I'm pretty new to SQL & most of my exposure is through Python e.g Django ORM or sqlite3 i.e. not proper SQL!
I'm trying to solve a problem in order to learn & I've got to a point where I've tried every permutation of every possible query I could think of / find on the internet (within reason) related to what I'm trying to do, and am obviously missing something fundamental.
The task I'm struggling with is to form a query that can dynamically check the length of the name of the first user TABLE in the database (which I know has a parameter 'secret').
I can do this for the actual database name no problems with
...' OR LENGTH(DATABASE())=%variable%;
But when it comes to the TABLE_NAME I can't seem to form the right query as I said. This is what I've tried:
SELECT LENGTH(TABLE_NAME) FROM information_schema.TABLES WHERE TABLE_SCHEMA = 'databaseName' AND TABLE_TYPE='BASE TABLE' LIMIT 1;
This works and returns the correct length of the correct table name. However, doing something like:
SELECT * FROM 'test_name' WHERE secret='' OR (SELECT LENGTH(TABLE_NAME) etc etc LIMIT 1)=%variable
/
' OR LENGTH(SELECT table_name FROM information_schema.TABLES WHERE etc etc LIMIT 1)=%variable
both fail miserably!
I made an example sql server to test: 
I didn't get any further than I've described above without error messages :(
Where am I going wrong??
Please help!!! My brain's about to explode!
Aucun commentaire:
Enregistrer un commentaire