Union select null, null, null, null, null, null, null from information_schema.tables. for a small database containing three tables. this instruction is used in sql injection I tried it and it worked but I didn't really know how it works can somebody help me...
data2(id, val) as (select 1, null from dual union all select 2, '2' from dual).
99 or 1=1 union select null, concat(table_name,0x0a,column_name) from information_ schema.columns - since where clause cannot be used
select, is obvious. null, is just a place holder that is used because a union statement requires that the number of fields match the 1st query that it’s appending to.
SELECT * FROM `mydata`.`mytable` WHERE CONCAT(<list of columns>) IS NOT NULL. All we are missing now is the list of nullable columns, comma-separated. We're going to use the GROUP_CONCAT function to produce the final statement, which we will execute like this
Предикат IS NULL позволяет проверить отсутствие (наличие) значения в полях таблицы. Использование в этих случаях обычных предикатов сравнения может привести к неверным результатам, так как сравнение со значением NULL дает результат UNKNOWN (неизвестно).
Note: A NULL value is different from a zero value or a field that contains spaces. A field with a NULL value is one that has been left blank during record creation!
Заменяет значение NULL указанным замещающим значением.Replaces NULL with the specified replacement value.
The result is NULL if the argument is NULL or not a valid base-64 string. See the description of TO_BASE64() for details about the
Тем не менее, NULL, как NULL-значение, часто используется в SQL. Предположим, появился покупатель, которому еще не назначен продавец.