当field = 0时，mySQL返回所有行 [英] mySQL returns all rows when field=0

问题描述

我正在做一些测试，当我查询一个表时，这很令人惊讶，查询SELECT * FROM table WHERE email=0返回了表中的所有行.

I was making some tests, and it was a surprise when i was querying a table, and the query SELECT * FROM table WHERE email=0 returned all rows from the table.

此表没有'0'值，并且使用常规电子邮件填充.

This table has no '0' values and it's populated with regular e-mails.

为什么会这样?这可能会导致严重的安全问题.

Why this happens? This can lead to serious security problems.

有没有一种方法可以避免这种情况而无需修改查询?

Is there a way to avoid this without modifying the query?

我在这里想念东西吗?

谢谢.

推荐答案

这是因为它将电子邮件字段(我认为是varchar字段)转换为整数.任何没有有效整数的字段都将等于0.您应确保仅将字符串字段与字符串值进行比较(日期比较，日期比较).查询应如下.

This is because it is converting the email field (which I assume is a varchar field) to an integer. Any field without a valid integer will equate to 0. You should make sure that you only compare string fields to string values (same goes for dates, comparing to dates). The query should be as follows.

SELECT * FROM table WHERE email='0';

这篇关于当field = 0时，mySQL返回所有行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！