#查看数据库版本号 mysql> select @@version; +------------+ | @@version | +------------+ | 5.5.16-log | +------------+ 1 row in set (0.00 sec) mysql> select * from information_schema.schemata; # 保存了系统的全部的数据库名 ,关键的字段是schema_name # 2 rows in set (0.04 sec)表示仅仅有2个数据库 +--------------+--------------------+----------------------------+------------------------+----------+ | catalog_name | schema_name | default_character_set_name | default_collation_name | sql_path | +--------------+--------------------+----------------------------+------------------------+----------+ | def | information_schema | utf8 | utf8_general_ci | null | | def | test | gb2312 | gb2312_chinese_ci | null | +--------------+--------------------+----------------------------+------------------------+----------+ mysql> select * from information_schema.columns; # # 关键的字段是table_name & column_name 411 rows in set (0.05 sec) +---------------+--------------------+---------------------------------------+-------------------------------+------------------ | table_catalog | table_schema | table_name | column_name | ordinal_position | column_default | is_nullable | data_type | character_maximum_length | character_octet_length | numeric_precision | numeric_scale | character_set_name | collation_name | column_type | column_key | extra | privileges | column_comment |
+---------------+--------------------+---------------------------------------+-------------------------------+------------------
mysql> select * from information_schema.tables; # 包括全部的表名 。38 rows in set (0.09 sec) 表示有38张表 mysql> select count(*) from information_schema.tables; # count(*)返回一共同拥有多少行(就是多少条记录) +----------+ | count(*) | +----------+ | 38 | +----------+ 1 row in set (0.00 sec) #关键的字段是table_column & table_name +---------------+--------------------+---------------------------------------+-------------+--------+---------+------------+-- | table_catalog | table_schema | table_name | table_type | engine | version | row_format | table_rows | avg_row_length | data_length | max_data_length | index_length | data_free | auto_increment | create_time | update_time | check_time | table_collation | checksum | create_options | table_comment | +---------------+--------------------+---------------------------------------+-------------+--------+---------+------------+-- mysql> select * from information_schema.tables where table_schema="test"; # keyword是table_name和table_schema (数据库名) +---------------+--------------+------------+------------+--------+---------+------------+------------+----------------+----- | table_catalog | table_schema | table_name | table_type | engine | version | row_format | table_rows | avg_row_length | data_length | max_data_length | index_length | data_free | auto_increment | create_time | update_time | check_time | table_collation | checksum | create_options | table_comment | +---------------+--------------+------------+------------+--------+---------+------------+------------+----------------+----- | def | test | t_users | base table | innodb | 10 | compact | 0 | 0 | 16384 | 0 | 16384 | 9437184 | 1 | 2012-10 -06 12:21:23 | null | null | gb2312_chinese_ci | null | | | +---------------+--------------+------------+------------+--------+---------+------------+------------+----------------+----- 1 row in set (0.00 sec) mysql> select * from information_schema.columns where table_name="t_users"; # 关键是得到 column_name +---------------+--------------+------------+-------------+------------------+----------------+-------------+-----------+---- | table_catalog | table_schema | table_name | column_name | ordinal_position | column_default | is_nullable | data_type | character_maximum_length | character_octet_length | numeric_precision | numeric_scale | character_set_name | collation_name | column_type | column_key | extra | privileges | column_comment | +---------------+--------------+------------+-------------+------------------+----------------+-------------+-----------+---- | def | test | t_users | id | 1 | null | no | int | null | null | 10 | 0 | null | null | int(11) | pri | auto_increment | select,insert,update,references | | | def | test | t_users | name | 2 | null | no | text | 65535 | 65535 | null | null | gb2312 | gb2312_chinese_ci | text | | | select,insert,update,references | | | def | test | t_users | password | 3 | null | no | text | 65535 | 65535 | null | null | gb2312 | gb2312_chinese_ci | text | | | select,insert,update,references | | +---------------+--------------+------------+-------------+------------------+----------------+-------------+-----------+---- 3 rows in set (0.01 sec) mysql> select "id","password" from information_schema.columns where table_name="t_users"; # 注意当要查询的变量是常数的时候就是空查询。返回的一定就是你的查询常量,通常是在union的查询里确定 显示位置而用的 +----+----------+ | id | password | +----+----------+ | id | password | | id | password | | id | password | +----+----------+ 3 rows in set (0.02 sec) mysql> use test; #使用该数据库 database changed mysql> select * from test; error 1146 (42s02): table 'test.test' doesn't exist mysql> select * from t_users; empty set (0.00 sec) 这样就不须要再猜username与password啦 insert into `t_users`(`id`, `name`, `password`) values (001,'张三疯','123456'); #插入一条记录之后 mysql> select * from t_users; +----+--------+----------+ | id | name | password | +----+--------+----------+ | 1 | 张三疯 | 123456 | +----+--------+----------+ 1 row in set (0.00 sec) #假设没有权限加入,就仅仅有逐位猜值啦 mysql> select count(*) from t_users where len(password)=12; error 1305 (42000): function test.len does not exist mysql> # 二分查找法 #这里报错啦,该函数不存在。在mysql是length()在access里是len(); mysql> select count(*) from t_users where length(password)=12; error 1305 (42000): function test.len does not exist #首先确定了密码的长度 mysql> select password from t_users where length(password)<6; empty set (0.00 sec) mysql> select password from t_users where length(password)>6; empty set (0.00 sec) mysql> select password from t_users where length(password)=6; +----------+ | password | +----------+ | 123456 | +----------+ 1 row in set (0.00 sec) #再进行逐位猜值 select * from t_users where asc(left(password,1))>0; mysql> select password from t_users where left(password,1)<1; empty set (0.00 sec) mysql> select password from t_users where left(password,1)<2; +----------+ | password | +----------+ | 123456 | +----------+ #函数运行并成功返回,说明第一位的值就是1 #或者直接查询密码: mysql> select password from t_users where length('password')>0; +----------+ | password | +----------+ | 123456 | +----------+ 1 row in set (0.00 sec) mysql> select password from t_users where ascii(left(password,1))<2; empty set (0.00 sec) #在mysql里面什么函数都要写全啦,在acess里直接就是asc(); mysql> select password from t_users where ascii(left(password,1))=49; +----------+ | password | +----------+ | 123456 | #能够直接擦每一位的值。也能够查acs值。可是直接查值是快些 #这样直到猜完length(password)位为止 #可是中文的名字不好猜啊,1个字,2个字节 >>> int("张") traceback (most recent call last): file "<stdin>", line 1, in <module> valueerror: invalid literal for int() with base 10: '\xd6\xec' >>> >>> chr(66) 'b' >>> #事实上还是能够查的 mysql> select password from t_users where left(name,1)="张"; +----------+ | password | +----------+ | 123456 | +----------+ 1 row in set (0.00 sec) mysql> select password from t_users where left(name,2)="张"; empty set (0.00 sec) #记住left是返回的全部的左边的值哈 mysql> select password from t_users where left(name,2)="张三"; +----------+ | password | +----------+ | 123456 | +----------+ #mid(匹配的字段,从第几个開始,取几个);能够完毕逐位比較 mysql> select password from t_users where mid(name,2,1)="三"; +----------+ | password | +----------+ | 123456 | +----------+ 1 row in set (0.00 sec)