Home > Developer > PHP

Mysql comparison computation _ MySQL

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Mysql comparison calculation bitsCN.com

5up3rh3iblog

You can see interesting things in the blog of menzhi007:

Http: // database/201003/45293 .html

In the mysql manual:

Phpchina.com/manual/mysql/functions.html?comparison-operators ">Http://www.phpchina.com/manual/mysql/functions.html#comparison-operators

MySQL compares values according to the following rules:

  • If one or two parameters are NULL, the comparison result is NULL unless the NULL-safe <=> operator.
  • If both parameters in the same comparison operation are strings, the comparison is performed based on strings.
  • If both parameters are integers, compare them by integers.
  • When the hexadecimal value does not need to be compared as a number, it is processed according to the binary string.
  • If one of the parameters is a TIMESTAMP or DATETIME column, and the other parameters are constants, convert the constant to timestamp before comparison. This aims to make ODBC more smooth. Note that this is not suitable for parameters IN! To be more reliable, the complete datetime/date/time string is often used for comparison.
  • In other cases, parameters are compared as floating point numbers.

By default, strings are case-insensitive and use existing character sets (cp1252 Latin1 by default ).

For comparison, you can use the CAST () function to convert a value to another type. CONVERT string values into different character sets using CONVERT. SeeSection 12.8 "Cast functions and operators".

The following example shows how to convert a string to a number in a comparison operation:

Mysql>SELECT 1> 6x;

-> 0

Mysql>SELECT 7> 6x;

-> 1

Mysql>SELECT 0> x6;

-> 0

Mysql>SELECT 0 = x6;

-> 1

If you do not pay attention to this, it can indeed cause security problems. for example, if the column in menzhi007 does not have quotation marks for character variable query, but some functions are used to filter out the column, you cannot inject it directly, then you can directly submit 0 to bypass...

At last, I would like to thank menzhi007 and the big cows in the hi group for their discussion, especially ryat's guidance :)

BitsCN.com

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More