为什么 sql 查询会有“where 1 = 1”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/517107/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why would a sql query have "where 1 = 1"
提问by Jeremy Boyd
I was going through a few queries I am maintaining, and a programmer had put in the queries "where 1=1" to me that always seems to evaluate to true.
我正在经历一些我正在维护的查询,一个程序员向我输入了“where 1 = 1”的查询,这些查询似乎总是评估为真。
Are there benefits to this?
这样做有好处吗?
Duplicate:Why would someone use WHERE 1=1 AND in a SQL clause?
重复:为什么有人会在 SQL 子句中使用 WHERE 1=1 AND?
That question isn't an answer to this question.
这个问题不是这个问题的答案。
Where-clause:
Where-子句:
select * from table where 1=1 and sStatus not in ('status1','status2','status3')
No programming or if statements to push an and in there. A straight query.
没有编程或 if 语句来推送和。直接查询。
If you could un-close this, I would like to know whether there is a purpose so that I may rewrite and remove the 1=1 if it is unnecessary.
如果您可以取消关闭它,我想知道是否有目的,以便我可以在不必要时重写并删除 1=1 。
回答by Tundey
Was it dynamic queries? Sometimes that's helpful when building dynamic queries based on parameters that are optional.
是动态查询吗?有时这在基于可选参数构建动态查询时很有帮助。
回答by Paul Dixon
If you are dynamically building a where clause, you can be a bit lazy and assume that every clause you add can be prefixed with "AND", e.g.
如果您正在动态构建 where 子句,您可能会有点懒惰,并假设您添加的每个子句都可以以“AND”为前缀,例如
$str="select foo from bar where 1=1";
if ($filter1)
{
$str.=" and col1='frobozz'";
}
回答by sth
If you automatically want to add restrictions to your query, it makes your live easier:
如果您想自动为查询添加限制,它会让您的生活更轻松:
string sql = "SELECT * FROM table WHERE 1=1";
if (someflag) {
sql += " AND valid = 1";
}
if (someotherflag) {
sql += " AND special = 1";
}
execute(sql);
Without WHERE 1 = 1you would in each case have to check if it's the first restriction you add (and then use WHERE ...) or if you already added some other restriction before (and then add AND ...).
如果没有,WHERE 1 = 1您将在每种情况下都必须检查它是否是您添加的第一个限制(然后使用WHERE ...),或者您之前是否已经添加了一些其他限制(然后添加AND ...)。
回答by Jay S
I use this for dynamic where clauses when I'm doing some lazy programming and don't want to always check if the clause is empty to determine if I now need an "AND" between my dynamic clauses.
当我在做一些懒惰的编程并且不想总是检查子句是否为空来确定我现在是否需要在我的动态子句之间使用“AND”时,我将它用于动态 where 子句。
回答by Shaun Bowe
This really only makes sense in dynamic queries. If you are adding parameters in a loop instead of having to check if there is a WHERE already you can just append AND Column = Value every time.
这仅在动态查询中才有意义。如果您在循环中添加参数而不必检查是否已经存在 WHERE,您可以每次都附加 AND Column = Value。
回答by cmsjr
I've seen two reasons for this, when you always want a true result, or when there is going to be an arbitrary number of "and condition = value" appended to the statement
我已经看到了两个原因,当你总是想要一个真实的结果,或者当有任意数量的“and condition = value”附加到语句时
回答by Nicholas Kreidberg
That is very interesting... The WHERE clause contains nothing but 1=1? I have seen this frequently in SQL injection attempts in which the WHERE clause is set to
xyz="something" OR 1=1;
as a means to always return a list of results.
这很有趣... WHERE 子句只包含 1=1?我在 SQL 注入尝试中经常看到这种情况,其中 WHERE 子句设置
xyz="something" OR 1=1;
为始终返回结果列表的一种方式。
Can you tell us more about what is going on with this query so we might be able to answer the question better?
你能告诉我们更多关于这个查询发生了什么,以便我们能够更好地回答这个问题吗?
- Nicholas
- 尼古拉斯
