Definition And Explaination:-
ALTER TABLE allows you to change the structure of an existing table. For example, you can add or delete columns, create indexes, change the type of existing columns, or rename columns or the table itself.You can use ALTER TABLE to modify the structure of a table that has not been added to a database.Alter table command allows
* To add the field;
* To delete the field out;
* To change the DEFAULT value for any of the field;
* To add or delete the table PRIMARY KEY;
* To add or delete the table FOREIGN KEY;
* To add or delete UNIQUE constraint;
* To add or delete CHECK constraint;
* To rename fields or table itself;
* To change field type.

Syntax And Structure:-

ADD [ COLUMN ]   column_definition
|    ADD [ COLUMN ] ( column_definition [,   column_definition ... ] )

|    ADD   table_constraint_definition
|    ADD ( table_constraint_definition [, table_constraint_definition ... ] )

|    ALTER [ COLUMN ] column_name  < SET DEFAULT default_option | DROP DEFAULT>
|    DROP  [ COLUMN ] column_name [ drop_behavior ]
|    DROP PRIMARY KEY
|    DROP INDEX index_name
|    DROP CONSTRAINT IDENT

|    CHANGE [ COLUMN ] old_col_name column_definition
|    MODIFY [ COLUMN ] column_definition
|    RENAME [ AS ] table_name

Examples:-

ALTER TABLE customers ADD CONTACT_PHONE VARCHAR(30)

ALTER TABLE customers ADD COLUMN CONTACT_PHONE VARCHAR(30)

ALTER TABLE customers DROP contact_name

ALTER TABLE Person CHANGE LastName Surnname String ( 40 )

ALTER TABLE Person MODIFY  Surnname String ( 30 )

ALTER TABLE offices ADD CONSTRAINT inregion  FOREIGN KEY ( region ) REFERENCES regions

ALTER TABLE salesreps DROP CONSTRAINT worksin

ALTER TABLE Customer ADD COLUMN Fax2 c(20) NOT NULL

Tags: Mysql, RDBMS/DBMS SQL, SQL Server by Inder Singh
2 Comments »

A Mysql injection is attack tried by site visitors/users to get/damage data in databases by taking benefit from poor programming of websites.An injection attack occurs when a visitor to your site types something into a form input with the purpose of changing the outcome of your MySQL query. For example, at a login screen someone may try this type of attack to gain access to a secure area of the website.

If your query to check the username and password entered by the user was this:

“SELECT * FROM users WHERE username = ‘”.$_POST['username'].”‘ AND password = ‘”.$_POST['password'].”‘”

Someone could login by using any username and for the password they would type ‘ OR ”=” which would be placed into your MySQL query changing it to be:

“SELECT * FROM users WHERE username = ‘anyuser’ AND password = ” OR ”=””

As you can see, MySQL injection attacks can be pretty serious depending on the information the person has access to once they are logged in. It is very important for you to secure your site against injection attacks. Luckily, PHP can aid you in preventing injection attacks.

MySQL will then return all the rows in the table and then, depending on your script’s logic, you will probably log them in because there was a match. Now, in most cases, people have magic_quotes_gpc turned on (it’s the PHP default) which will add backslashes to escape all ‘ (single-quote), ” (double quote), (backslash) and NULL characters. This is not foolproof though because there are other characters that should be escaped to be safe.

Preventing Mysql/PHP injections:-

There are php mysql functions to prevent such type of things:
into your queries. One of The function is mysql_real_escape_string().

use Like :- $value = “‘” . mysql_real_escape_string($value) . “‘”;

For integer values dont forgot to use intval() function

Tags: CMS(Content management System), Drupal, Hacking, Linux, Mysql, Mysql injection, PHP, Programming, Programming Technologies, RDBMS/DBMS SQL, Web technologies by Inder Singh
No Comments »