为什么 sql 查询 returns 一个值 if where 子句是零整数?
Why sql query returns a value if where clause is integer with zero?
我有一个mysql字段类型,它的名字是code,类型是int(11) 我用这个学说dql:
$dql = "SELECT u.id, u.password, u.lastLoginIp, u.lastLoginDate FROM Entities\User u WHERE u.status = '1' AND (u.code = ?1 OR u.email = :n OR u.secretKey = :n)";
$query = $this->_em->createQuery($dql);
$query->setParameter('n', $this->username);
$query->setParameter(1, (int)$this->username);
$query->setMaxResults(1);
$results = $query->getArrayResult();
print_r($results);
但是无论我作为 $this->username 传递任何值、整数或字符串,它仍然会找到代码字段值为 0 的记录。为什么会发生这种情况?我可能必须添加代码字段是 mysql.
中的 UNIQUE 键
假设您 table 是用户
您应该将参数设置为您需要的相同次数,例如:
$dql = "SELECT u.id, u.password, u.lastLoginIp, u.lastLoginDate
FROM User u WHERE u.status = '1' AND (u.code = :n0 OR u.email = :n1 OR u.secretKey = :n2)";
$query = $this->_em->createQuery($dql);
$query->setParameter('n0', $this->username);
$query->setParameter('n1', $this->your_code);
$query->setParameter('n2', $this->your_key);
$query->setMaxResults(1);
$results = $query->getArrayResult();
print_r($results);
我有一个mysql字段类型,它的名字是code,类型是int(11) 我用这个学说dql:
$dql = "SELECT u.id, u.password, u.lastLoginIp, u.lastLoginDate FROM Entities\User u WHERE u.status = '1' AND (u.code = ?1 OR u.email = :n OR u.secretKey = :n)";
$query = $this->_em->createQuery($dql);
$query->setParameter('n', $this->username);
$query->setParameter(1, (int)$this->username);
$query->setMaxResults(1);
$results = $query->getArrayResult();
print_r($results);
但是无论我作为 $this->username 传递任何值、整数或字符串,它仍然会找到代码字段值为 0 的记录。为什么会发生这种情况?我可能必须添加代码字段是 mysql.
假设您 table 是用户 您应该将参数设置为您需要的相同次数,例如:
$dql = "SELECT u.id, u.password, u.lastLoginIp, u.lastLoginDate
FROM User u WHERE u.status = '1' AND (u.code = :n0 OR u.email = :n1 OR u.secretKey = :n2)";
$query = $this->_em->createQuery($dql);
$query->setParameter('n0', $this->username);
$query->setParameter('n1', $this->your_code);
$query->setParameter('n2', $this->your_key);
$query->setMaxResults(1);
$results = $query->getArrayResult();
print_r($results);