What is
select * from xxx where 1=0 what does this mean?
also there is one
select * from yyy where 1=1
??
??
ANSWER ->
1. Select * from table where 1=0
return just header of the fields (attribute)
but with 0 rows
2. Select * from table where 1=1
return whole table entries
this is same as select * from table
Simple ans.
Logical ?
If the list of conditions is not known at compile time and is instead built at run time, you don't have to worry about whether you have one or more than one condition. You can generate them all like:
I've never seen this used for any kind of injection protection, as you say it doesn't seem like it would help much. I have seen it used as an implementation convenience. The SQL query engine will end up ignoring the
select * from xxx where 1=0 what does this mean?
also there is one
select * from yyy where 1=1
??
??
ANSWER ->
1. Select * from table where 1=0
return just header of the fields (attribute)
but with 0 rows
2. Select * from table where 1=1
return whole table entries
this is same as select * from table
Simple ans.
Logical ?
If the list of conditions is not known at compile time and is instead built at run time, you don't have to worry about whether you have one or more than one condition. You can generate them all like:
and <condition> 1=1 at the start, the initial and has something to associate with.I've never seen this used for any kind of injection protection, as you say it doesn't seem like it would help much. I have seen it used as an implementation convenience. The SQL query engine will end up ignoring the
1=1 so it should have no performance impact.
No comments:
Post a Comment