Abstract
This chapter provides an introduction to the basic Structured Query Language (SQL). It also provides a series of SQL injection cheat sheets for quickly jumping to the material. SQL queries are made up of one or more SQL statements that are effectively instructions for the database server to carry out. The most common SQL statements one encounters are when working with a database or performing SQL injections are SELECT, INSERT, UPDATE, CREATE, UNION SELECT, and DELETE. SQL queries that are designed to read, delete, or update table data often include a conditional clause to target specific rows in a table. A conditional clause begins with WHERE followed by the condition. The OR and operators are used when multiple conditions are to be evaluated. In addition, there is a brief discussion on SQL injection; a common task when exploiting an SQL injection flaw is to identify the back-end database platform. The most commonly encountered database platforms are Microsoft SQL Server, Oracle, and MySQL. The Oracle Database Server includes the utl_http package that one uses to establish outbound HTTP connections from the database server host. It is possible to abuse this package to extract database data via HTTP connections to any TCP port.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
