all SQL’s

in SQL, first, select, then update or delete

May 9, 2012

updated 2017-02-14 My notes and sample code from experimenting and cleaning-up data. Always run a select statement before running an update or delete. Note: The phpMyAdmin tool, which is very valuable, adds "limit 0,30″ to the end of most SELECT statements so don’t be tricked into thinking you have been shown all the selected records. You can change it by setting the config variable...

Read more »


June 22, 2010

WHERE filters results before they are grouped. HAVING filters results after they are grouped. correct: count players by team: SELECT COUNT(*) count, plheight_ft FROM ALplayers WHERE plheight_ft = 6 GROUP BY plheight_ft ORDER BY count error: SELECT COUNT(*) count, plheight_ft FROM ALplayers WHERE count = 6 // 1 ORDER BY ckname ( — o.k. — I saw 7 dups.(2 each) ) now, to see...

Read more »

SQL db Injection, Cross-Scripting, RFI, and LFI

March 27, 2010

It is possible for a hacker to enter the following seemingly innocuous text into the UserName textbox to gain entry to the system without having to know a valid user name and password: ‘ Or 1=1 — The hacker breaks into the system by injecting malformed SQL into the query. This particular hack works because the executed query is formed by the concatenation of...

Read more »