (select cno from score group by cno having count(*)>5))

25.select * from student where class in(\'95033\',\'95031\')
答案 1-25

 

一. 总结

首先回顾: 连接查询(几张表连在一起  组成一个大表 在进行查询 ---易忘) 子查询   联合查询    详见  基础篇

建表顺序:首先  建主表  再建从表   填写内容也一样  先填写主表 在填写 从表

 

 

小括号:

1. 小括号 可以表示   独立运算的部分  

2.带小括号的是方法  ()  比如  count();  where  寻找指定行: 

 

#---查询95033班和95031班全体学生的记录。

select * from  Student ,Course, Score where Student.Sno=Score.Sno and 

Course.Cno=Score.Cno and ( class=\'95033\'or class=\'95031\')

关键词 :  

 逗号   很重要;   所有语句  几乎都可以嵌套使用

 select.. from   where   group by    having  ;   order by         union

distanct    ; or    ;in  ;   and   ;  not       between      <>   any  all      (not is)

 

 

between      <> [查看基础篇 这里不做赘述]

1.not  :  not in   和 not like

in (not in) 【重要】

  

#-----查询选修某课程的同学人数多于5人的教师姓名。如果括号内的Cno 输出值 不止一个 所以 必须   用 in 不能用=
select Tname from  Teacher  where  Tno=( select Tno from Course  where  Cno in (select Cno from Score  
group by Cno having count(*)>=5) )

  

not like

 #- 查询Student表中不姓“王”的同学记录。 select * from Student where Sname not like\'王%\' 

2. group by  和  where  , count(*)连用的时候 注意  [带小括号的表示方法}

首先定义:聚集函数:一种函数,它对一组行中的某个列执行计算,并返回单个值。


1.where 和 having
简单的讲,where的条件是字段;而having 的条件可以是字段,也可以是聚集函数;
重要的是,where是筛选源数据,having多与group by 一起使用,并且条件常常是聚集函数;当有group by 时,having在group  by 条件的后面,而where 在group by的前面。
聚集函数:sum,count,avg ...等等;


2.count和sum
count 是‘累计’;  sum是‘累加’;
还是上面的表a_info中;
查询每个年级中分数大于60的有多少人以及他们的平均分,总分是多少:


    3.sql语句的执行顺序:
(1from    选取数据源;
(2where  筛选数据源;
(3)  group  by 将筛选的数据源分组;
(4)使用聚集函数计算;
(5)having 筛选分组的数据;
(6)计算表达式;
(7)order by 排序;
group where count(*)同时使用讲解
#----查询至少有2名男生的班号。

select class from Student  where Ssex=\'\' group by class having count(*)>=2

3.distanct: 使用方法 见  基础部分  不做赘述

4.获取时间 年月日 详见 下一篇  博客   以下简略 

获取的 为整数 可以进行大小比较:

获取年  year(时间所在列名)----列名不加引号

获取 当前时间  date(now())

获取 天        date(时间所在的列)

#----查询Student表中每个学生的姓名和年龄。
select Sname,year(now())-year(Sbrithday ) from Student

#---查询Student表中最大和最小的Sbirthday日期值。

select Sname, max(date(sbrithday)) from Student
union

select Sname, min(date(sbrithday)) from Student



#---以班号和年龄从大到小的顺序查询Student表中的全部记录。
select * from Student order by class,year(Sbrithday);
 

 5.join on 链接三张表 

#------------  查询所有学生的Sname、Cname和Degree列。------------------------------

select sname,cname,degree from student,course,score where student.sno=score.sno and course.cno = score.cno{正常做法}

select sname,cname,degree from student join score on student.sno=score.sno join course on course.cno=score.cno{join  on}

  6. mysql 中常用的关键字

ADD    ALL    ALTER    
ANALYZE    AND    AS    
ASC    ASENSITIVE    BEFORE    
BETWEEN    BIGINT    BINARY    
BLOB    BOTH    BY    
CALL    CASCADE    CASE    
CHANGE    CHAR    CHARACTER    
CHECK    COLLATE    COLUMN    
CONDITION    CONNECTION    CONSTRAINT    
CONTINUE    CONVERT    CREATE    
CROSS    CURRENT_DATE    CURRENT_TIME    
CURRENT_TIMESTAMP    CURRENT_USER    CURSOR    
DATABASE    DATABASES    DAY_HOUR    
DAY_MICROSECOND    DAY_MINUTE    DAY_SECOND    
DEC    DECIMAL    DECLARE    
DEFAULT    DELAYED    DELETE    
DESC    DESCRIBE    DETERMINISTIC    
DISTINCT    DISTINCTROW    DIV    
DOUBLE    DROP    DUAL    
EACH    ELSE    ELSEIF    
ENCLOSED    ESCAPED    EXISTS    
EXIT    EXPLAIN    FALSE    
FETCH    FLOAT    FLOAT4    
FLOAT8    FOR    FORCE    
FOREIGN    FROM    FULLTEXT    
GOTO    GRANT    GROUP    
HAVING    HIGH_PRIORITY    HOUR_MICROSECOND    
HOUR_MINUTE    HOUR_SECOND    IF    
IGNORE    IN    INDEX    
INFILE    INNER    INOUT    
INSENSITIVE    INSERT    INT    
INT1    INT2    INT3    
INT4    INT8    INTEGER    
INTERVAL    INTO    IS    
ITERATE    JOIN    KEY    
KEYS    KILL    LABEL    
LEADING    LEAVE    LEFT    
LIKE    LIMIT    LINEAR    
LINES    LOAD    LOCALTIME    
LOCALTIMESTAMP    LOCK    LONG    
LONGBLOB    LONGTEXT    LOOP    
LOW_PRIORITY    MATCH    MEDIUMBLOB    
MEDIUMINT    MEDIUMTEXT    MIDDLEINT    
MINUTE_MICROSECOND    MINUTE_SECOND    MOD    
MODIFIES    NATURAL    NOT    
NO_WRITE_TO_BINLOG    NULL    NUMERIC    
ON    OPTIMIZE    OPTION    
OPTIONALLY    OR    ORDER    
OUT    OUTER    OUTFILE    
PRECISION    PRIMARY    PROCEDURE    
PURGE    RAID0    RANGE    
READ    READS    REAL    
REFERENCES    REGEXP    RELEASE    
RENAME    REPEAT    REPLACE    
REQUIRE    RESTRICT    RETURN    
REVOKE    RIGHT    RLIKE    
SCHEMA    SCHEMAS    SECOND_MICROSECOND    
SELECT    SENSITIVE    SEPARATOR    
SET    SHOW    SMALLINT    
SPATIAL    SPECIFIC    SQL    
SQLEXCEPTION    SQLSTATE    SQLWARNING    
SQL_BIG_RESULT    SQL_CALC_FOUND_ROWS    SQL_SMALL_RESULT    
SSL    STARTING    STRAIGHT_JOIN    
TABLE    TERMINATED    THEN    
TINYBLOB    TINYINT    TINYTEXT    
TO    TRAILING    TRIGGER    
TRUE    UNDO    UNION    
UNIQUE    UNLOCK    UNSIGNED    
UPDATE    USAGE    USE    
USING    UTC_DATE    UTC_TIME    
UTC_TIMESTAMP    VALUES    VARBINARY    
VARCHAR    VARCHARACTER    VARYING    
WHEN    WHERE    WHILE    
WITH    WRITE    X509    
XOR    YEAR_MONTH    ZEROFILL
mysql 关键字

 常用函数:

 

    

 

以上是关于mysql. 小括号绕过的主要内容,如果未能解决你的问题,请参考以下文章

在mysql子查询的小括号包裹可以省略吗?

MySQL数据类型及后面小括号的意义

SSTI模板注入-中括号args单双引号被过滤绕过(ctfshow web入门365)

SQL注入绕过技巧

Python和MATLAB的小括号( )、中括号[ ]和大括号

scala map 后加小括号和大括号的区别