Union select null, null, null, null, null, null, null from information_schema.tables. for a small database containing three tables. this instruction is used in sql injection I tried it and it worked but I didn't really know how it works can somebody help me...
qndbq7bbxilyCzFA') UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716e646271,IFNULL(CAST(grantee AS CHAR),0x20),0x716a716771),NULL FROM INFORMATION_SCHEMA.USER_PRIVILEGES#qjqgq.
Concatenating '-' with a NULL will always return NULL. TheVALUE expression replaces NULLs with an empty string.
Даже выражение NULL != NULL не будет истинным, ведь нельзя однозначно сравнить одну неизвестность с другой.
select, is obvious. null, is just a place holder that is used because a union statement requires that the number of fields match the 1st query that it’s appending to.
Note: A NULL value is different from a zero value or a field that contains spaces. A field with a NULL value is one that has been left blank during record creation!
Предикат IS NULL позволяет проверить отсутствие (наличие) значения в полях таблицы. Использование в этих случаях обычных предикатов сравнения может привести к неверным результатам, так как сравнение со значением NULL дает результат UNKNOWN (неизвестно).
Returns NULL if either argument is NULL. This function does not work properly if the first argument contains a comma (,) character.
Тем не менее, NULL, как NULL-значение, часто используется в SQL. Предположим, появился покупатель, которому еще не назначен продавец.
NULL is special in SQL. NULL indicates that the data is unknown, inapplicable or even does not exist. In other words, NULL represents that the data is missing in the database. For example, if an employee does not have any phone number, you can store it as an empty string.