Tuesday, 30 July 2013

WHAT IS - > " SELECT * FROM [TABLE_NAME] WHERE 1=1 " ??

What is

select * from xxx where 1=0 what does this mean?
also there is one
select * from yyy where 1=1

??
??

ANSWER ->


1. Select * from table where 1=0
return just header of the fields (attribute)
but with 0 rows

2. Select * from table where 1=1
return whole table entries
this is same as select * from table


Simple ans.

Logical ?

If the list of conditions is not known at compile time and is instead built at run time, you don't have to worry about whether you have one or more than one condition. You can generate them all like:
and <condition> 
and concatenate them all together. With the 1=1 at the start, the initial and has something to associate with.
I've never seen this used for any kind of injection protection, as you say it doesn't seem like it would help much. I have seen it used as an implementation convenience. The SQL query engine will end up ignoring the 1=1 so it should have no performance impact.

No comments:

Post a Comment