Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "SQL injection/Target Environments/Mapping/MS SQL"

From NetSec
Jump to: navigation, search
 
Line 1: Line 1:
<noinclude>{{subpage|SQL injection}}</noinclude>
+
<noinclude>:<font size="-2">[[SQL injection]] > [[SQL injection/Target Environments|Target Environments]] > [[SQL injection/Target Environments/Mapping|Mapping]] > MS SQL</font></noinclude>
  
 
An important note is that MS SQL is different when it comes to ordered single-cell selection.
 
An important note is that MS SQL is different when it comes to ordered single-cell selection.
Line 11: Line 11:
  
 
{{code|text=<source lang="sql">select column_name from information_schema.columns where table_catalog=[database_name] and table_name=[table_query] group by column_name order by column_name asc</source>}}
 
{{code|text=<source lang="sql">select column_name from information_schema.columns where table_catalog=[database_name] and table_name=[table_query] group by column_name order by column_name asc</source>}}
 +
 +
 +
 +
<noinclude><div style="padding-top:5px; padding-bottom:5px; border-top:1px solid; border-bottom:1px solid; display:inline-block;">'''Currently viewing''' [[SQL injection]] > [[SQL injection/Target Environments|Target Environments]] > [[SQL injection/Target Environments/Mapping|Mapping]] > MS SQL</div></noinclude>

Latest revision as of 02:13, 19 July 2012

SQL injection > Target Environments > Mapping > MS SQL

An important note is that MS SQL is different when it comes to ordered single-cell selection.

Notice: We don't currently have a method of listing all of the database names in MS SQL. If you have a copy that one of the developers can use for testing to improve this article, please don't hesitate to let us know in IRC.
  • Listing Tables:
SELECT TABLE_NAME FROM information_schema.columns WHERE table_catalog=[database_name] GROUP BY TABLE_NAME ORDER BY TABLE_NAME ASC;
  • Listing Columns:
SELECT column_name FROM information_schema.columns WHERE table_catalog=[database_name] AND TABLE_NAME=[table_query] GROUP BY column_name ORDER BY column_name ASC


Currently viewing SQL injection > Target Environments > Mapping > MS SQL