License: (CC 3.0) BY-NC-SA
Manual
following categories
mysql> ? contents
mysql> ? data types
mysql> ? int
man command
mysql> ? show
mysql> ? create table
What i know?
connect to mysql shell
mysql -h hostname -u username -p[password]
mysql -h hostname -u username --password=passwd
create database
drop database if exists dbname;
create database dbname;
mysql doesn’t support duplicate database name, you should check if there is a databse already exists, or you can simply drop if exists.
grant privilege
grant all privileges on dbname.* on 'dbadmin'@'%' identified by 'dbadminpasswd';
- you can also grant parts of privileges to users
- grant on . means on all
- % means all, or you can specific a network, like localhost or 192.168.32.0
show
show databases;
use dbname;
show tables;
desc tablename;
show columns from tablename;
create table
create table tablename (
colname1 varchar(255),
colname2 int,
id int not null auto_increment,
primary key (id));
insert
insert into tablename values (name,27,null);
select
select colname1 from table colname2='';
update
update tablename set colname1='' where colname2='';
delete
delete from tablename where colname1='';
Some Concepts
table type
- 事务安全表:InnoDB、BDB
- 非事务安全表:MyISAM、MEMORY、MERGE、EXAMPLE、NDB Cluster、ARCHIVE、CSV、BLACKHOLE、FEDERATED
常用的有两个:
- Myisam:默认存储引擎,当create新表未指定存储类型的时候即为myisam。每个表在磁盘上分为三个文件:.frm存储表定义,.MYD存储数据,.MYI存储索引,数据文件和索引文件可以在不同的目录以分布io,提高速度。
- InnoDB:具有提交、回滚和崩溃恢复能力的事务安全。缺点是写处理效率略差和占用更多的磁盘空间。
data type
- 对于myisam,建议使用固定长度的数据列代替可变长度的数据列
- 对于InnoDB,建议使用VARCHAR类型。理由是InnoDB的主要性能因素是存储总量,而CHAR平均空间要大于VARCHAR。
- 浮点数float能表示更大的范围但是精度有损失,(意味着写入后读出的值有可能与原值有微小的变化),定点数decimal表示范围小但是没有精度问题。
charset
- mysql> show character set 查看mysql支持的字符集
- mysql可以为同一个表的不同字段指定不同的字符集
- mysql的字符集包括字符集(CHARACTER)和校对规则(COLLATION)两个概念。CHARACTER定义字符串的存储方式,COLLATION定义字符串的比较方式,mysql支持30+CHARACTER和70+COLLATION
- 使用mysql> show collation like ‘utf8%’查看相关字符集的校对规则
- gb2312的字库比gbk小,有些生僻字无法保存
- 在my.cnf[mysqld]中指定default-character-set=utf8可以设定服务器级别的字符集
SQL Injection
- logical eval: ?username=admin’ or ‘1=1
- comment: ?username=admin’/*
- comment: ?username=admin’%23
how to defense?
- prepareStatement + Bind-variable
- mysql_real_escape_string()
- self-defined check
Rescure
yesterday, a power failure caused raid disk drop and mysql innodb trunction failure, after we rebuild the raid, the mysql is down. i did the following step to restore our mysql data.
- add innodb_force_recovery = 4 to [mysqld] group of /etc/mysql/my.cnf
- start mysql
- mysqldump -uroot -p -A > dump.sql
- cp /var/lib/mysql/ib* ./
- service mysql stop
- comment the innodb_force_recovery
- aptitude purge mysql-server-5.5
- rm -rf /var/lib/mysql /etc/mysql
- aptitude install mysql-server-5.5
- config /etc/mysql/my.cnf
- mysql -uroot -p < dump.sql
- enter mysql, flush privileges; grant all privileges on databasename.* to user@’%’ identified by ‘password’;
and data is restored. but i think this is not the best way.
i tried to just drop the corrupted database but failed, and aptitude purge will not remove the setting files, then even installation success, it cannot restore the data, i don’t know why, so i just remove all the files related to mysql.