SQL UPDATE

Hello Friends welcome to this post and today I will be discussing about the SQL UPDATE query.

Well from the last post we know how the INSERT INTO statement works, ie, we can insert or add a record to a Table in specific columns . . . .

So lets assume we have a Table named Employee where last time we did an INSERT INTO and inserted some data to specific columns, and the columns where we haven't inserted by default the value becomes Null.

So UPDATE query helps us to update those values also with other values, we have to be very careful with the Update statement, I will show you why.

Lets see our Table First:

PID    Name        Designation
222    Whiskey       Admin
444    Onty            Admin
111    Gaurav         Admin
333    Kumaar       Admin
555    Rishabh       Admin
Null    Rose           Admin

Now our Manager comes and says Hey I have just demoted Whiskey from Admin to Moderator, and I also want the PID of Miss Rose to be 666. Update the Records . . .

So our Query would be:

UPDATE table_name
SET column1=value1, column2=value2 . . . .
WHERE condition

Ex:

UPDATE Employee
SET Designation="Moderator"
WHERE PID=222 AND Name="Whiskey"

With this our result-set would be:

PID    Name        Designation
222    Whiskey       Moderator
444    Onty            Admin
111    Gaurav         Admin
333    Kumaar       Admin
555    Rishabh       Admin
Null    Rose           Admin

And next,

UPDATE Employee
SET PID=666
WHERE Name="Rose" AND Designation="Admin"

and our result-set would be:

PID    Name        Designation
222    Whiskey       Moderator
444    Onty            Admin
111    Gaurav         Admin
333    Kumaar       Admin
555    Rishabh       Admin
666    Rose           Admin

Be careful with the UPDATE and Do Not forget to use the WHERE clause otherwise the Whole column would be update,

Ex:

UPDATE Employee
SET PID=666

With this, the whole Employee table have PID as 666.

Thats all for this post, hope this was informative and Do not forget to check my next post.

Thank You!

SQL INSERT INTO

Hello Friends, Welcome To this post, and today I will be discussing about the SQL INSERT INTO Query.

Well the name of the query suggests that it something related to inserting into records or data. Well if you thought so you were absolutely right.

Lets see it in action, SQL INSERT INTO query is used to add data or record to a Table.

Lets assume we have a Table named "Employee", where we have 3 columns name "PID", "Name" and "Designation".

PID    Name    Designation
222    Whiskey     Admin
444    Onty          Admin
111    Gaurav       Admin
333    Kumaar     Admin

Syntax of INSERT INTO:

INSERT INTO table_name
VALUES (val1, val2, . . . . .)

So for our Query:

INSERT INTO Employee
VALUES (555, "Rishabh" "Admin")

Our result-set would be:

PID    Name    Designation
222    Whiskey    Admin
444    Onty          Admin
111    Gaurav       Admin
333    Kumaar     Admin
555    Rishabh     Admin

There is another way by which we can insert records by specifying where we want to insert and insert

values respectively .

Syntax:

INSERT INTO table_name (column1, column2, . . . . .)
VALUES (val1, val2 . . . .)

Ex:

INSERT INTO Employee ("Name", "Designation")
VALUES ("Rose", "Admin")

And our result-set would be:

PID    Name    Designation
222    Whiskey    Admin
444    Onty          Admin
111    Gaurav       Admin
333    Kumaar     Admin
555    Rishabh     Admin
Null    Rose         Admin

You have have noticed the column names and values within quotes (""), this is because they are String type data, for numeric data we do not use quotes.

Thats all for this post, hope you enjoyed it and was informative.

Don't forget to check my next post.

Thank You!

SQL ORDER BY

Hello Friends, welcome to this post, where I will be discussing about the SQL ORDER BY Query.

Pretty Interesting, I have found many people trying to inject SQL query with ORDER BY, but when asked, what does it do, answers are like, "I Dont Know", "Ummm" its so Bad.

Anyways lets start our topic, the ORDER BY query is used to sort out the result set either in Ascending Order or Descending Order, from a specific column.

By default, its set to ascending order, lets check with an example here, lets say we have a Table named "Employee", where we have 3 columns name "PID", "Name" and "Designation".

PID    Name         Designation
222    Whiskey        Admin
444    Onty             Admin
111    Gaurav          Amin
333    Kumaar        Admin

So for our Query:

SELECT * FROM Employee
ORDER BY PID

Our result-set:

PID    Name        Designation
111    Gaurav        Admin
222    Whiskey     Admin
333    Kumaar      Admin
444    Onty          Admin

See here something?? the PID column got sorted in Ascending Order. Now For Descending Order, just need to add the key word, DESC

SELECT * FROM Employee
ORDER BY PID DESC

And Our result-set will be:

PID    Name         Designation
444    Onty            Admin
333    Kumaar       Admin
222    Whiskey      Admin
111    Gaurav        Admin

So I hope Now You Understand what is the work of ORDER BY statement.

Hope this was informative and don't forget to check my next Post.

Thank You!

SQL AND and OR

Hello everyone in this post, I will discussing the SQL AND and OR Operator that are used in conjunction with WHERE clause, to display a result set according to the condition.

Before I start let me explain the AND Operator, the AND Operator makes a value True, when both the inputs are True.

Example: 1 AND 1 = True,

And for the OR, if either of the input value is True, the result set will be True.

Example: 1 OR 0 = True, 1 OR 1 = True, 0 OR 1 = True, 0 OR 0 = False

Now that was just a basic Digital Circuit explanation of AND and OR Operator, its pretty much same in SQL.

Lets say we have a Table named Employee, and we have 3 columns for the table, first column named as FirstName, second column named as LastName, and the Third Column named as Designation.

and assume we have 4 records,

FirstName    LastName    Designation
 Daniel             Golmes       Associate
 Whiskey         Lullaby        Admin
 Beer               Lullaby        Admin
 Onty               Golmes       Admin


So lets assume we have these 4 records, for our table in respective columns.

Now for our SQL Query:

SELECT * FROM Employee
WHERE FirstName = "Whiskey" AND LastName = "Lullaby"

With this query, one record would be dumped, ie:

FirstName LastName Designation
 Whiskey       Lullaby     Admin

Why so? Its very easy to understand, because in the whole table, it found only one record, that satisfied our query.

Next lets see the use of OR Operator:

SELECT * FROM Employee
WHERE FirstName = "Whiskey" OR LastName = "Golmes"

With This Our Result set would be:

FirstName   LastName  Designation
 Whiskey          Lullaby      Admin
 Daniel             Golmes      Associate
 Onty               Golmes      Admin

And I wont explain this, I leave that to you to find it.

And We can even combine both AND and OR Operator:

SELECT * FROM Employee
WHERE LastName="Lullaby" AND FirstName=("Whiskey" OR "Beer")

Result-set:

FirstName    LastName    Designation
 Whiskey         Lullaby        Admin
 Beer               Lullaby        Admin

Thats all friends for this post, hope you enjoyed it, and Don't Forget to check my next Post.

Thank You!

SQL WHERE Operators

Hello Friends so now that we know what WHERE Clause does, which basically extracts records from columns, when certain conditions matches. And while applying conditions we use certain operators to match the conditions or to compare.

So In this post, I will speak about the various Operators that can be used with WHERE Clause:

Operator                Description

=                             Equals

<> / !=                     Not Equals

>                             Greater Than

<                             Less Than

>=                           Greater Than or Equals

<=                           Less Than or Equals

LIKE                       Looks For Some Matching Patterns

IN                            For Specifying Multiple possible values in a column

BETWEEN              Between some Range(This varies from Database)

Lets say we have a Table Named Employee, where we have a column named "Age", which holds info about ages of all Employees in a certain company.

So, for our Query:

SELECT * FROM Employee WHERE Age>18

Will display all the records whose age is greater than 18, same goes from the less than operator.

SELECT * FROM Employee WHERE Age>=18

Will display all the records whose age is greater than and equal to 18, for the previous query, we wont get records of employee whose age is 18, it will show the results above 18, but this will start from 18, same goes for less than equal operator

Lets Say, in the same Employee Table, we have another column named EmpName,

So our Query:

SELECT * FROM Employee WHERE EmpName LIKE 'a%'

So with this query it will show all the records of Employees, who names starts with a, so if our EmpName Column has 5 records and the names are Alfred, Diana, Aini, Ricky, Andrew.

It will display the the records of Alfred, Aini and Andrew.

IN and BETWEEN is not used much, because they are not consistent, gradually, I will show you the usage of IN and BETWEEN in relevant posts.

Thats all for now, hope you enjoyed the post. Don't forget to watch my next post.

Thank You!

SQL WHERE Clause

In this Post we will see another statement, as to how we can extract records based on a column information and value.

For this SQL WHERE Clause is used.

Lets have a look at our Table:

Our table has 4 records, lets try to extract the records for status that are active, Here all the records are active, just assume that there is another record here with your name and the status is inactive. so after assuming, we have 5 records, where 4 records are active and 1 inactive.

So to extract the Active Records, things to keep in mind, Table Name: C_Korner, and the column which has Active status is U_Status.

So syntax is:

SELECT column_name(s) FROM table_name
WHERE column_name operator value

And for our purpose, the query will be:

SELECT * FROM C_Korner
WHERE U_Status="Active"

With this Query, our result will display 4 records that are active, and the inactive record or maybe any other value in that U_Status will not be displayed.

Thats all in this post. Hope this was informative, and Don't forget to check my next post.

Thank You!

SQL Select

Hello Everyone, In This post I will discuss about the SQL SELECT statement, the very basic of SQL.

Well you can guess by the name SELECT that it has something to do with selecting. If you thought so, you were right, it is to select columns from a Table. So below we have the C_Korner Table.



General Syntax of the SELECT statement is:
SELECT column_name(s) FROM table_name, or
SELECT * FROM table_name

" * " means we are querying for all the columns of the table.

So for our table, if we issue
SELECT * FROM C_Korner, in our result-set we will have the entire table.

Whereas if we want to be specific, and want to look into the column of U_Name and U_Password, our Query will be:
SELECT U_Name, U_Password FROM C_Korner

So, with this only the U_Name and U_Password column will be in our result-set.

So I guess this post makes everything clear about the SELECT Statement, and how to extract a column or the entire columns from a Table.

Hope this was informative, Don't forget to check my next Post.

Thank You!

SQL Categories

Welcome to the next Post, lets now speak about the SQL Statement Categories.

SQL statements are categorized into Two Types:
a. DDL (Data Definition Language)
b. DML (Data Manipulation Language)

So, What is DDL?
All the creation and deletion statements of SQL to create Tables and to Delete them are categorized as DDL. DDL also tells us about the key values and specific links between Tables.

Some of the DDL statements can be CREATE DATABASE, ALTER DATABASE, CREATE TABLE, DROP TABLE, ALTER TABLE, etc

And, what is DML?
All the queries and update statements of SQL related to Tables are categorized to be DML.

Some of the DML Statements are, SELECT, DELETE, INSERT, etc

NOTE: I will be using Uppercase for all the SQL Statements, well this doesn't mean SQL statements has to be in Upper Case, Its the standard way of writing SQL Queries and Statements. And this also helps to differentiate the General text from the SQL Statements.

Well thats all for this post, Hope you have enjoyed it. Don't Forget to check my next post.

Thank You!

Statements Of SQL

Now that we know what a Database is, and what does it contain, lets not waste time and jump into the main topics that you should be aware of when the word SQL comes to your mind.

From here onwards I will refer to the below table, as an example and refer to SQL Statements.

Database Structure

So My sample Database has got Two Tables, named C_Korner and Sales, Sales is as of now empty, as of now we are more interested to play around with the C_Korner Table, where it has got:

1. Four Columns (A_ID, U_Name, U_Password, U_Status), and
2. Four Rows, means Four Records.

An Important Thing about SQL is that it is not case-sensitive like other Languages. The Language Structure is very friendly.

Now, There are many types of Database, which we will gradually come to know with our posts, here just to give you some examples will be, MySQL, MsSQL, PostgreSQL, etc etc.

We are now not focusing on the Database Server Types. To Be very very generic, we are just trying to be friendly with SQL.

With most other Languages, semi-colon is a necessity, and to terminate a statement like in Java or Php.

But with SQL, it depends on Database Server, some Database systems requires semi-colon at the end and some does not. Well semi-colons are sometimes used in some complex statements where we would combine several statements, and thus semi-colon will make the SQL server know, that the statements are separated and the SQL Engine would not be confused.

So Isn't it Interesting? Well Guess You are confident to dive into the world of SQL. Thats all for this post friends, and Don't Forget to check my next post.

Thank You!

SQL Introduction

So a lot about SQL, what exactly it is?

Its a Structured Query Language, It works on the basis of Query with a Database and accessing the contents, that helps to manipulate some desired output or display.


The previous answer leads to another question, What is a Database?

Database is a server or a place where data is stored. and data is any information related to any organization or business.


SQL helps us to extract the data from a Database. with SQL we can delete, add, append, sort, update, create, set permissions, insert and execute commands to a Database.


Now, how is a Databased Structured?

Well you cannot see the physical structure of a database, but logically, A Database consists of one or more Tables, and each table consists of one or more records.


Each Table in a Database is identified by a specific name, hence in a Database, no two tables can have the same name. And Records in a Table are made of rows and columns, each column is identified by a specific name, two different tables can have same column name, but in one table two columns cannot have same column name. Rows are where data resides, Thus making a full blown Table ready to be played with.


Hope this is informative, and yes I know some of you might be aware of this, but its for some noobs out there cribbing with SQL Tools and abusing web admins and speaking shit about security.


Thank You!

SQLi Hacking Introduction

Hello Everyone, This Blog Is All About the SQLi techniques that I learned and reasearched about.

I have found many script-kiddies using SQLi techniques pre-defined some where in the web, and call them selves a hacker, or by using some tools like Havij, Mole, DarkMySQli, etc. But By Using those tools or by learning the SQLi commands are they really a L33t?

I strongly Oppose to Script - Kiddies, and this Blog is not for them, who doesnt want to know the basics of SQL, and jump to SQLi, and harrase some web-admins out there, by abusing them and speaking about poor security. Before abusing them and speaking shit about security, ask yourself how much do you know about security.

Well, enough said for the Script-Kiddies, lets get into the real world, as how one can be an automated tool like any SQL Tool, Ofcourse the people who developed the tools are genious and has done a hell lot of research to test security or pen-testing.

Lets use the knowledge wisely, and lets learn and discuss to Protect..Remember, You might get awarded if you use the knowledge wisely, and if you break security with criminal purpose. You might be busted.

Well, Thats all for the Introduction of The Blog.

Thank You!