Why would someone use WHERE 1=1 AND <conditions> in a SQL clause?
Posted
by Bogdan Maxim
on Stack Overflow
See other posts from Stack Overflow
or by Bogdan Maxim
Published on 2008-10-28T10:37:04Z
Indexed on
2010/05/24
17:31 UTC
Read the original article
Hit count: 200
sql
|dynamic-sql
Why would someone use WHERE 1=1 AND <conditions>
in a SQL clause (Either SQL obtained through concatenated strings, either view definition)
I've seen somewhere that this would be used to protect against SQL Injection, but it seems very weird.
If there is injection WHERE 1 = 1 AND injected OR 1=1
would have the same result as injected OR 1=1
.
Later edit: What about the usage in a view definition?
© Stack Overflow or respective owner