zoukankan      html  css  js  c++  java
  • MYSQL order by 排序的一个小问题探究

    小问题发现:

    select * from `sql` where id=1 order by (select 1 union select 2)     正常返回结果
    
    mysql> select * from `sql` where id=1 order by (select 1 union select 2);
    +----+------+
    | id | new  |
    +----+------+
    |  1 | test |
    +----+------+
    1 row in set
    
    mysql> select * from mysql.user where user='root' order by (select 1 union select 2);  报错
    1242 - Subquery returns more than 1 row

    我的理解应该是都会报 Subquery returns more than 1 row 但是从mysql的运行结果来看不是这样的

    继续看查询多条结果的情况

    mysql> select * from `sql` where id=1 order by (select 1 union select 2);
    +----+------+
    | id | new  |
    +----+------+
    |  1 | test |
    +----+------+
    1 row in set
    
    mysql> select * from `sql` order by (select 1 union select 2);
    1242 - Subquery returns more than 1 row
    mysql> select * from `sql` where id in(1,2) order by (select 1 union select 2);
    1242 - Subquery returns more than 1 row
    mysql> select * from `sql` where id in(1,2);
    +----+--------------------+
    | id | new                |
    +----+--------------------+
    |  1 | test               |
    |  2 | sqlinjection test2 |
    +----+--------------------+
    2 rows in set

    一条结果的时候不报错,多条结果报错。

    经过DBA大牛的指点,DBA这样说的:

    只要不走全表扫描,通过主键或者唯一索引能够定位到数据,就可以忽略后面的错误排序语法
    如果走全表扫描或者查询的数据不止一条,就有排序语法错误

    然后让执行  

    mysql> explain select * from `sql` where id=1;
    +----+-------------+-------+-------+---------------+---------+---------+-------+------+-------+
    | id | select_type | table | type  | possible_keys | key     | key_len | ref   | rows | Extra |
    +----+-------------+-------+-------+---------------+---------+---------+-------+------+-------+
    |  1 | SIMPLE      | sql   | const | PRIMARY       | PRIMARY | 4       | const |    1 |       |
    +----+-------------+-------+-------+---------------+---------+---------+-------+------+-------+
    1 row in set
    mysql> explain select * from `sql` where id=1;
    +----+-------------+-------+-------+---------------+---------+---------+-------+------+-------+
    | id | select_type | table | type  | possible_keys | key     | key_len | ref   | rows | Extra |
    +----+-------------+-------+-------+---------------+---------+---------+-------+------+-------+
    |  1 | SIMPLE      | sql   | const | PRIMARY       | PRIMARY | 4       | const |    1 |       |
    +----+-------------+-------+-------+---------------+---------+---------+-------+------+-------+
    1 row in set
    
    mysql> explain select * from `sql` where id in (1,2);
    +----+-------------+-------+-------+---------------+---------+---------+------+------+-------------+
    | id | select_type | table | type  | possible_keys | key     | key_len | ref  | rows | Extra       |
    +----+-------------+-------+-------+---------------+---------+---------+------+------+-------------+
    |  1 | SIMPLE      | sql   | range | PRIMARY       | PRIMARY | 4       | NULL |    2 | Using where |
    +----+-------------+-------+-------+---------------+---------+---------+------+------+-------------+
    1 row in set
    
    mysql> explain select * from `sql`;
    +----+-------------+-------+------+---------------+------+---------+------+------+-------+
    | id | select_type | table | type | possible_keys | key  | key_len | ref  | rows | Extra |
    +----+-------------+-------+------+---------------+------+---------+------+------+-------+
    |  1 | SIMPLE      | sql   | ALL  | NULL          | NULL | NULL    | NULL |   24 |       |
    +----+-------------+-------+------+---------------+------+---------+------+------+-------+
    1 row in set
    mysql> select * from `sql` where id=1 order by (select 1 union select 2);
    +----+------+
    | id | new  |
    +----+------+
    |  1 | test |
    +----+------+
    1 row in set
    
    mysql> select * from `sql` where id in (1,2) order by (select 1 union select 2);
    1242 - Subquery returns more than 1 row
    mysql> select * from `sql` order by (select 1 union select 2);
    1242 - Subquery returns more than 1 row
    mysql> 

    可以看到 type  为 const 的时候不会报错。

    百度到 type 各个值的含义

    type=const表示通过索引一次就找到了;  
    type=all,表示为全表扫描; 
    type=ref,因为这时认为是多个匹配行,在联合查询中,一般为REF。

    然后继续来看表结构

    这里id 为主键,那么我们把id主键去掉,在执行上面的语句。

    mysql> select * from `sql` where id=1 order by (select 1 union select 2);
    1242 - Subquery returns more than 1 row
    mysql> explain select * from `sql` where id=1;
    +----+-------------+-------+------+---------------+------+---------+------+------+-------------+
    | id | select_type | table | type | possible_keys | key  | key_len | ref  | rows | Extra       |
    +----+-------------+-------+------+---------------+------+---------+------+------+-------------+
    |  1 | SIMPLE      | sql   | ALL  | NULL          | NULL | NULL    | NULL |   24 | Using where |
    +----+-------------+-------+------+---------------+------+---------+------+------+-------------+
    1 row in set

    结果就显示了错误。

    结论:

          type为const,索引一次就能找到结果的查询会自动忽略order by 的排序错误,直接查询到结果。

  • 相关阅读:
    FPM
    Docker记录
    阿里云ECS发送企业邮件
    git操作
    vscode+vagrant+xdebug调试
    Spring Security开发安全的REST服务
    559. Maximum Depth of N-ary Tree
    《算法图解》之散列表
    766. Toeplitz Matrix
    893. Groups of Special-Equivalent Strings
  • 原文地址:https://www.cnblogs.com/depycode/p/6265938.html
Copyright © 2011-2022 走看看