Menu
select * from Employees where Name = 'John' or ''=''
This statement retrieves all employees in the table.
I couldn't understand how ''='' is interpreted? Could you please explain?
302
''='' is always true since it's comparing two empty string
So essentially ''='' is a Tautology and moreover you are using an OR condition and thus your entire condition is always true. Your WHERE can also be written like
where Name = 'John' or 1 = 1
Your query can just be select * from Employees as the WHERE condition is of no effect.
187
It's a pretty pointless where clause as it's searching for a name with:
where Name = 'John'
But it's also searching with an expression that always returns true:
or '' = ''
So all data would be returned regardless.
There should be no reason to include the second part unless this where clause is generated on the fly somewhere and the name filter is optional. Having the always true part included would prevent an error if names were not being filtered. Even still, I would question its use as it would return extra data.
If it is a generated where clause and it is required, it might be more logical to do:
or 1=2
Then you won't return extra data.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
