shengy
Reputation: 9749
What's MySQL's string compare rule?
Why does SELECT * FROM users WHERE password='a'='mm'; actually return rows?
And why doesn't SELECT * FROM users WHERE password='1'='1'; work?
What's the exact equal operator compare rule used?
UPDATE(INFORMATION OF TABLES AND ROWS ETC):
mysql> show tables;
+------------------+
| Tables_in_shengy |
+------------------+
| users |
+------------------+
1 row in set (0.00 sec)
mysql> describe users;
+----------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+----------+--------------+------+-----+---------+-------+
| username | varchar(255) | YES | | NULL | |
| password | varchar(255) | YES | | NULL | |
+----------+--------------+------+-----+---------+-------+
2 rows in set (0.01 sec)
mysql> select * from users;
+----------+----------+
| username | password |
+----------+----------+
| victim | 123456 |
+----------+----------+
1 row in set (0.00 sec)
Upvotes: 2
Views: 61
Answers (1)
juergen d
Reputation: 204904
MySQL converts compares to 0 and 1.
So password='a' evaluates to 0 (unless password actually is 'a').
Also MySQL tries to make comparisons between strings and numbers by converting the string to a number from its beginning.
So 0abc would be converted to 0. abc isn't a number at all and is also 0.
That means
password='a'='mm'
results in
0='mm'
and since mm does not have any leading digits, you get
0=0
which is true.
Upvotes: 4
Related Questions
- SQL query how to compare string
- MySQL Unexpected String Comparison Behavior
- How this query works in Mysql?
- Meaning of this SELECT statement, which does a comparison of two string values
- What is the purpose of this sort of SQL injection?
- Comparison of two strings in sql
- MySQL string comparison
- Compare two String with MySQL
- MYSQL - how to string comparisons and query?
- Mysql compare Strings