Академический Документы
Профессиональный Документы
Культура Документы
RDBMS
RDBMS stands for Relational Database Management System.
RDBMS is the basis for SQL, and for all modern database systems such as MS SQL Server, IBM
DB2, Oracle, MySQL, and Microsoft Access.
The data in RDBMS is stored in database objects called tables.
A table is a collection of related data entries and it consists of columns and rows.
Database Tables
A database most often contains one or more tables. Each table is identified by a name (e.g.
"Customers" or "Orders"). Tables contain records (rows) with data.
In this tutorial we will use the well-known Northwind sample database (included in MS Access and MS
SQL Server).
Below is a selection from the "Customers" table:
CustomerIDCustomerName
ContactName Address
City
PostalCodeCountry
Alfreds Futterkiste
Berlin
12209
Ana Trujillo
Emparedados y
helados
Germany
Ana Trujillo
Avda. de la
Constitucin
2222
Mxico
05021
D.F.
Mexico
Antonio Moreno
Taquera
Antonio
Moreno
Mataderos 2312
Mxico
05023
D.F.
Mexico
UK
Berglunds snabbkp
Christina
Berglund
Sweden
Berguvsvgen 8 Lule
S-958 22
The table above contains five records (one for each customer) and seven columns (CustomerID,
CustomerName, ContactName, Address, City, PostalCode, and Country).
SQL Statements
Most of the actions you need to perform on a database are done with SQL statements.
The following SQL statement selects all the records in the "Customers" table:
Example
SELECT * FROM Customers;
Try it yourself
In this tutorial we will teach you all about the different SQL statements.
and
Demo Database
C
u
s
t
o
m
e
rI
D
C
u
s
t
o
m
e
r
N
a
m
e
C
o
n
t
a
c
t
N
a
m
e
A
d
d
r
e
s
s
City
P
o
st
al
C
o
d
e
Co
unt
ry
Berli
Ge
l
f
r
e
d
s
a
r
i
a
b
e
r
e
A
n
d
e
r
s
S
t
r
.
5
7
A
n
a
A
n
a
Mx
ico
D.F.
T
r
u
j
i
l
l
o
T
r
u
ji
ll
o
A
v
d
a
.
d
e
F
u
t
t
e
r
k
i
s
t
e
2
E
m
p
a
r
e
d
a
d
o
s
y
h
l
a
C
o
n
s
ti
t
u
c
i
n
2
2
2
2
2
2
0
9
0
5
0
2
1
rm
any
Me
xic
o
e
l
a
d
o
s
A
n
t
o
n
i
o
M
o
r
e
n
o
T
a
q
u
e
r
a
A
r
o
u
n
d
t
h
e
H
o
r
n
A
n
t
o
n
i
o
M
o
r
e
n
o
T
h
o
m
a
s
H
a
r
d
y
M
a
t
a
d
e
r
o
s
2
3
1
2
Mx
ico
D.F.
0
5
0
2
3
Me
xic
o
Lon
don
W
A
1
1
D
P
UK
Lule
Sw
1
2
0
H
a
n
o
v
e
r
S
q
.
B
e
r
g
l
u
n
d
s
s
n
a
b
b
k
h
r
i
s
ti
n
a
B
e
r
g
l
u
n
d
e
r
g
u
v
s
v
g
e
n
9
5
8
2
2
Example
SELECT * Example
The following SQL statement selects all the columns from the "Customers" table:
Example
ed
en
Navigation in a Result-set
Most database software systems allow navigation in the result-set with programming
functions, like: Move-To-First-Record, Get-Record-Content, Move-To-Next-Record, etc.
Programming functions like these are not a part of this tutorial. To learn about accessing
data with function calls, please visit our ASP tutorial or our PHP tutorial.
The SELECT DISTINCT statement is used to return only distinct (different) values.
Example
SELECT DISTINCT City FROM Customers;
Try it yourself
Example
SELECT * FROM Customers
WHERE Country='Mexico';
Try it yourself
Example
SELECT * FROM Customers
WHERE CustomerID=1;
Try it yourself
Description
Equal
<>
>
Greater than
<
Less than
>=
<=
BETWEEN
LIKE
IN
The AND & OR operators are used to filter records based on more than one condition.
Example
SELECT * FROM Customers
WHERE Country='Germany'
AND City='Berlin';
Try it yourself
OR Operator Example
The following SQL statement selects all customers from the city "Berlin" OR "Mnchen", in the
"Customers" table:
Example
SELECT * FROM Customers
WHERE City='Berlin'
OR City='Mnchen';
Try it yourself
Example
SELECT * FROM Customers
WHERE Country='Germany'
AND (City='Berlin' OR City='Mnchen');
Try it yourself
ORDER BY Example
The following SQL statement selects all customers from the "Customers" table, sorted by the
"Country" column:
Example
SELECT * FROM Customers
ORDER BY Country;
Try it yourself
Example
SELECT * FROM Customers
ORDER BY Country DESC;
Try it yourself
Example
SELECT * FROM Customers
ORDER BY Country,CustomerName;
Try it yourself
The first form does not specify the column names where the data will be inserted, only their
values:
INSERT INTO table_name
VALUES (value1,value2,value3,...);
The second form specifies both the column names and the values to be inserted:
INSERT INTO table_name (column1,column2,column3,...)
VALUES (value1,value2,value3,...);
Example
INSERT INTO Customers (CustomerName, ContactName, Address, City, PostalCode,
Country)
VALUES ('Cardinal','Tom B. Erichsen','Skagen 21','Stavanger','4006','Norway');
Try it yourself
The selection from the "Customers" table will now look like this:
CustomerIDCustomerName
ContactName Address
City
PostalCodeCountry
87
Wartian Herkku
Pirkko
Koskitalo
Torikatu 38
Oulu
90110
88
Wellington
Importadora
Paula Parente
Rua do
Mercado, 12
89
White Clover
Markets
Karl Jablonski
98128
USA
90
Wilman Kala
Matti
Karttunen
Keskuskatu 45 Helsinki
21240
Finland
91
Wolski
Zbyszek
ul. Filtrowa 68
Walla
01-012
Poland
92
Cardinal
Tom B.
Erichsen
Skagen 21
Stavanger4006
Finland
Norway
Did you notice that we did not insert any number into the CustomerID field?
The CustomerID column is automatically updated with a unique number for each
record in the table.
Example
INSERT INTO Customers (CustomerName, City, Country)
VALUES ('Cardinal', 'Stavanger', 'Norway');
Try it yourself
The selection from the "Customers" table will now look like this:
CustomerIDCustomerName
ContactName Address
City
PostalCod
Country
e
87
Wartian Herkku
Pirkko
Koskitalo
Torikatu 38
Oulu
90110
88
Wellington
Importadora
Paula Parente
Rua do Mercado,
Resende 08737-363 Brazil
12
89
White Clover
Markets
Karl Jablonski
98128
USA
90
Wilman Kala
Matti
Karttunen
Keskuskatu 45
Helsinki
21240
Finland
91
Wolski
Zbyszek
ul. Filtrowa 68
Walla
01-012
Poland
92
Cardinal
null
null
Stavangernull
Finland
Norway
Example
UPDATE Customers
SET ContactName='Alfred Schmidt', City='Hamburg'
WHERE CustomerName='Alfreds Futterkiste';
Try it yourself
The selection from the "Customers" table will now look like this:
Update Warning!
Be careful when updating records. If we had omitted the WHERE clause, in the example above,
like this:
UPDATE Customers
SET ContactName='Alfred Schmidt', City='Hamburg';
The "Customers" table would have looked like this:
Example
DELETE FROM Customers
WHERE CustomerName='Alfreds Futterkiste' AND ContactName='Maria Anders';
Server Code
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
The example above, creates a select statement by adding a variable (txtUserId) to a select string. The
variable is fetched from the user input (Request) to the page.
The rest of this chapter describes the potential dangers of using user input in SQL statements.
SQL Injection
SQL injection is a technique where malicious users can inject SQL commands into an SQL statement,
via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.
Server Result
SELECT * FROM Users WHERE UserId = 105 or 1=1
The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true.
Does the example above seem dangerous? What if the Users table contains names and passwords?
The SQL statement above is much the same as this:
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1
A smart hacker might get access to all the user names and passwords in a database by simply
inserting 105 or 1=1 into the input box.
Password:
Server Code
uName = getRequestString("UserName");
uPass = getRequestString("UserPass");
sql = "SELECT * FROM Users WHERE Name ='" + uName + "' AND Pass ='" + uPass + "'"
A smart hacker might get access to user names and passwords in a database by simply inserting " or
""=" into the user name or password text box.
The code at the server will create a valid SQL statement like this:
Result
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
The result SQL is valid. It will return all rows from the table Users, since WHERE ""="" is always true.
Example
SELECT * FROM Users; DROP TABLE Suppliers
The SQL above will return all rows in the Users table, and then delete the table called Suppliers.
If we had the following server code:
Server Code
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
And the following input:
User id:
105; DROP TA
The code at the server would create a valid SQL statement like this:
Result
SELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers
The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters.
SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.
Another Example
txtNam = getRequestString("CustomerName");
txtAdd = getRequestString("Address");
txtCit = getRequestString("City");
txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)";
db.Execute(txtSQL,txtNam,txtAdd,txtCit);
You have just learned to avoid SQL injection. One of the top website vulnerabilities.
Examples
The following examples shows how to build parameterized queries in some common web languages.
SELECT STATEMENT IN ASP.NET:
txtUserId = getRequestString("UserId");
sql = "SELECT * FROM Customers WHERE CustomerId = @0";
command = new SqlCommand(sql);
command.Parameters.AddWithValue("@0",txtUserID);
command.ExecuteReader();
INSERT INTO STATEMENT IN ASP.NET:
txtNam = getRequestString("CustomerName");
txtAdd = getRequestString("Address");
txtCit = getRequestString("City");
txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)";
command = new SqlCommand(txtSQL);
command.Parameters.AddWithValue("@0",txtNam);
command.Parameters.AddWithValue("@1",txtAdd);
command.Parameters.AddWithValue("@2",txtCit);
command.ExecuteNonQuery();
INSERT INTO STATEMENT IN PHP:
The following SQL statement selects the two first records from the "Customers" table:
Example
SELECT TOP 2 * FROM Customers;
Try it yourself
Example
SELECT TOP 50 PERCENT * FROM Customers;
The LIKE operator is used in a WHERE clause to search for a specified pattern in a
column.
Example
SELECT * FROM Customers
WHERE City LIKE 's%';
Try it yourself
Tip: The "%" sign is used to define wildcards (missing letters) both before and after the pattern. You
will learn more about wildcards in the next chapter.
The following SQL statement selects all customers with a City ending with the letter "s":
Example
SELECT * FROM Customers
WHERE City LIKE '%s';
Try it yourself
The following SQL statement selects all customers with a Country containing the pattern "land":
Example
SELECT * FROM Customers
WHERE Country LIKE '%land%';
Try it yourself
Using the NOT keyword allows you to select records that do NOT match the pattern.
The following SQL statement selects all customers with Country NOT containing the pattern "land":
Example
SELECT * FROM Customers
WHERE Country NOT LIKE '%land%';
Try it yourself
A wildcard character can be used to substitute for any other character(s) in a string.
Description
[charlist]
[^charlist]
or
[!charlist]
Example
SELECT * FROM Customers
WHERE City LIKE 'ber%';
Try it yourself
The following SQL statement selects all customers with a City containing the pattern "es":
Example
SELECT * FROM Customers
WHERE City LIKE '%es%';
Try it yourself
Example
SELECT * FROM Customers
WHERE City LIKE '_erlin';
Try it yourself
The following SQL statement selects all customers with a City starting with "L", followed by any
character, followed by "n", followed by any character, followed by "on":
Example
SELECT * FROM Customers
WHERE City LIKE 'L_n_on';
Try it yourself
Example
The following SQL statement selects all customers with a City starting with "a", "b", or "c":
Example
SELECT * FROM Customers
WHERE City LIKE '[a-c]%';
Try it yourself
The following SQL statement selects all customers with a City NOT starting with "b", "s", or "p":
Example
SELECT * FROM Customers
WHERE City LIKE '[!bsp]%';
or
SELECT * FROM Customers
WHERE City NOT LIKE '[bsp]%';
Try it yourself
The IN Operator
The IN operator allows you to specify multiple values in a WHERE clause.
SQL IN Syntax
SELECT column_name(s)
FROM table_name
WHERE column_name IN (value1,value2,...);
IN Operator Example
The following SQL statement selects all customers with a City of "Paris" or "London":
Example
SELECT * FROM Customers
WHERE City IN ('Paris','London');
Try it yourself
Example
SELECT * FROM Products
WHERE Price BETWEEN 10 AND 20;
Try it yourself
Example
SELECT * FROM Products
WHERE Price NOT BETWEEN 10 AND 20;
Try it yourself
Example
SELECT * FROM Products
WHERE (Price BETWEEN 10 AND 20)
AND NOT CategoryID IN (1,2,3);
Try it yourself
Example
SELECT * FROM Products
WHERE ProductName BETWEEN 'C' AND 'M';
Try it yourself
Example
SELECT * FROM Products
WHERE ProductName NOT BETWEEN 'C' AND 'M';
Try it yourself
Sample Table
Below is a selection from the "Orders" table:
OrderID
CustomerID
EmployeeID
OrderDate
ShipperID
10248
90
7/4/1996
10249
81
7/5/1996
10250
34
7/8/1996
10251
84
7/9/1996
10252
76
7/10/1996
Example
SELECT * FROM Orders
WHERE OrderDate BETWEEN #07/04/1996# AND #07/09/1996#;
Try it yourself
Notice that the BETWEEN operator can produce different result in different
databases!
In some databases, BETWEEN selects fields that are between and excluding the test
values.
In other databases, BETWEEN selects fields that are between and including the test
values.
And in other databases, BETWEEN selects fields between the test values, including the
first test value and excluding the last test value.
Therefore: Check how your database treats the BETWEEN operator!
SQL Aliases
SQL aliases are used to give a database table, or a column in a table, a temporary name.
Basically aliases are created to make column names more readable.
Demo Database
In this tutorial we will use the well-known Northwind sample database.
Below is a selection from the "Customers" table:
C
u
s
t
o
m
e
rI
D
C
u
s
t
o
m
e
r
N
a
m
e
C
o
n
t
a
c
t
N
a
m
e
A
n
a
A
n
a
T
r
u
j
i
l
l
o
T
r
u
j
i
l
l
o
E
m
p
a
r
e
d
a
d
o
s
y
h
e
A
d
d
r
e
s
s
A
v
d
a.
d
e
la
C
o
n
st
it
u
ci
n
2
2
2
2
City
Mx
ico
D.F.
P
o
s
t
al
C
o
d
e
0
5
0
2
1
Co
unt
ry
Me
xic
o
l
a
d
o
s
A
n
t
o
n
i
o
M
o
r
e
n
o
T
a
q
u
e
r
a
A
r
o
u
n
d
t
h
e
H
o
r
n
A
n
t
o
n
i
o
M
o
r
e
n
o
T
h
o
m
a
s
H
a
r
d
y
M
at
a
d
er
o
s
2
3
1
2
1
2
0
H
a
n
o
v
e
r
S
q.
Mx
ico
D.F.
0
5
0
2
3
Me
xic
o
Lon
don
W
A
1
1
D
P
UK
O
r
d
e
rI
D
1
0
3
5
4
1
0
3
5
5
1
0
3
5
6
Cust
ome
rID
58
86
Emp
loye
eID
Or
der
Dat
e
Shi
pp
erI
D
199
61114
199
61115
199
61118
Example
SELECT CustomerName AS Customer, ContactName AS [Contact
Person]
FROM Customers;
Try it yourself
In the following SQL statement we combine four columns (Address, City, PostalCode, and
Country) and create an alias named "Address":
Example
SELECT CustomerName, Address+', '+City+', '+PostalCode+',
'+Country AS Address
FROM Customers;
Try it yourself
Note: To get the SQL statement above to work in MySQL use the following:
SELECT CustomerName, CONCAT(Address,', ',City,', ',PostalCode,',
',Country) AS Address
FROM Customers;
Example
SELECT o.OrderID, o.OrderDate, c.CustomerName
FROM Customers AS c, Orders AS o
WHERE c.CustomerName="Around the Horn" AND
c.CustomerID=o.CustomerID;
Try it yourself
Example
SELECT Orders.OrderID, Orders.OrderDate, Customers.CustomerName
FROM Customers, Orders
WHERE Customers.CustomerName="Around the Horn" AND
Customers.CustomerID=Orders.CustomerID;
Try it yourself
SQL JOIN
An SQL JOIN clause is used to combine rows from two or more tables, based on a common field
between them.
The most common type of join is: SQL INNER JOIN (simple join). An SQL INNER JOIN return all
rows from multiple tables where the join condition is met.
Let's look at a selection from the "Orders" table:
OrderID
CustomerID
OrderDate
10308
1996-09-18
10309
37
1996-09-19
10310
77
1996-09-20
ContactName
Country
Alfreds Futterkiste
Maria Anders
Germany
Ana Trujillo
Mexico
Antonio Moreno
Mexico
Notice that the "CustomerID" column in the "Orders" table refers to the "CustomerID" in the
"Customers" table. The relationship between the two tables above is the "CustomerID" column.
Then, if we run the following SQL statement (that contains an INNER JOIN):
Example
SELECT Orders.OrderID, Customers.CustomerName, Orders.OrderDate
FROM Orders
INNER JOIN Customers
ON Orders.CustomerID=Customers.CustomerID;
Try it yourself
CustomerName
OrderDate
10308
9/18/1996
10365
11/27/1996
10383
12/16/1996
10355
11/15/1996
10278
Berglunds snabbkp
8/12/1996
INNER JOIN: Returns all rows when there is at least one match in BOTH tables
LEFT JOIN: Return all rows from the left table, and the matched rows from the right table
RIGHT JOIN: Return all rows from the right table, and the matched rows from the left
table
FULL JOIN: Return all rows when there is a match in ONE of the tables
or:
SELECT column_name(s)
FROM table1
JOIN table2
ON table1.column_name=table2.column_name;
PS! INNER JOIN is the same as JOIN.
Demo Database
In this tutorial we will use the well-known Northwind sample database.
Below is a selection from the "Customers" table:
C
u
s
t
o
m
e
rI
D
C
u
s
t
o
m
e
r
N
a
m
e
A
l
f
r
e
d
s
F
u
t
t
e
r
k
i
s
t
e
C
o
n
t
a
c
t
N
a
m
e
M
a
r
i
a
A
n
d
e
r
s
A
n
a
A
n
a
T
r
u
j
i
l
l
o
T
r
u
j
i
l
l
o
A
d
d
r
e
s
s
O
b
er
e
S
tr.
5
7
A
v
d
a.
d
e
la
C
o
n
st
it
u
ci
City
P
o
st
al
C
o
d
e
Co
un
try
Berli
n
1
2
2
0
9
Ge
rm
an
y
Mx
ico
D.F.
0
5
0
2
1
Me
xic
o
m
p
a
r
e
d
a
d
o
s
n
2
2
2
2
y
h
e
l
a
d
o
s
A
n
t
o
n
i
o
A
n
t
o
n
i
o
M
o
r
e
n
o
M
at
a
d
er
o
s
2
3
1
2
M
o
r
e
n
o
T
a
q
u
e
r
Mx
ico
D.F.
0
5
0
2
3
Me
xic
o
Cust
Emp
Or
Shi
r
d
e
rI
D
1
0
3
0
8
1
0
3
0
9
1
0
3
1
0
ome
rID
37
77
loye
eID
der
Dat
e
pp
erI
D
199
60918
199
60919
199
60920
Example
SELECT Customers.CustomerName, Orders.OrderID
FROM Customers
INNER JOIN Orders
ON Customers.CustomerID=Orders.CustomerID
ORDER BY Customers.CustomerName;
Try it yourself
Note: The INNER JOIN keyword selects all rows from both tables as long as there is a match
between the columns. If there are rows in the "Customers" table that do not have matches in
"Orders", these customers will NOT be listed.
Demo Database
In this tutorial we will use the well-known Northwind sample database.
Below is a selection from the "Customers" table:
C
u
s
t
o
m
e
rI
D
C
u
s
t
o
m
e
r
N
a
m
e
A
l
f
r
e
d
s
C
o
n
t
a
c
t
N
a
m
e
M
a
r
i
a
A
n
A
d
d
r
e
s
s
O
b
er
e
S
tr.
5
City
Berli
n
P
o
st
al
C
o
d
e
1
2
2
0
9
Co
un
try
Ge
rm
an
y
F
u
t
t
e
r
k
i
s
t
e
d
e
r
s
A
n
a
T
r
u
j
i
l
l
o
E
m
p
a
r
e
d
a
d
o
s
y
h
e
l
a
d
o
s
A
n
a
T
r
u
j
i
l
l
o
A
v
d
a.
d
e
la
C
o
n
st
it
u
ci
n
2
2
2
2
Mx
ico
D.F.
0
5
0
2
1
Me
xic
o
A
n
t
o
n
i
o
A
n
t
o
n
i
o
M
o
r
e
n
o
M
at
a
d
er
o
s
2
3
1
2
M
o
r
e
n
o
T
a
q
u
e
r
Mx
ico
D.F.
0
5
0
2
3
Me
xic
o
Emp
loye
eID
Or
der
Dat
e
Shi
pp
erI
D
199
60918
37
199
60919
77
Cust
ome
rID
199
609-
1
0
20
Example
SELECT Customers.CustomerName, Orders.OrderID
FROM Customers
LEFT JOIN Orders
ON Customers.CustomerID=Orders.CustomerID
ORDER BY Customers.CustomerName;
Try it yourself
Note: The LEFT JOIN keyword returns all the rows from the left table (Customers), even if there
are no matches in the right table (Orders).
Demo Database
In this tutorial we will use the well-known Northwind sample database.
Below is a selection from the "Orders" table:
O
r
d
e
rI
D
1
0
3
0
8
1
0
3
0
9
1
0
3
1
0
Cust
ome
rID
37
77
Emp
loye
eID
Or
der
Dat
e
Shi
pp
erI
D
199
60918
199
60919
199
60920
L
a
s
t
N
a
m
e
F
i
r
s
t
N
a
m
e
B
i
r
t
h
D
a
t
e
P
h
o
t
o
N
ot
e
s
D
a
v
N
a
n
1
2
/
E
m
p
E
d
u
o
l
i
o
c
y
F
u
l
l
e
r
A
n
d
r
e
w
8
/
1
9
6
8
2
/
1
9
/
1
9
5
2
I
D
1
.
p
i
c
E
m
p
I
D
2
.
p
i
c
c
at
io
n
in
cl
u
d
e
s
a
B
A
in
p
sy
c
h
ol
o
gy
...
..
A
n
dr
e
w
re
c
ei
v
e
d
hi
s
B
T
S
c
o
m
m
er
ci
al
a
n
d.
...
L
e
v
e
r
l
i
n
g
J
a
n
e
t
8
/
3
0
/
1
9
6
3
E
m
p
I
D
3
.
p
i
c
Example
SELECT Orders.OrderID, Employees.FirstName
FROM Orders
RIGHT JOIN Employees
ON Orders.EmployeeID=Employees.EmployeeID
ORDER BY Orders.OrderID;
Try it yourself
J
a
n
et
h
a
s
a
B
S
d
e
gr
e
e
in
c
h
e
m
ist
ry
...
.
Note: The RIGHT JOIN keyword returns all the rows from the right table (Employees), even if
there are no matches in the left table (Orders).
Demo Database
In this tutorial we will use the well-known Northwind sample database.
Below is a selection from the "Customers" table:
C
u
s
t
o
m
e
rI
D
C
u
s
t
o
m
e
r
N
a
m
e
C
o
n
t
a
c
t
N
a
m
e
A
d
d
r
e
s
s
City
P
o
st
al
C
o
d
e
Co
un
try
A
l
f
r
e
d
s
F
u
t
t
e
r
k
i
s
t
e
M
a
r
i
a
A
n
d
e
r
s
A
n
a
A
n
a
T
r
u
j
i
l
l
o
T
r
u
j
i
l
l
o
E
m
p
a
r
e
d
a
d
o
s
y
O
b
er
e
S
tr.
5
7
A
v
d
a.
d
e
la
C
o
n
st
it
u
ci
n
2
2
2
2
Berli
n
Mx
ico
D.F.
1
2
2
0
9
0
5
0
2
1
Ge
rm
an
y
Me
xic
o
h
e
l
a
d
o
s
A
n
t
o
n
i
o
A
n
t
o
n
i
o
M
o
r
e
n
o
M
at
a
d
er
o
s
2
3
1
2
M
o
r
e
n
o
T
a
q
u
e
r
Mx
ico
D.F.
0
5
0
2
3
Me
xic
o
Cust
ome
rID
Emp
loye
eID
Or
der
Dat
e
Shi
pp
erI
D
1
0
3
0
8
199
60918
37
199
0
3
0
9
60919
1
0
3
1
0
199
60920
77
OrderID
Alfreds Futterkiste
Ana Trujillo Emparedados y helados
10308
10365
10382
10351
Note: The FULL OUTER JOIN keyword returns all the rows from the left table (Customers), and
all the rows from the right table (Orders). If there are rows in "Customers" that do not have
matches in "Orders", or if there are rows in "Orders" that do not have matches in "Customers",
those rows will be listed as well.
The SQL UNION operator combines the result of two or more SELECT statements.
Notice that each SELECT statement within the UNION must have the same number of columns.
The columns must also have similar data types. Also, the columns in each SELECT statement
must be in the same order.
Demo Database
In this tutorial we will use the well-known Northwind sample database.
Below is a selection from the "Customers" table:
C
u
s
t
o
m
e
rI
D
C
u
s
t
o
m
e
r
N
a
m
e
A
l
f
r
e
d
s
F
u
C
o
n
t
a
c
t
N
a
m
e
M
a
r
i
a
A
n
d
e
A
d
d
r
e
s
s
O
b
er
e
S
tr.
5
7
City
Berli
n
P
o
st
al
C
o
d
e
1
2
2
0
9
Co
un
try
Ge
rm
an
y
t
t
e
r
k
i
s
t
e
r
s
A
n
a
T
r
u
j
i
l
l
o
E
m
p
a
r
e
d
a
d
o
s
A
n
a
T
r
u
j
i
l
l
o
y
h
e
l
a
d
o
s
3
A
n
A
n
A
v
d
a.
d
e
la
C
o
n
st
it
u
ci
n
2
2
2
2
M
at
Mx
ico
D.F.
0
5
0
2
1
Me
xic
o
Mx
ico
0
5
Me
xic
t
o
n
i
o
M
o
r
e
n
o
T
a
q
u
e
r
t
o
n
i
o
M
o
r
e
n
o
a
d
er
o
s
2
3
1
2
D.F.
0
2
3
Cit
y
P
o
s
t
a
l
C
o
d
e
Co
un
try
S
u
p
pl
ie
rI
D
S
u
p
p
l
i
e
r
N
a
m
e
E
x
o
t
i
c
L
i
q
u
C
o
n
t
a
c
t
N
a
m
e
C
h
a
r
l
o
t
t
e
C
Ad
dr
es
s
49
Gil
ber
t
St.
Lo
nd
on
a
E
C
1
4
S
D
UK
i
d
o
o
p
e
r
N
e
w
O
r
l
e
a
n
s
2
C
a
j
u
n
D
e
l
i
g
h
t
s
G
r
a
n
d
m
a
K
e
l
l
y
'
S
h
e
l
l
e
y
B
u
r
k
e
R
e
g
i
n
a
M
u
r
p
h
y
P.
O.
Bo
x
78
93
4
70
7
Ox
for
d
Rd
.
Ne
w
Orl
ea
ns
7
0
1
1
7
An
n
Arb
or
4
8
1
0
4
US
A
US
A
s
H
o
m
e
s
t
e
a
d
Example
SELECT City FROM Customers
UNION
SELECT City FROM Suppliers
ORDER BY City;
Try it yourself
Note: UNION cannot be used to list ALL cities from the two tables. If several customers and
suppliers share the same city, each city will only be listed once. UNION selects only distinct
values. Use UNION ALL to also select duplicate values!
Example
SELECT City FROM Customers
UNION ALL
SELECT City FROM Suppliers
ORDER BY City;
Try it yourself
Example
SELECT City, Country FROM Customers
WHERE Country='Germany'
UNION ALL
SELECT City, Country FROM Suppliers
WHERE Country='Germany'
ORDER BY City;
Try it yourself
With SQL, you can copy information from one table into another.
The SELECT INTO statement copies data from one table and inserts it into a new
table.
SELECT *
INTO CustomersBackup2013
FROM Customers;
Use the IN clause to copy the table into another database:
SELECT *
INTO CustomersBackup2013 IN 'Backup.mdb'
FROM Customers;
Copy only a few columns into the new table:
SELECT CustomerName, ContactName
INTO CustomersBackup2013
FROM Customers;
Copy only the German customers into the new table:
SELECT *
INTO CustomersBackup2013
FROM Customers
WHERE Country='Germany';
Copy data from more than one table into the new table:
SELECT Customers.CustomerName, Orders.OrderID
INTO CustomersOrderBackup2013
FROM Customers
LEFT JOIN Orders
ON Customers.CustomerID=Orders.CustomerID;
Tip: The SELECT INTO statement can also be used to create a new, empty table using the
schema of another. Just add a WHERE clause that causes the query to return no data:
SELECT *
INTO newtable
FROM table1
WHERE 1=0;
With SQL, you can copy information from one table into another.
The INSERT INTO SELECT statement copies data from one table and inserts it into
an existing table.
Or we can copy only the columns we want to into another, existing table:
INSERT INTO table2
(column_name(s))
SELECT column_name(s)
FROM table1;
Demo Database
In this tutorial we will use the well-known Northwind sample database.
Below is a selection from the "Customers" table:
C
u
s
t
o
m
e
rI
D
C
u
s
t
o
m
e
r
N
a
m
e
A
l
f
r
e
d
s
F
u
t
t
e
r
k
i
s
t
e
A
C
o
n
t
a
c
t
N
a
m
e
M
a
r
i
a
A
n
d
e
r
s
City
P
o
st
al
C
o
d
e
Co
un
try
O
b
er
e
S
tr.
5
7
Berli
n
1
2
2
0
9
Ge
rm
an
y
Mx
Me
A
d
d
r
e
s
s
n
a
T
r
u
j
i
l
l
o
E
m
p
a
r
e
d
a
d
o
s
n
a
T
r
u
j
i
l
l
o
y
h
e
l
a
d
o
s
3
A
n
t
o
n
i
o
A
n
t
o
n
i
o
M
o
r
e
n
M
o
r
e
n
v
d
a.
d
e
la
C
o
n
st
it
u
ci
n
2
2
2
2
M
at
a
d
er
o
s
2
3
1
2
ico
D.F.
Mx
ico
D.F.
5
0
2
1
0
5
0
2
3
xic
o
Me
xic
o
o
T
a
q
u
e
r
Su
pp
lie
rID
S
u
p
p
li
e
r
N
a
m
e
C
o
n
t
a
c
t
N
a
m
e
Add
res
s
City
Post
al
Cod
e
E
x
o
ti
c
L
i
q
u
i
d
C
h
a
rl
o
tt
e
C
o
o
p
e
r
49
Gilb
ert
St.
Lon
don
a
N
e
w
O
rl
e
a
n
S
h
el
le
y
B
u
r
k
P.O.
Box
789
34
New
Orle
ans
Cou
ntry
Pho
ne
EC1
4SD
UK
(171)
5552222
7011
7
US
A
(100)
5554822
s
C
a
j
u
n
D
e
li
g
h
t
s
G
r
a
n
d
m
a
K
e
ll
y
'
s
H
o
m
e
s
t
e
a
d
R
e
gi
n
a
M
u
r
p
h
y
707
Oxf
ord
Rd.
Ann
Arb
or
4810
4
US
A
Example
(313)
5555735
Example
INSERT INTO Customers (CustomerName, Country)
SELECT SupplierName, Country FROM Suppliers
WHERE Country='Germany';
Try it yourself
The data_type parameter specifies what type of data the column can hold (e.g. varchar, integer,
decimal, date, etc.).
The size parameter specifies the maximum length of the column of the table.
Tip: For an overview of the data types available in MS Access, MySQL, and SQL Server, go to
our complete Data Types Reference.
Example
CREATE TABLE Persons
(
PersonID int,
LastName varchar(255),
FirstName varchar(255),
Address varchar(255),
City varchar(255)
);
Try it yourself
Last
Nam
e
First
Nam
e
Ad
dre
ss
Tip: The empty table can be filled with data with the INSERT INTO statemenT
SQL Constraints
SQL constraints are used to specify rules for the data in a table.
C
i
t
y
If there is any violation between the constraint and the data action, the action is aborted by the
constraint.
Constraints can be specified when the table is created (inside the CREATE TABLE statement) or
after the table is created (inside the ALTER TABLE statement).
UNIQUE - Ensures that each row for a column must have a unique value
PRIMARY KEY - A combination of a NOT NULL and UNIQUE. Ensures that a column (or
combination of two or more columns) have an unique identity which helps to find a
particular record in a table more easily and quickly
FOREIGN KEY - Ensure the referential integrity of the data in one table to match values
in another table
DEFAULT - Specifies a default value when specified none for this column