String sql = "select * from sys_user where 1=2"与String sql = "select * from sys_user where 1=1的对比介绍
2017-09-11 08:55
369 查看
今天在公司的项目中看到String sql = "select * from sys_user where 1=2";还有String sql = "select * from sys_user where 1=1";这些sql语句,看了半天不大明白什么意思,请教了一下大佬,总结整理了一下;
String sql = "select * from sys_user where 1=2和
String sql = "select * from sys_user where 1=1的比较;
相同点:可以拼接字符串;
比如:
String sql="select * from user where 1=1 ";
if(username!=null) sql=sql+ " and username='"+username+"'";
if(password!=null) sql=sql+ " and password='"+password+"'";
select id from sys_user where 1=1
<if test="username !=null and password != ''">
AND name = #{name}
</if>
<if test="firstType !=null and firstType != ''">
AND firstType = #{firstType}
</if>
<if test="secondType !=null and secondType != ''">
AND secondType = #{secondType}
</if>
因为我这里是动态查询,假如第一个条件不成立,那么如果我没有使用 1 = 1 ,
我的SQL就会变成 select XXX from XXX where and XXXX ,
如果我加了1 = 1,就会变成 select XXX from XXX where 1 = 1 and XXXX;
从这里面可以看出在动态sql中.加了这个1=1是可以拼接sql语句的;
不同点:
String sql="select * from user where 1=1 ";
此sql返回的永远为真,也就是true,
可以理解为条件永远为真,查出的是所有数据;
相当于String sql="select * from user;
比如:
String sql="select * from user where 1=1 ";
if(username!=null) sql=sql+ " and username='"+username+"'";
if(password!=null) sql=sql+ " and password='"+password+"'";
后面两个条件username,password两者都为空也是可以查询的,因为还有前面的查询条件;
String sql = "select * from sys_user where 1=2
此sql返回的永远为假,也就是false,
可以理解为where条件不成立,虽然执行了查询,但是返回的是空数据;
使用这句sql永远不能查询到数据;
建议使用上面的1=1好点;
附:本人菜鸟如有错误欢迎指正,谢谢诸位大佬;
String sql = "select * from sys_user where 1=2和
String sql = "select * from sys_user where 1=1的比较;
相同点:可以拼接字符串;
比如:
String sql="select * from user where 1=1 ";
if(username!=null) sql=sql+ " and username='"+username+"'";
if(password!=null) sql=sql+ " and password='"+password+"'";
select id from sys_user where 1=1
<if test="username !=null and password != ''">
AND name = #{name}
</if>
<if test="firstType !=null and firstType != ''">
AND firstType = #{firstType}
</if>
<if test="secondType !=null and secondType != ''">
AND secondType = #{secondType}
</if>
因为我这里是动态查询,假如第一个条件不成立,那么如果我没有使用 1 = 1 ,
我的SQL就会变成 select XXX from XXX where and XXXX ,
如果我加了1 = 1,就会变成 select XXX from XXX where 1 = 1 and XXXX;
从这里面可以看出在动态sql中.加了这个1=1是可以拼接sql语句的;
不同点:
String sql="select * from user where 1=1 ";
此sql返回的永远为真,也就是true,
可以理解为条件永远为真,查出的是所有数据;
相当于String sql="select * from user;
比如:
String sql="select * from user where 1=1 ";
if(username!=null) sql=sql+ " and username='"+username+"'";
if(password!=null) sql=sql+ " and password='"+password+"'";
后面两个条件username,password两者都为空也是可以查询的,因为还有前面的查询条件;
String sql = "select * from sys_user where 1=2
此sql返回的永远为假,也就是false,
可以理解为where条件不成立,虽然执行了查询,但是返回的是空数据;
使用这句sql永远不能查询到数据;
建议使用上面的1=1好点;
附:本人菜鸟如有错误欢迎指正,谢谢诸位大佬;
相关文章推荐
- string strSQL = "Select * From Employees;Select * from Customers";执行两次查询
- """select * from TRACEUSER where STARTIME >=#2008-8-8 8:00:00# and STARTIME <= #2008-9-3 15:25:42#"""""
- strSQL = "Select * From " & strTableName & " Where False "
- SQL 指令:SELECT "栏位名" FROM "表格名" WHERE "条件"
- sql 语句中 id< ;SELECT * FROM t_blog WHERE id<#{id} ORDER BY id DESC LIMIT 1
- PL/Sql不能用select * INTO t_s_userbak from t_s_user
- PL/SQL cursor 游标 where条件接收形参为VARCHAR 不能正常执行的问题 SELECT ContactNameC FROM MTContact WHERE objectno
- if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[PerPer
- hiveserver2启动:javax.jdo.JDODataStoreException: Error executing SQL query "select "DB_ID" from "DBS""
- select .. where name = "+ Request.QueryString["name"]的后果?
- select * from dbo.sysobjects where type not in('S','D','K')
- select userenv("language") from dual
- if exists (select * from dbo.sysobjects where id = object_id ..
- dz论坛SQL:SELECT value FROM [Table]vars WHERE name=\'noteexists1\'解决方法
- SQL查询语句中select from where group by having order by的执行顺序
- 请问sql开源框架ActiveAndroid怎么进行查找select from where
- SQL 中用法详解 string where = " where 1=1 ";
- 有多少行? SELECT rows FROM sysindexes WHERE id = OBJECT_ID('table_name') AND indid < 2
- discuz搬家后报错SQL:SELECT value FROM [Table]vars WHERE name=’noteexists1′的解决办法
- SQL查找表指定部分,where后条件不确定:select * from table where 1='1';