Upload
todorovic-miodrag
View
213
Download
0
Embed Size (px)
Citation preview
8/19/2019 Sql komande
1/17
1. Some of The Most Important SQL Commands:
• SELECT - extracts data from a database
• UPDATE - updates data in a database
• DELETE - deletes data from a database
• INSERT INTO - inserts new data into a database
• CREATE DATAASE - creates a new database
• ALTER DATAASE - modies a database
• CREATE TALE - creates a new table
• ALTER TALE - modies a table
•
DROP TALE - deletes a table
• CREATE INDE! - creates an index (search key)
• DROP INDE! - deletes an index
". SQL CREATE TALE S#nta$:
CREATE TA!E table_name(
column_name1 data_type(size)"column_name2 data_type(size)"column_name3 data_type(size)"####)$
Pr%mer:
CREATE TA!E %ersons(%erson&' int"!astame archar(*++)",irstame archar(*++)"Addres archar(*++)"City archar(*++))$
&. The SQL SELECT Statement:
The E!ECT statement is used to select data from a database#
The result is stored in a result table" called the result-set#
SQL SELECT S#nta$:
8/19/2019 Sql komande
2/17
E!ECT column_name"column_name
,R./ table_name$
and
E!ECT 0 ,R./ table_name$
1# The SQL SELECT DISTINCT
The E!ECT '&T&CT statement is used to return only distinct (di2erent) alues#
The SQL SELECT DISTINCT Statement
&n a table" a column may contain many duplicate alues$ and sometimes you only want to list thedi2erent (distinct) alues#
The '&T&CT keyword can be used to return only distinct (di2erent) alues#
SQL SELECT DISTINCT S#nta$
E!ECT '&T&CT column_name"column_name
,R./ table_name$%rimer3
E!ECT '&T&CT City ,R./ Customers$
'. SQL ()ERE C*a+se
The WHERE clause is used to filter records.
The SQL WHERE Clause
The WHERE clause is used to extract only those records that fulfill a specified criterion.
SQL WHERE Syntax
SELECT column_name,column_name
FROM table_nameWHERE column_name operator value
%rimer3
E!ECT 0 ,R./ Customers
45ERE Country67/exico7$
&li
E!ECT 0 ,R./ Customers45ERE Customer&'68$
8/19/2019 Sql komande
3/17
,. SQL AND - OR Operators
The A' 9 .R operators are used to lter records based on more than one condition#
The :! A' 9 .R .perators
The A' operator displays a record if both the rst condition A' the second condition are true#
The .R operator displays a record if either the rst condition .R the second condition is true#
AND Operator E$amp*e
The followin; :! statement selects all customers from the country
8/19/2019 Sql komande
4/17
ORDER / DESC E$amp*e
The followin; :! statement selects all customers from the
8/19/2019 Sql komande
5/17
E$amp*e
&ERT &T. Customers (Customerame" City" Country)A!DE (7Cardinal7" 7taan;er7" 7orway7)$
6. SQL UPDATE Statement
The D%'ATE statement is used to update records in a table#
The SQL UPDATE Statement
The D%'ATE statement is used to update existin; records in a table#
SQL UPDATE S#nta$
D%'ATE table_nameET column16value1"column26value2"###45ERE some_column6some_value$
Notice the WHERE clause in the SQL
UPDATE statement!The WHERE clause specifies !hich record or
records that should "e updated. #f you o$it
the WHERE clause, all records !ill "eupdated%
SQL UPDATE E$amp*e
Assume we wish to update the customer
8/19/2019 Sql komande
6/17
SQL DELETE S#nta$
'E!ETE ,R./ tablename
45ERE somecolumn6somealue$
Not%4e the ()ERE 4*a+se %n the
SQL DELETE statement8
The 45ERE clause species whichrecord or records that should bedeleted# &f you omit the 45ERE clause"all records will be deletedH
SQL DELETE E$amp*e
Assume we wish to delete the customer
8/19/2019 Sql komande
7/17
The example aboe" creates a select statement by addin; a ariable (txtDser&d) to a selectstrin;# The ariable is fetched from the user input (ReJuest) to the pa;e#
The rest of this chapter describes the potential dan;ers of usin; user input in :! statements#
SQL Ine4t%on
:! inIection is a techniJue where malicious users can inIect :! commands into an :!statement" ia web pa;e input#
&nIected :! commands can alter :! statement and compromise the security of a webapplication#
SQL Ine4t%on ased on 1
8/19/2019 Sql komande
8/17
sJl 6
8/19/2019 Sql komande
9/17
ome web deelopers use a
8/19/2019 Sql komande
10/17
The followin; examples shows how to build parameteriMed Jueries in some common weblan;ua;es#
A%#ET E!ECT
txtDser&d 6 ;etReJuesttrin;(
8/19/2019 Sql komande
11/17
SQL Ser2er > MS A44ess S#nta$
E!ECT T.% number B percent column_name(s),R./ table_name$
SQL SELECT TOP E?+%2a*ent %n M#SQL and Ora4*e
M#SQL S#nta$
E!ECT column_name(s)
,R./ table_name!&/&T number $
E$amp*e
E!ECT 0,R./ %ersons!&/&T +$
Ora4*e S#nta$
E!ECT column_name(s),R./ table_name
45ERE R.4D/ Q6 number $
E$amp*e
E!ECT 0,R./ %ersons45ERE R.4D/ Q6+$
SQL SELECT TOP E$amp*e
The followin; :! statement selects the two rst records from the
8/19/2019 Sql komande
12/17
The followin; :! statement selects all customers with a City startin; with the letter
8/19/2019 Sql komande
13/17
SHcharlist
Us%n7 the SQL (%*d4ard
The followin; :! statement selects all customers with a City startin; with
8/19/2019 Sql komande
14/17
E$amp*e
E!ECT 0 ,R./ Customers45ERE City !&@E 7SHbsp7$
or
E!ECT 0 ,R./ Customers
45ERE City .T !&@E 7Sbsp7$
1'. SQL IN Operator
IN Operator E$amp*e
The followin; :! statement selects all customers with a City of E$amp*e
E!ECT 0 ,R./ Customers45ERE City & (7%aris7"7!ondon7)$
1,. SQL ET(EEN Operator
The ET4EE operator is used to select alues within a ran;e#
The SQL ET(EEN Operator
The ET4EE operator selects alues within a ran;e# The alues can be numbers" text" or dates#
SQL ET(EEN S#nta$
E!ECT column_name(s),R./ table_name
45ERE column_name ET4EE value1 A' value2;
ET(EEN Operator E$amp*e
The followin; :! statement selects all products with a price ET4EE 8F and *F3
E$amp*e
E!ECT 0 ,R./ %roducts45ERE %rice ET4EE 8F A' *F$
NOT ET(EEN Operator E$amp*e
To display the products outside the ran;e of the preious example" use .T ET4EE3
E$amp*e
E!ECT 0 ,R./ %roducts45ERE %rice .T ET4EE 8F A' *F$
8/19/2019 Sql komande
15/17
ET(EEN Operator %th IN E$amp*e
The followin; :! statement selects all products with a price ET4EE 8F and *F" but productswith a Cate;ory&' of 8"*" or should not be displayed3
E$amp*e
E!ECT 0 ,R./ %roducts45ERE (%rice ET4EE 8F A' *F)
A' .T Cate;ory&' & (8"*")$
ET(EEN Operator %th Te$t a*+e E$amp*e
The followin; :! statement selects all products with a %roductame be;innin; with any of theletter ET4EE 7C7 and 7/73
E$amp*e
E!ECT 0 ,R./ %roducts
45ERE %roductame ET4EE 7C7 A' 7/7$
NOT ET(EEN Operator %th Te$t a*+e E$amp*e
The followin; :! statement selects all products with a %roductame be;innin; with any of theletter .T ET4EE 7C7 and 7/73
E$amp*e
E!ECT 0 ,R./ %roducts45ERE %roductame .T ET4EE 7C7 A' 7/7$
ET(EEN Operator %th Date a*+e E$amp*e
The followin; :! statement selects all orders with an .rder'ate ET4EE 7F1-Vuly-8WWG7 and7FW-Vuly-8WWG73
E$amp*e
E!ECT 0 ,R./ .rders45ERE .rder'ate ET4EE XFYZF1Z8WWGX A' XFYZFWZ8WWGX$
Not%4e that the ET(EEN operator
4an prod+4e d%Ferent res+*t %nd%Ferent data;ases8
&n some databases" ET4EE selectselds that are between and excludin;the test alues#&n other databases" ET4EE selectselds that are between and includin;the test alues#
8/19/2019 Sql komande
16/17
And in other databases" ET4EEselects elds between the test alues"includin; the rst test alue andexcludin; the last test alue#
Therefore: Che4G ho #o+r
data;ase treats the ET(EENoperator8
1. SQL A*%ases
:! aliases are used to temporarily rename a table or a column headin;#
SQL A*%ases
:! aliases are used to ;ie a database table" or a column in a table" a temporary name#asically aliases are created to make column names more readable#
SQL A*%as S#nta$ for Co*+mns
E!ECT column_name A alias_name,R./ table_name;
SQL A*%as S#nta$ for Ta;*es
E!ECT column_name(s),R./ table_name A alias_name;
A*%as E$amp*e for Ta;*e Co*+mns
The followin; :! statement species two aliases" one for the Customerame column and
one for the Contactame column# T%p: &t reJuires double Juotation marks or sJuarebrackets if the column name contains spaces3E$amp*eE!ECT Customerame A Customer" Contactame A SContact %erson,R./ Customers$
&n the followin; :! statement we combine four columns (Address" City" %ostalCode" andCountry) and create an alias named
8/19/2019 Sql komande
17/17
E$amp*eE!ECT o#.rder&'" o#.rder'ate" c#Customerame,R./ Customers A c" .rders A o45ERE c#Customerame6