select''-''是什么意思 [英] what is the meaning of select ''-''
问题描述
有一篇关于SQL注入的文章:滥用 MySQL 字符串算法进行微小的 SQL 注入
There is an article about SQL injection: Abusing MySQL string arithmetic for tiny SQL injections
问题是,select ''-''
是什么意思?我用 MySQL 试了一下,它返回:
The question is, what is the meaning of select ''-''
? I try it with MySQL, and it returns:
mysql> select ''-'';
+-------+
| ''-'' |
+-------+
| 0 |
+-------+
1 row in set (0.00 sec)
发生了什么?0是什么意思?
What happend? What means that 0?
以及select '-'
的结果:
mysql> select '-';
+---+
| - |
+---+
| - |
+---+
1 row in set (0.00 sec)
我对这些结果感到非常困惑.
I am very confused about these result.
推荐答案
你从一个空字符串 ''
减去 -
到另一个:
You are minus -
from one empty string ''
to other:
请参阅以下内容:
mysql> select '';
+--+
| |
+--+
| |
+--+
1 row in set (0.00 sec)
mysql> select '3'-'2';
+---------+
| '3'-'2' |
+---------+
| 1 |
+---------+
1 row in set (0.00 sec)
但是如果它不是数字字符串,则警告:
But warning if its not a number string:
mysql> select 'a'-'b';
+---------+
| 'a'-'b' |
+---------+
| 0 |
+---------+
1 row in set, 2 warnings (0.00 sec)
两个警告:
mysql> SHOW WARNINGS LIMIT 2
-> ;
+---------+------+---------------------------------------+
| Level | Code | Message |
+---------+------+---------------------------------------+
| Warning | 1292 | Truncated incorrect DOUBLE value: 'a' |
| Warning | 1292 | Truncated incorrect DOUBLE value: 'b' |
+---------+------+---------------------------------------+
2 rows in set (0.00 sec)
为什么empty
字符串没有警告?
Why no warning for empty
string?
因为它的(casted something) 0
见下:
Where as there is no warning for empty string because its(casted something) 0
see below:
mysql> SELECT 0 = '';
+--------+
| 0 = '' |
+--------+
| 1 |
+--------+
1 row in set (0.00 sec)
因此通过执行 ''-''
你正在做 0 - 0
hence by doing ''-''
you are doing 0 - 0
mysql> SELECT '' - '';
+---------+
| '' - '' |
+---------+
| 0 |
+---------+
1 row in set (0.00 sec)
为了更清楚,我添加了以下示例(我觉得对您有帮助):
转化是如何发生的:
To be more clear I am adding following example (I feels will be helpful to you):
How conversion happen:
mysql> SELECT '0' = 0
-> ;
+---------+
| '0' = 0 |
+---------+
| 1 |
+---------+
1 row in set (0.00 sec)
注意它的转换:
mysql> SELECT '' = '0'
-> ;
+----------+
| '' = '0' |
+----------+
| 0 |
+----------+
1 row in set (0.00 sec)
''
转换成0
,'0'
转换成0
但''
不等于 '0'
''
converted into 0
, '0'
converted into 0
but ''
not equals to '0'
mysql> SELECT '1' = 1
-> ;
+---------+
| '1' = 1 |
+---------+
| 1 |
+---------+
1 row in set (0.00 sec)
mysql> SELECT '' = 1
-> ;
+--------+
| '' = 1 |
+--------+
| 0 |
+--------+
1 row in set (0.00 sec)
这篇关于select''-''是什么意思的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!