SQL Injection

Introduction

SQL injection is an attempt to access a website’s database tables by injecting SQL into a form field. If a web server does not protect against SQL injection attacks, a hacker can trick the database into running the additional SQL code. By executing their own SQL code, hackers can upgrade their account access, view someone else’s private information, or make any other modifications to the database.

Found a mistake? Have a question or improvement idea? Let me know.

SQL Injection:

*SQL Injection

*SQL injection sample

*simple injection sample

Table Of Contents

0Getting started with SQL

3Example Databases and Tables

7UNION, UNION ALL

14Filter results using WHERE and HAVING

15Window Fnctions

16Common Table Expressions

18LIKE operator

19Functions Aggregate

21String Functions

23AND OR operators

28Finding Duplicates on a Column Subset with Detail

32Execution blocks

33Stored Procedures

37CREATE FUNCTION

38SQL Group by vs. Distinct

40CROSS APPLY and OUTER APPLY

42CREATE database

43SKIP TAKE pagination

44EXPLAIN and DESCRIBE

45Information Schema

48SQL Injection

49Cascading Delete

50Order of Execution

51DROP or DELETE database

55GRANT and REVOKE

56Functions ScalarSingle Row

57Relational Algebra

58EXISTS CLAUSE

59Materialized Views

60Functions Analytic

63Clean Code in SQL