Why would someone use WHERE 1=1 AND in a SQL clause?

后端 未结 19 2017
甜味超标
甜味超标 2020-11-22 07:08

Why would someone use WHERE 1=1 AND in a SQL clause (Either SQL obtained through concatenated strings, either view definition)

I\'ve

相关标签:
19条回答
  • 2020-11-22 07:27

    While I can see that 1=1 would be useful for generated SQL, a technique I use in PHP is to create an array of clauses and then do

    implode (" AND ", $clauses);
    

    thus avoiding the problem of having a leading or trailing AND. Obviously this is only useful if you know that you are going to have at least one clause!

    0 讨论(0)
  • 2020-11-22 07:29

    Using a predicate like 1=1 is a normal hint sometimes used to force the access plan to use or not use an index scan. The reason why this is used is when you are using a multi-nested joined query with many predicates in the where clause where sometimes even using all of the indexes causes the access plan to read each table - a full table scan. This is just 1 of many hints used by DBAs to trick a dbms into using a more efficient path. Just don't throw one in; you need a dba to analyze the query since it doesn't always work.

    0 讨论(0)
  • 2020-11-22 07:31

    Why would someone use WHERE 1=1 AND <proper conditions>

    I've seen homespun frameworks do stuff like this (blush), as this allows lazy parsing practices to be applied to both the WHERE and AND Sql keywords.

    For example (I'm using C# as an example here), consider the conditional parsing of the following predicates in a Sql query string builder:

    var sqlQuery = "SELECT * FROM FOOS WHERE 1 = 1"
    if (shouldFilterForBars)
    {
        sqlQuery = sqlQuery + " AND Bars > 3";
    }
    if (shouldFilterForBaz)
    {
        sqlQuery = sqlQuery + " AND Baz < 12";
    }
    

    The "benefit" of WHERE 1 = 1 means that no special code is needed:

    • For AND - whether zero, one or both predicates (Bars and Baz's) should be applied, which would determine whether the first AND is required. Since we already have at least one predicate with the 1 = 1, it means AND is always OK.
    • For no predicates at all - In the case where there are ZERO predicates, then the WHERE must be dropped. But again, we can be lazy, because we are again guarantee of at least one predicate.

    This is obviously a bad idea and would recommend using an established data access framework or ORM for parsing optional and conditional predicates in this way.

    0 讨论(0)
  • 2020-11-22 07:31

    This is useful in a case where you have to use dynamic query in which in where clause you have to append some filter options. Like if you include options 0 for status is inactive, 1 for active. Based from the options, there is only two available options(0 and 1) but if you want to display All records, it is handy to include in where close 1=1. See below sample:

    Declare @SearchValue    varchar(8) 
    Declare @SQLQuery varchar(max) = '
    Select [FirstName]
        ,[LastName]
        ,[MiddleName]
        ,[BirthDate]
    ,Case
        when [Status] = 0 then ''Inactive''
        when [Status] = 1 then ''Active''
    end as [Status]'
    
    Declare @SearchOption nvarchar(100)
    If (@SearchValue = 'Active')
    Begin
        Set @SearchOption = ' Where a.[Status] = 1'
    End
    
    If (@SearchValue = 'Inactive')
    Begin
        Set @SearchOption = ' Where a.[Status] = 0'
    End
    
    If (@SearchValue = 'All')
    Begin
        Set @SearchOption = ' Where 1=1'
    End
    
    Set @SQLQuery = @SQLQuery + @SearchOption
    
    Exec(@SQLQuery);
    
    0 讨论(0)
  • 2020-11-22 07:34

    If the list of conditions is not known at compile time and is instead built at run time, you don't have to worry about whether you have one or more than one condition. You can generate them all like:

    and <condition>
    

    and concatenate them all together. With the 1=1 at the start, the initial and has something to associate with.

    I've never seen this used for any kind of injection protection, as you say it doesn't seem like it would help much. I have seen it used as an implementation convenience. The SQL query engine will end up ignoring the 1=1 so it should have no performance impact.

    0 讨论(0)
  • 2020-11-22 07:34

    Here is a use case... however I am not too concerned with the technicalities of why I should or not use 1 = 1. I am writing a function, using pyodbc to retrieve some data from SQL Server. I was looking for a way to force a filler after the where keyword in my code. This was a great suggestion indeed:

    if _where == '': _where = '1=1'
    ...
    ...
    ...
    cur.execute(f'select {predicate} from {table_name} where {_where}')
    

    The reason is because I could not implement the keyword 'where' together inside the _where clause variable. So, I think using any dummy condition that evaluates to true would do as a filler.

    0 讨论(0)
提交回复
热议问题