Subquery

Query that is used inside the main query as an output for comparasion. Eg: -

SELECT tracking-id FROM tracking-table WHERE trackingId = 'RvLfBu6s9EZRlVYN' and(**SELECT 'x' FROM users LIMIT 1**)='x'-- '
Green is the probable inbuit query
Red is our payload
**Bold** one is subquery in our payload

SQL Concatenation

  1. The CONCAT() function adds two or more strings together.
  2. The || operator allows you to add two or more strings together. Read Here.
  3. The CONCAT_WS() function adds two or more strings together with a separator.
  4. The GROUP_CONCAT() is also used to concatenate values across a table with a seperator. While CONCAT is used to combine values across columns, GROUP_CONCAT gives you the capability to combine values across rows. Read Here.

|| String Concatenation Operator - Oracle and MySQL

In Oracle you can use || operator to concatenate strings. In MySQL you have to use CONCAT function. Eg:

Untitled

Difference in MySQL and Oracle Syntax

Untitled

NULL of Oracle vs MySQL

In Oracle, a NULL value in any string expression is treated as '' (empty string).

Oracle:

SELECT 'The city' || ' is ' || NULL FROM dual;
# The city is
******But if **all** expressions evaluate to NULL, || returns NULL, not empty string.
SELECT NULL || NULL || NULL FROM dual;
# NULL
******In MySQL, CONCAT function returns NULL if **any** expression is NULL:

MySQL:

SELECT CONCAT('The city', ' is ', NULL);
# NULL
In MySQL, you have to use *IFNULL* function to replace **nullable** expressions with empty string to get the same result as in Oracle:
SELECT CONCAT('The city', ' is ', IFNULL(NULL, ''));
# The city is