很多情况下使用工具对mssql注入并不完善,所以我们就需要手工注入,一下是本人收集的一些mssql的sql语句. 手工MSSQL注入常用SQL语句 and exists (select * from sysobjects) //判断是否是MSSQL and exists(select * from tableName) //判断某表是否存在..tableName为表名 and 1=(select @@VERSION) //MSSQL版本 And 1=(select db_name()) //当前…
--1查找系统用户基本信息 SELECT user_id, user_name, description, employeE_id, person_party_id FROM fnd_user; --3查找所有的interface表 SELECT * FROM dba_objects db WHERE db.object_type = 'TABLE' AND db.object_name LIKE '%INTERFACE%'; --4查找对应模块的interface表 SELECT * FROM…
1. 存储过程 CREATE PROCEDURE [dbo].[bbs_move_createtopic] @fid smallint, @iconid smallint, @curtid INT OUTPUT AS BEGIN INSERT INTO [topics] ...... SET @topicid=SCOPE_IDENTITY() END declare @curtid int , @curtid=@curr_topicid OUTPUT 2. 游标 DECLARE ), @id D…
1.开/关 外键约束 -- 关 SET FOREIGN_KEY_CHECKS = 0; -- 开 SET FOREIGN_KEY_CHECKS = 1; 2.查看表的容量大小 use information_schema; SELECT (`DATA_LENGTH`+ `INDEX_LENGTH`)/1024/1024/1024 as `table_data_size` from `TABLES` WHERE TABLE_NAME ='t_dragon_temperature_capture_f…
mysql copy表或表数据常用的语句整理汇总. 假如我们有以下这样一个表: id username password ----------------------------------- 1 admin ************* 2 sameer ************* 3 stewart ************* #SQL CREATE TABLE IF NOT EXISTS `admin` ( `id` int(6) unsigned NOT NULL auto_increme…
Mysql 常用 SQL 语句集锦 基础篇 //查询时间,友好提示 $sql = "select date_format(create_time, '%Y-%m-%d') as day from table_name"; //int 时间戳类型 $sql = "select from_unixtime(create_time, '%Y-%m-%d') as day from table_name"; //一个sql返回多个总数 $sql = "select…
