Injection Attacks: The Complete 2020 Guide

What is SQL?

  • SQL is a language designed for communicating with databases that store data
     
  • It allows us to read, write, and edit our data, and it also allows us to configure or manage the database engine

What is SQL?


const http = new XMLHttpRequest()

http.open("GET", "https://url.co/v1/products/346")
http.send()

http.onload = () => console.log(http.responseText)

Database engines have tables that provide access to the database's metadata

Different engines use different names:

Engine Table name
SQLite sqlite_master
MySQL information_schema
PostgreSQL information_schema
Oracle dba_tables

The sqlite_master table looks like this:

Column Name Description
type The type of database object such as table, index, trigger, or view
name Name of the database object
tbl_name The table name that the database object is associated with
rootpage The root page
sql SQL used to create the database object


SELECT name FROM sqlite_master
WHERE type='table'
ORDER BY name;


To get a complete list of all tables in a database powered by SQLite:



select table_name
from information_schema.tables
where table_type = 'BASE TABLE' and table_schema = database();


To get a complete list of all tables in a database powered by MySQL:



SELECT * FROM information_schema.tables;


To get a complete list of all tables in a database powered by PostgreSQL:



SELECT table_name FROM dba_tables;


To get a complete list of all tables in a database powered by Oracle:

SQL explained

By Christophe Limpalair

SQL explained

  • 665