Introduction
SQL stands for Structured Query Language is a declarative programming language that is domain-specific and used to design and manage data models and organize data in relational databases. SQL was proposed by Donald Chamberlin and Raymond Boyce in 1974. It is based on static typing, and strong discipline language supports cross-platform operating systems.
SQL is the most common database language used everywhere. The SQL command cheat sheet is generally used to perform different operations from basic to complex based on data requirements. Further, it is used to generate reports to import or export respectively from databases. If you use SQL, you must be aware of SQL cheat sheets.
If you don’t know what an SQL cheat sheet is, don’t worry, this is what we are going to talk about.
What is SQL Cheat Sheet?
If you’re new to SQL environment commands or learning it, and need a reminder of some parts of this powerful tool at your disposal for manipulating the database, then our SQL commands cheat sheet is exactly what you need.
The SQL cheat sheet is a document that provides you with the most commonly used SQL statements, and basic clauses and shows you how to write different conditions. SQL Cheat Sheet includes the most commonly required keywords, data types, operators, functions, indexes, keys, and lots more that you might need while using SQL
In this guide on SQL server cheat sheets, you’ll find a useful cheat sheet for both beginner and experienced levels. And make you more proficient and confident with a great understanding of the SQL language.
SQL Cheat Sheet- The Commands
The SQL command cheat sheet can be divided into different categories like Data Definition Language, Data control commands, data manipulation language, etc. Here is the SQL cheat sheet to help you in performing different operations based on different situations.
SQL Commands Cheat Sheet: Data Manipulation Language
| Query | Description |
| CREATE TABLE column names, and data type constraints; | This command creates a new table with new columns and data type constraints. |
| ALTER TABLE ; | This command adds a new column to the table. |
| DROP TABLE ; | This command deletes the entire table from the database. |
| INSERT INTO values, columns; | It is used to add data or records to the table. |
| UPDATE TABLE set c1=updated-value | It is used to update the cell value in a table based on the column name. |
| UPDATE TABLE set c1=updated-value, c2= updated-value WHERE condition | It is used to update multiple cell values in a table based on column names and the specific condition. |
| DELETE FROM ; | This command deletes the entire data from the table, not the table structure. |
| DELETE FROM WHERE condition; | This command deletes the selected data from the table based on the specified condition. |
SQL Commands Cheat Sheet: Data Definition Commands
| Query | Description |
| CREATE TABLE column names, and data type constraints; | This command creates a new table with new columns and data type constraints. |
| ALTER TABLE ; | This command adds a new column to the table. |
| DROP TABLE ; | This command deletes the entire table from the database. |
| INSERT INTO values, columns; | It is used to add data or records to the table. |
| UPDATE TABLE set c1=updated-value | It is used to update the cell value in a table based on the column name. |
| UPDATE TABLE set c1=updated-value, c2= updated-value WHERE condition | It is used to update multiple cell values in a table based on column names and the specific condition. |
| DELETE FROM ; | This command deletes the entire data from the table, not the table structure. |
| DELETE FROM WHERE condition; | This command deletes the selected data from the table based on the specified condition. |
SQL Commands Cheat Sheet: Data Control Commands
| Query | Description |
| GRANT ON TO [GRANT OPTION] | This command is used to grant access to a particular user based on access and grant options. |
| REVOKE ON FROM | This command is used to revoke access to the particular user from the specified object. |
Tips for using SQL Commands Cheat Sheet
- The SQL cheat sheet commands can be used by any IDE or tool where the users want to connect with the database.
- There are different databases in the market like Oracle, SQL Server, IBM, etc. All can be connected using their jar files or tools to manage complex data operations.
- There is a set of aggregate functions to use along SQL commands cheat sheet and perform complex data operations based on the data query.
| Function | Description |
| Count | It is used to count the total number of elements in a list. |
| SUM | It is used to return the sum of elements in a list |
| MAX | It is used to return the maximum value from the list |
| MIN | It is used to return the minimum value from the list |
| AVG | It is used to calculate the average value from the list. |
- With the help of the SQL cheat sheet, you can create or manage VIEWS, INDEXES, and TRIGGERS.
- A different set of cheat sheet operators include erythematic operators, logical operators, comparison operators, negation operators, etc. Here we have given the list of comparison operators for your reference.
| Comparison Operator | What Does it Mean? |
| = | Equal to |
| <> | Not Equal to |
| != | Not Equal to |
| < | Less Than |
| <= | Less Than or Equal to |
| > | Greater Than |
| >= | Greater than or Equal to |
| LIKE ’%expression% ’ | Contains ‘expression’ |
| IN (‘exp1’,’exp2’,’exp3’) | Contains any of ‘exp1’,’exp2’,’exp3’ |
MS SQL Cheat Sheet: Data Types
In SQL we have more than 40 data types. A set of common data types that are used frequently with SQL cheat sheet commands is given as:
| Data Types | Description |
| Integer | It represents the whole number without any fraction |
| Decimal | It gives a number with a fraction part. |
| Boolean | It returns the Boolean value either TRUE or FALSE. |
| Date | It returns the DATE based on the selected format. |
| Time | It returns the time in the decided format. |
| Timestamp | Here, the date and time are given together. |
| Text | This is the most common data type that could be given as a set of alphabets, a set of numbers, a mix of alphabets and numbers, etc. |
MS SQL Cheat Sheet: Reversed Keywords
There are reserved keywords in the SQL to perform certain operations as given below:
| SQL operators | Description |
| UNION | It is used to combine columns from multiple tables. |
| INTERSECT | It is used to return the intersection value of two queries. |
| MINUS | It is used to subtract the second result set from the first one. |
| BETWEEN | It returns the middle value using MIN and MAX functions |
| NOT LIKE | It returns the rows based on a matching pattern. |
| NOT NULL | It will check either value in a table are NULL or NOT NULL. |
MS SQL Cheat Sheet: Basic
Other than reserved keywords, there are basic keywords in SQL besides reserved keywords to query a database and manage tough data operations.
| SQL keywords | Description |
| SELECT | It is used to specify which column to query. You can use * to query the entire table. |
| FROM | It is used to declare the table name that can be used to fetch the data. |
| LIKE | It is a special operator to define a pattern for a row or column using the WHERE clause. |
| EQUAL To (=) | It is used to compare values whether they are equal or not. |
| WHERE | It is used to specify the condition. |
| GROUP BY | To identical group data, we can use this keyword. |
| HAVING | It is used along with aggregate functions which value should be returned once the specific condition is met. |
| Inner Join | It is used to return all the rows when records in one table are similar to records in another table. |
| Outer Join | It is used to return rows that are similar either in the left or right table. |
| Left/Right Join | It is used to return rows that match the records in the right table for the right join and the left table for the left join. |
- A set of different SQL constraints to execute the columns in a table include reliability, redundancy, accuracy, etc.
- When it comes to referential integrity, it plays a major role in performing integrity constraints along with commands. The different constraints available in SQL are integrity constraints or dropping constraints.
- The SQL Cheat Sheet injection is another popular technique where user-submitted data is validated before processing or running a query to avoid data breaches and ensure safe data operations without any data loss.
SQL is the most common database language used everywhere. The SQL command cheat sheet is generally used to perform different operations from basic to complex based on data requirements. Further, it is used to generate reports to import or export respectively from databases.
SQL Criteria for Normal Forms
To make sure that data is stored reliably in database tables, normalize the databases to reduce the possibilities of anomalies. Here are some criteria for the first normal form (1NF).
- The table should be two-dimensional with rows and columns.
- Each row contains data that represents a portion of a certain thing.
- Each column contains data and represents attributes of the thing described.
- Next is the cell, the intersection of row and column, which must be single-valued.
- All entries in the column should be of similar types.
- Each column should be given a unique name.
- No two rows should be identical.
- In 1NF, the order of rows and columns doesn’t matter.
Here are some criteria for the second normal form (2 NF) in SQL:
- The table should be in the first normal form before you start with 2NF.
- All the non-key attributes are dependent on key attributes.
- Every constraint in the table is a logical sequence of key or domain definitions.
SQL Value Functions
SQL value functions are used to perform operations on data that are frequently used by databases. Here are a few SQL value functions for your reference.
| String Value Function | Description |
| Substring | This function is used to extract the portion of a string i.e. substring from the source string. |
| UPPER | It is used to convert the string to all Upper case |
| LOWER | It is used to convert the string to all lower case |
| CONVERT | It is used to convert strings from one format to another. |
| TRIM | This function is used to trim leading and trailing blanks. |
| TRANSLATE | This function is used to translate one character set to another in the source string. |
| Numeric Value Functions | Description |
| Position | This function returns the starting position of a target string within the source string. |
| Character-length | It returns the total number of characters within a string. |
| Octet_length | It returns the total number of octets within a string. |
| Extract | It returns the single field from a particular interval. |
| Date-time Value Function | Description |
| Current_Date | This function returns the current date. |
| Current_Time | This function returns the current time. |
| Current_timestamp | This function returns the current date and time together. |
SQL Cheat Sheet Injection
An SQL cheat sheet injection is the resource in which you may find detailed technical information for different variants of SQL injection vulnerability. This SQL cheat sheet is an excellent reference for testers who just started with the web security domain. The SQL cheat sheet injection was proposed in 2007 and updated over time. This cheat sheet contains information mainly about the SQL Server, MySQL. PostgreSQL, Oracle, etc. you have to be extra cautious for complex query usage because the real-live environment may vary based on situations.
Syntax references or Dirty SQL Cheat Sheet injection Tricks
Commenting Out
Line comments are generally used to ignore the rest of the query, so you don’t have to deal with fixing the syntax again.
/*Comment Here*/(SM) DROP /*comment*/sampletable DR/**/OP/*bypass Blacklisting*/sampletable SELECT /*avoid-spaces*/password/**/FROM/**/Memebers
The second category is Inline Comment where the rest of the query is generally commented by not closing them, or you can use it for blacklisting, removing spaces, finding the value of database versions, etc. for example, here is the special code to determine the MySQL version. If you put this code as a comment, then it is executed in MySQL only. Also, this technique is used to execute the selected code when the current version of the server is higher than the supplied version.
/*! MYSQL Special SQL */ (M)
Blind SQL Injections
In the case of a good production application, you cannot check the error status on the page. It is not possible to check data through Union attacks or error-based attacks. Here, you should move ahead with blind SQL injection attacks for the data extraction. It can be divided into two major categories. These are normal blind and the Totally blind. In the case of Normal Blind, we cannot check the response on the same page, but it still determines the response of a query through the HTTP status code. In the case of Totally blind, it is possible checking differences among any kind of output. It can be an injection, logging function, or any other query. However, it is not common to use SQL injections in practice. For the normal blind, you may use the IF or WHERE clause while the blind injection is based on waiting functions and analyzing response times.
Stacking Queries
Stacking queries mean executing multiple queries together in a single transaction. It is very useful from an injection point of view, especially in SQL server back-ended applications. For example, the following query ends a query starts the new one.
Here is the database stacked query support table that shows which languages are supported and which are not supported for stacked queries in SQL.
PHP/MYSQL does not support stacked queries because of multiple database layers in most of the configurations. In the same way, Java does not support queries in Oracle. However, real-live scenarios may be different that depends on the situation. Also, database standards are changed frequently to make it more familiar for users. Here are a few stacked query attack samples for your reference.
ID: 10; DROP members -- SELECT * FROM products WHERE id = 10; DROP members --
If Statement
The blind SQL injection execution is based on IF statements. It is used to test simple stuff blindly and more accurately. Here is the simple syntax for the If statement in SQL injection:
IF (condition, true-part, false-part) SELECT IF (1=1, 'true' , 'false')
For the SQL server, if a statement can be used as:
IF condition THEN true-part; ELSE false-part (S) IF (1=1) SELECT 'true' ELSE SELECT 'false'
For Oracle, if statement can be used as:
BEGIN IF condition THEN tru-part; ELSE false-part; END IF; END; (O) IF (1=1) THEN dbms_lock.sleep(3); ELSE dbms_lock.sleep(0); END IF; END;
For PostgreSQL, if statement can be used as:
SELECT CASE WHEN condition THEN True-part ELSE false-part END; (p) SELECT CASE WHEN (1=1) THEN 'A' ELSE 'B' END;
Data Types in SQL Cheat Sheet injection
- You should use the UNION operator everywhere for non-distinct field types. By default, the UNION operator tries to give distinct values when used.
- If you don’t want to display unwanted records from the left table, then use SQL injection to make your query more optimized using conditional operators like WHERE or IF.
- You can use NULL for most data types instead of using date, integers, guess strings, etc. you should be extra careful in blind situations that are more prone to errors.
Final Words:
This blog gives you a perfect idea of SQL query cheat sheet, tips on using an SQL cheat sheet, an SQL injection cheat sheet, etc. this cheat sheet is extremely helpful for database developers who are struggling in executing complex queries. It is always practicing multiple operators and functions together to produce unique results.
Original article source at https://www.janbasktraining.com
#sql #database
