INFORMATION_SCHEMA provides access to database metadata. Metadata is data about the data, such as the name of a database or table, the data type of a column, or access privileges. Other terms that sometimes are used for this information are data dictionary and system catalog. INFORMATION_SCHEMA is the information database, the place that stores information about all the other databases that the MySQL server maintains. Inside INFORMATION_SCHEMA there are several read-only tables. They are actually views, not base tables, so there are no files associated with them.
How to retrieve all database name fromĀ INFORMATION_SCHEMA:
SELECT schema_name FROM INFORMATION_SCHEMA.schemata
After we got database name, now we can get all tables from that database:
SELECT table_name FROM INFORMATION_SCHEMA.tables where table_schema = 'the_database_name'
After we got all the tables name from the database, we can retrieve all column name with the data type:
SELECT column_name, column_type FROM INFORMATION_SCHEMA.columns where table_schema = 'the_database_name' AND table_name = 'the_table_name'
Okay that’s the basic of how to get some of database information from the Information_Schema, there are still lots of other information you can get from the Information_Schema.
So if your website is vulnerable to SQL Injection, the attacker can easily get your database schema from this technique. So please keep up to date your system and keep backup regularly.
Thanks Sir, it is very usefull.
thanx a lot….its good to have such website.