复制代码 代码如下: SELECT TableName = OBJECT_NAME(c.object_id), ColumnsName = c.name, Description = ex.value, ColumnType=t.name, Length=c.max_length FROM sys.columns c LEFT OUTER JOIN sys.extended_properties ex ON ex.major_id = c.ob
复制代码 代码如下: SELECT TableName = OBJECT_NAME(c.object_id), ColumnsName = c.name, Description = ex.value, ColumnType=t.name, Length=c.max_length FROM sys.columns c LEFT OUTER JOIN sys.extended_properties ex ON ex.major_id = c.object_id AND ex.minor_id = c.column_id AND ex.name = ‘MS_Description’ left outer join systypes t on c.system_type_id=t.xtype WHERE OBJECTPROPERTY(c.object_id, ‘IsMsShipped’)=0 AND OBJECT_NAME(c.object_id) =’tablename’ 1.获取所有数据库名: Select Name FROM Master..SysDatabases orDER BY Name 2.获取所有表名: Select Name FROM DatabaseName..SysObjects Where XType=’U’ orDER BY Name XType=’U’:表示所有用户表; XType=’S’:表示所有系统表; 3.获取所有字段名: Select Name FROM SysColumns Where id=Object_Id(‘TableName’)
![[SQL注入]在select_expr中使用as别名进行注入](https://img.mryunwei.com/uploads/2024/01/20240122022328514.webp)
