RE: Query Question

RE: Query Question

 

  

Hi,

It's actually used for to prevent SQL injection when building dynamic queries.

For example if someone's building a dynamic SQL query based on input from a web page someone could possible enter this value in the first field "Test' or 1=1 --" which will return every record in the query instead of the filtered (AND) records.

By using where 1=1 you could then in your dynamic script test each variable for a value, and if the value has been selected, then you generate an AND

Regards,

Joe

-----Original Message-----
From: Satheesh Kumar [mailto:mssqldba-ezmlmshield-x18535652.[Email address protected]
Sent: Thursday, 26 August 2004 7:40 PM
To: LazyDBA Discussion
Subject: RE: Query Question

Hi,
To handle cases for getting the record count.

Regards,
Satheesh Kumar.S
IT - Application Development
AXA Business Services
Bangalore, India
<<mailto:satheesh.[Email address protected]
Tel No: +91 80 56605198

-----Original Message-----
From: prakash
[mailto:mssqldba-ezmlmshield-x55741692.[Email address protected]
Sent: 26 August 2004 12:10
To: LazyDBA Discussion
Subject: Query Question


Hi All,

Why some people always use 1 =1 in there query. Any reasons behind this....

Example

Select * from [Table name]
Where 1 =1


Thanks
Prakash Zalkikar
SQL DBA
WebDirekt India Pvt LTD
C 1/19 Kumar City, Kalyani Nagar
Pune - 411014
Phone(O):- 91-20-27031240
Phone(R):- 91-20-27034557
Mobile:- 9422314041
mailto:- p.[Email address protected]






---------------------------------------------------------------------
TO REPLY TO EVERBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
Website : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html
For additional commands, e-mail: mssqldba-[Email address protected]


This message and any files transmitted with it are
confidential and intended solely for the individual or
entity to whom they are addressed. If you have
received this in error, you should not disseminate or
copy this email. Please notify the sender immediately
and delete this email from your system.

Please also note that any opinions presented in this
email are solely those of the author and do not
necessarily represent those of AXA Business Services.

Email transmission cannot be guaranteed to be secure,
or error free as information could be intercepted,
corrupted, lost, destroyed, late in arriving or incomplete
as a result of the transmission process. The sender
therefore does not accept liability for any errors or
omissions in the contents of this message which arise
as a result of email transmission.

Finally, the recipient should check this email and any
attachments for viruses. AXA Business Services
accept no liability for any damage caused by any virus
transmitted by this email.



---------------------------------------------------------------------
TO REPLY TO EVERBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
Website : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html
For additional commands, e-mail: mssqldba-[Email address protected]




MS Sql Server LazyDBA home page