All you need to know about SQL Cheat Sheet

Introduction

SQL often named as Structured Query Language is a declarative programming language that is domain-specific and used to design and manage data models and to organize data in relational databases. SQL was proposed by Donald Chamberlin and Raymond Boyce in 1974. It is based on the static typing, and strong discipline language supports cross-platform operating systems. It has different sublanguages called statements to perform operations based on requirements. This blog is a complete guide to the SQL cheat sheet and makes you more confident on the platform while using SQL.

SQL Cheat Sheet- The Commands

The SQL cheat sheet commands can be divided into different categories like Data Definition Language, Data control commands, data manipulation language, etc. Here is the SQL cheat sheet to help you in performing different operations based on different situations. 

Data Manipulation Language

Query	Description
CREATE TABLE column names, data type constraints;	This command creates a new table with new columns and data type constraints.
ALTER TABLE ;	This command adds a new column to the table.
DROP TABLE ;	This command deletes the entire table from the database.
INSERT INTO values, columns;	It is used to add data or records to the table.
UPDATE TABLE set c1=updated-value	It is used to update the cell value in a table based on the column name.
UPDATE TABLE set c1=updated-value, c2= updated-value WHERE condition	It is used to update multiple cell values in a table based on column names and the specific condition.
DELETE FROM ;	This command deletes the entire data from the table, not the table structure.
DELETE FROM WHERE condition;	This command deletes the selected data from the table based on the specified condition.

Data Definition Commands

Query	Description
CREATE TABLE column names, data type constraints;	This command creates a new table with new columns and data type constraints.
ALTER TABLE ;	This command adds a new column to the table.
DROP TABLE ;	This command deletes the entire table from the database.
INSERT INTO values, columns;	It is used to add data or records to the table.
UPDATE TABLE set c1=updated-value	It is used to update the cell value in a table based on the column name.
UPDATE TABLE set c1=updated-value, c2= updated-value WHERE condition	It is used to update multiple cell values in a table based on column names and the specific condition.
DELETE FROM ;	This command deletes the entire data from the table, not the table structure.
DELETE FROM WHERE condition;	This command deletes the selected data from the table based on the specified condition.

Data Control Commands

Query	Description
GRANT <Object Privileges>ON<Object Name> TO [GRANT OPTION]	This command is used to grant access to a particular user based on access and grant options.
REVOKE <Object Privileges> ON <Object Name> FROM	This command is used to revoke access to the particular user from the specified object.

Tips for using SQL Commands Cheat Sheet

• The SQL cheat sheet commands can be used by any IDE or tool where the users want to connect with the database.
• There are different databases in the market like Oracle, SQL Server, IBM, etc. All can be connected using their jar files or tools to manage complex data operations.
• There is a set of aggregate functions to use along SQL commands cheat sheet and perform complex data operations based on the data query.

Function	Description
Count	It is used to count the total number of elements in a list.
SUM	It is used to return the sum of elements in a list
MAX	It is used to return the maximum value from the list
MIN	It is used to return the minimum value from the list
AVG	It is used to calculate the average value from the list.

• With the help of the SQL cheat sheet, you can create or manage VIEWS, INDEXES, and TRIGGERS.
• A different set of cheat sheet operators include erythematic operators, logical operators, comparison operators, negation operators, etc. Here we have given the list of comparison operators for your reference.

Comparison Operator	What Does it Mean?
=	Equal to
<>	Not Equal to
!=	Not Equal to
<	Less Than
<=	Less Than or Equal to
>	Greater Than
>=	Greater than or Equal to
LIKE ’%expression% ’	Contains ‘expression’
IN (‘exp1’,’exp2’,’exp3’)	Contains any of ‘exp1’,’exp2’,’exp3’

In SQL we have more than 40 data types. A set of common data types that are used frequently with SQL cheat sheet commands is given as:

Data Types	Description
Integer	It represents the whole number without any fraction
Decimal	It gives a number with fraction part.
Boolean	It returns the Boolean value either TRUE or FALSE.
Date	It returns the DATE based on the selected format.
Time	It returns the time in the decided format.
Timestamp	Here, date and time are given together.
Text	This is the most common data type that could be given as a set of alphabets, set of numbers, a mix of alphabets and numbers, etc.

There are reserved keywords in the SQL to perform certain operations as given below:

SQL operators	Description
UNION	It is used to combine columns from multiple tables.
INTERSECT	It is used to return the intersection value of two queries.
MINUS	It is used to subtract the second result set from the first one.
BETWEEN	It returns the middle value using MIN and MAX functions
NOT LIKE	It returns the rows based on a matching pattern.
NOT NULL	It will check either value in a table are NULL or NOT NULL.

Other than reserved keywords, there are basic keywords in SQL to query a database and manage tough data operations.

Read: Top 50 MongoDB Interview Questions and Answers

SQL keywords	Description
SELECT	It is used to specify which column to query. You can use * to query the entire table.
FROM	It is used to declare the table name that can be used to fetch the data.
LIKE	It is a special operator to define a pattern for row or column using the WHERE clause.
EQUAL To (=)	It is used to compared values either they are equal or not.
WHERE	It is used to specify the condition.
GROUP BY	To identical group data, we can use this keyword.
HAVING	It is used along with aggregate functions which value should be returned once the specific condition is met.
Inner Join	It is used to return all the rows when records in one table are similar to records in another table.
Outer Join	It is used to return rows that are similar either in the left or right table.
Left/Right Join	It is used to return rows that match the records in the right table for the right join and the left table for the left join.

• A set of different SQL constraints to execute the columns in a table include reliability, redundancy, accuracy, etc.
• When it comes to referential integrity, it plays a major role in performing integrity constraints along with commands. The different constraints available in SQL are integrity constraints or dropping constraints.
• The SQL Cheat Sheet injection is another popular technique where user-submitted data is validated before to process or run a query to avoid data breaches and ensure safe data operations without any data loss.

SQL is the most common database language used everywhere. The SQL command cheat sheet is generally used to perform different operations from basic to complex based on data requirements. Further, it is used to generate reports to import or export respectively from databases.

SQL Criteria for Normal Forms

To make sure that data is stored reliably in database tables, normalize the databases to reduce the possibilities of anomalies. Here are some criteria for the first normal form (1NF).

• The table should be two-dimensional with rows and columns.
• Each row contains data that represents a portion of a certain thing.
• Each column contains data and represents attributes of the thing described.
• Next is the cell, the intersection of row and column, must be single-valued.
• All entries in the column should be of similar types.
• Each column should be given a unique name.
• No two rows should be identical.
• In 1NF, the order of rows and columns doesn’t matter.

Here are some criteria for the second normal form (2 NF) in SQL:

• The table should be in the first normal form before you start with 2NF.
• All the non-key attributes are dependent on key attributes.
• Every constraint in the table is a logical sequence of key or domain definitions.

Read: Difference Between SQLite and MySQL

SQL Value Functions

SQL value functions are used to perform operations on data that are frequently used by databases. Here are a few SQL value functions for your reference.

String Value Function	Description
Substring	This function is used to extract the portion of a string i.e. substring from the source string.
UPPER	It is used to convert the string to all Upper case
LOWER	It is used to convert the string to all lower case
CONVERT	It is used to convert string from one format to another.
TRIM	This function is used to trim leading and trailing blanks.
TRANSLATE	This function is used to translate one-character set to another in the source string.

 

Numeric Value Functions	Description
Position	This function returns the starting position of a target string within the source string.
Character-length	It returns the total number of characters within a string.
Octet_length	It returns the total number of octets within a string.
Extract	It returns the single field from a particular interval.

Read: SQL Database Normalization: 1NF, 2NF, 3NF, 4NF

Date-time Value Function	Description
Current_Date	This function returns the current Date.
Current_Time	This function returns the current Time.
Current_timestamp	This function returns the current Date and time together.

SQL Cheat Sheet Injection

An SQL cheat sheet injection is the resource in which you may find detailed technical information for different variants of SQL injection vulnerability. This SQL cheat sheet is an excellent reference for testers who just started in with the web security domain. The SQL cheat sheet injection was proposed in 2007 and updated over time. This the cheat sheet contains information mainly about the SQL Server, MySQL. PostgreSQL, Oracle, etc. you have to be extra cautious for complex queries usage because the real-live environment may vary based on situations.

Read: Different Type Of SQL Functions And Their Uses

Syntax references or Dirty SQL Cheat Sheet injection Tricks

Commenting Out

Line comments are generally used to ignore the rest of the query, so you don’t have to deal with fixing the syntax again.

/*Comment Here*/(SM) DROP /*comment*/sampletable DR/**/OP/*bypass Blacklisting*/sampletable SELECT /*avoid-spaces*/password/**/FROM/**/Memebers

The second category is Inline Comment where the rest of the query is generally commented by not closing them, or you can use it for blacklisting, removing spaces, find the value of database versions, etc. for example, here is the special code to determine the MySQL version. If you put this code as a comment, then it is executed in MySQL only. Also, this technique is used to execute the selected code when the current version of the server is higher than the supplied version.

/*! MYSQL Special SQL */ (M)

Read: Difference Between Stored Procedure and Function in SQL Server

Blind SQL Injections

In case of a good production application, you cannot check the error status on the page. It is not possible checking data through Union attacks or error-based attacks. Here, you should move ahead with blind SQL injection attacks for the data extraction. It can be divided into two major categories. These are normal blind and the Totally blind. In case of Normal Blind, we cannot check the response on the same page, but it still determines the response of a query through HTTP status code. In case of Totally blind, it is possible checking differences among any kind of output. It can be an injection, logging function, or any other query. However, it is not common using SQL injections in practice. For the normal blind, you may use IF or WHERE clause while the blind injection is based on waiting functions and analyzing response times.

Stacking Queries

Stacking queries mean executing multiple queries together in a single transaction. It is very useful from an injection point of view, especially in SQL server back-ended applications. For example, the following query ends a query start the new one.

; (S) SELECT * FROM members; DROP members--

Here is the database stacked query support table that shows which language are supported and which are not supported for stacked queries in SQL.

PHP/MYSQL does not support stacked queries because of multiple database layers in most of the configurations. In the same way, Java does not support queries in Oracle. However, real-live scenarios may be different that depends on situations. Also, database standards are changed frequently to make it more familiar for users. Here a few stacked query attack samples for your reference.

ID: 10; DROP members -- SELECT * FROM products WHERE id = 10; DROP members --

If Statement

The blind SQL injection execution is based on IF statements. It is used to test simple stuff blindly and more accurately. Here is the simple syntax for If statement in SQL injection:

IF (condition, true-part, false-part) SELECT IF (1=1, 'true' , 'false')

For the SQL server, if a statement can be used as:

Read: How To Become Expert In Sql Server Developer?

IF condition THEN true-part; ELSE false-part (S) IF (1=1) SELECT 'true' ELSE SELECT 'false'

For Oracle, if statement can be used as:

BEGIN IF condition THEN tru-part; ELSE false-part; END IF; END; (O) IF (1=1) THEN dbms_lock.sleep(3); ELSE dbms_lock.sleep(0); END IF; END;

For PostgreSQL, if statement can be used as:

SELECT CASE WHEN condition THEN True-part ELSE false-part END; (p) SELECT CASE WHEN (1=1) THEN 'A' ELSE 'B' END;

Data Types in SQL Cheat Sheet injection

• You should use the UNION operator everywhere for non-distinct field types. By default, the UNION operator tries to give distinct values when used.
• If you don’t want to display unwanted records from the left table, then use SQL injection to make your query more optimized using conditional operators like WHERE or IF.
• You can use NULL for most data types instead of using date, integers, guess strings, etc. you should be extra careful in blind situations that are more prone to errors.

Final Words:

This blog gives you a perfect idea of SQL query cheat sheet, tips on using an SQL cheat sheet, and SQL injection cheat sheet, etc. this cheat sheet is extremely helpful for database developers who are struggling in executing complex queries. It is always practicing multiple operators and functions together to produce unique results. To get the more comprehensive idea of SQL Syntax Cheat Sheet, we encourage you to join SQL certification program at JanBask Training and start learning database concepts thoroughly.

Read: Top 20 SSAS Interview Questions and Answers For Freshers, Experienced