SQL基础知识(二)
2016-08-18 15:44
204 查看
三、基本语法
今天记录 SQL Select, Distinct, Where, And & Or, Order by, Insert Into, Update, Delete, Injection, Select Top 这十个关键字或者命令的用法和解释。
1、Select
The SELECT statement is used to select data from a database.
The result is stored in a result table, called the result-set.
SQL SELECT Syntax
and
2、Distinct
The SELECT DISTINCT statement is used to return only distinct (different) values.
SQL SELECT DISTINCT Syntax
3、Where
The WHERE clause is used to filter records.
SQL WHERE Syntax
Example
注意:
SQL中的文本需要用单引号括起来,有些数据库系统也允许双引号。
下图是w3schools上总结的WHERE语句中常用的操作符:
4、And & Or
The AND & OR operators are used to filter records based on more than one condition.
The AND operator displays a record if both the first condition AND the second condition are true.
The OR operator displays a record if either the first condition OR the second condition is true.
SQL AND & OR Example
5、Order By
The ORDER BY keyword is used to sort the result-set by one or more columns.
The ORDER BY keyword sorts the records in ascending order by default. To sort the records in a descending order, you can use the DESC keyword.
SQL ORDER BY Syntax
6、Insert Into
The INSERT INTO statement is used to insert new records in a table.
SQL INSERT INTO Syntax
注意:
当插入一条新纪录时,数据表中的ID会自动增长。
7、Update
The UPDATE statement is used to update existing records in a table.
SQL UPDATE Syntax
注意:
WHERE 语句指出了需要更新的记录,不写的话所有的记录都会被更新,后果非常严重!!!
8、Delete
The DELETE statement is used to delete rows in a table.
SQL DELETE Syntax
注意:
WHERE 语句指出了需要删除的记录,不写的话所有的记录都会被删掉,后果非常严重!!!
此外,删掉某些记录之后,其他记录的 ID 不变
以下方式可以删除表中所有记录,但是表格的结构、属性和ID都将保留:
or
9、Injection
SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.
SQL Injection“就是通过把SQL命令插入到Web表单递交或输入域名或页面请求的查询字符串,最终达到欺骗服务器执行恶意的SQL命令。 ”
例如:
服务器将获取用户输入的“UserId”,从数据库的Users这张表中查询并返回和输入相关的记录。
一般来说用户应该输入一个ID,例如”105”等正整数,但是如果用户输入“105; DROP TABLE Suppliers”,那么将会产生下面的SQL语句:
这个不只会返回”UserId=105”的查询结果,而且会删除数据库中的”Suppliers“表。后果很严重。
这里有一篇原理讲解的文章,很不错:
http://www.cnblogs.com/rush/archive/2011/12/31/2309203.html
避免SQL注入的方法之一是使用SQL parameters.
SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.
Example:
Note that parameters are represented in the SQL statement by a @ marker.
注意SQL语句中的参数放在了@符号之后。
10、Select Top
The SELECT TOP clause is used to specify the number of records to return.
The SELECT TOP clause can be very useful on large tables with thousands of records. Returning a large number of records can impact on performance.
Select Top 返回指定数目的记录,对数据量比较大的表来说非常有用,但需要注意的是,不是所有的数据库系统都支持 SELECT TOP 语句。
SQL Server / MS Access Syntax
MySQL Syntax
Oracle Syntax
Example:
or
今天记录 SQL Select, Distinct, Where, And & Or, Order by, Insert Into, Update, Delete, Injection, Select Top 这十个关键字或者命令的用法和解释。
1、Select
The SELECT statement is used to select data from a database.
The result is stored in a result table, called the result-set.
SQL SELECT Syntax
SELECT column_name, column_name FROM table_name;
and
SELECT * FROM table_name;
2、Distinct
The SELECT DISTINCT statement is used to return only distinct (different) values.
SQL SELECT DISTINCT Syntax
SELECT DISTINCT column_name, column_name FROM table_name;
3、Where
The WHERE clause is used to filter records.
SQL WHERE Syntax
SELECT column_name, column_name FROM table_name WHERE column_name operator value;
Example
SELECT * FROM Customers WHERE Country='Mexico';
SELECT * FROM Customers WHERE CustomerID=1;
注意:
SQL中的文本需要用单引号括起来,有些数据库系统也允许双引号。
下图是w3schools上总结的WHERE语句中常用的操作符:
4、And & Or
The AND & OR operators are used to filter records based on more than one condition.
The AND operator displays a record if both the first condition AND the second condition are true.
The OR operator displays a record if either the first condition OR the second condition is true.
SQL AND & OR Example
SELECT * FROM Customers WHERE Country='Germany' AND City='Berlin';
SELECT * FROM Customers WHERE City='Berlin' OR City='Munchen';
SELECT * FROM Customers WHERE Country='Germany' AND (City='Berlin' OR City='Munchen');
5、Order By
The ORDER BY keyword is used to sort the result-set by one or more columns.
The ORDER BY keyword sorts the records in ascending order by default. To sort the records in a descending order, you can use the DESC keyword.
SQL ORDER BY Syntax
SELECT column_name, column_name FROM table_name ORDER BY column_name ASC|DESC, column_name ASC|DESC;
6、Insert Into
The INSERT INTO statement is used to insert new records in a table.
SQL INSERT INTO Syntax
INSERT INTO table_name VALUES (value1, value2, value3, ...);
INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3, ...);
注意:
当插入一条新纪录时,数据表中的ID会自动增长。
7、Update
The UPDATE statement is used to update existing records in a table.
SQL UPDATE Syntax
UPDATE table_name SET column1=value1, column2=value2, ... WHERE some_column=some_value;
注意:
WHERE 语句指出了需要更新的记录,不写的话所有的记录都会被更新,后果非常严重!!!
8、Delete
The DELETE statement is used to delete rows in a table.
SQL DELETE Syntax
DELETE FROM table_name WHERE some_column=some_value;
注意:
WHERE 语句指出了需要删除的记录,不写的话所有的记录都会被删掉,后果非常严重!!!
此外,删掉某些记录之后,其他记录的 ID 不变
以下方式可以删除表中所有记录,但是表格的结构、属性和ID都将保留:
DELETE FROM table_name;
or
DELETE * FROM table_name;
9、Injection
SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.
SQL Injection“就是通过把SQL命令插入到Web表单递交或输入域名或页面请求的查询字符串,最终达到欺骗服务器执行恶意的SQL命令。 ”
例如:
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
服务器将获取用户输入的“UserId”,从数据库的Users这张表中查询并返回和输入相关的记录。
一般来说用户应该输入一个ID,例如”105”等正整数,但是如果用户输入“105; DROP TABLE Suppliers”,那么将会产生下面的SQL语句:
SELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers
这个不只会返回”UserId=105”的查询结果,而且会删除数据库中的”Suppliers“表。后果很严重。
这里有一篇原理讲解的文章,很不错:
http://www.cnblogs.com/rush/archive/2011/12/31/2309203.html
避免SQL注入的方法之一是使用SQL parameters.
SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.
Example:
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; db.Execute(txtSQL,txtNam,txtAdd,txtCit);
Note that parameters are represented in the SQL statement by a @ marker.
注意SQL语句中的参数放在了@符号之后。
10、Select Top
The SELECT TOP clause is used to specify the number of records to return.
The SELECT TOP clause can be very useful on large tables with thousands of records. Returning a large number of records can impact on performance.
Select Top 返回指定数目的记录,对数据量比较大的表来说非常有用,但需要注意的是,不是所有的数据库系统都支持 SELECT TOP 语句。
SQL Server / MS Access Syntax
SELECT TOP number|percent column_name(s) FROM table_name;
MySQL Syntax
SELECT column_name(s) FROM table_name LIMIT number;
Oracle Syntax
SELECT column_name(s) FROM table_name WHERE ROWNUM <= number;
Example:
SELECT TOP 2 * FROM table_name;
or
SELECT TOP 50 PERCENT column_name(s) FROM table_name;
相关文章推荐
- SQL基础知识1
- 【SQLServer】T-SQL查询学习总结(2)[基础知识]
- [SQL]-MySql基础知识整理
- [SQL] SQL 基础知识梳理(一)- 数据库与 SQL
- 联接基础知识---SQL中
- oracle基础之sql基础知识
- sql基础知识收集
- 教学思路SQL之入门习题《学生成绩》 七.存储过程基础知识
- ORACLE sql基础知识复习
- SQL_DML语句基础知识(一)
- SQL基础知识
- [SQL] SQL 基础知识梳理(三) - 聚合和排序
- sql 基础知识要点(一)必会!
- PL/SQL - 基础知识(1)
- Oracle SQL 基础知识
- SQL基础知识大全
- 教学思路SQL之入门习题《学生成绩》 七.存储过程基础知识
- sql 基础知识要点(二)必会!
- SQL注入基础知识
- SQL基础知识--多行查询结果拼接