我们准备玩点有趣的:
select 一个数字:
mysql> select 1 from mysql.user;
+---+
| 1 |
+---+
| 1 |
| 1 |
| 1 |
+---+
3 rows in set (0.00 sec) mysql>
select 一个字符串:
mysql> select 'perl6' from mysql.user;
+-------+
| perl6 |
+-------+
| perl6 |
| perl6 |
| perl6 |
+-------+
3 rows in set (0.00 sec) mysql>
这个字符串单/双引号是一样的, 我们可以去掉空格:
mysql> select'perl6'from mysql.user;
+-------+
| perl6 |
+-------+
| perl6 |
| perl6 |
| perl6 |
+-------+
3 rows in set (0.00 sec) mysql>
可以看到正常执行。
那数字行不行呢?
mysql> select888from mysql.user;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'select888from mysql.user' at line 1
mysql>
不行, 那我们再select一个浮点型看看:
mysql> select 0.8 from mysql.user;
+-----+
| 0.8 |
+-----+
| 0.8 |
| 0.8 |
| 0.8 |
+-----+
3 rows in set (0.00 sec) mysql>
小数点前后如果是0, 可以不写:
mysql> select 1. from mysql.user;
+----+
| 1. |
+----+
| 1 |
| 1 |
| 1 |
+----+
3 rows in set (0.00 sec) mysql> select .6 from mysql.user;
+-----+
| .6 |
+-----+
| 0.6 |
| 0.6 |
| 0.6 |
+-----+
3 rows in set (0.00 sec) mysql>
如果是浮点型的话, 我们就可以让这个数字跟后面的关链字连在一起了:
mysql> select.6 from mysql.user;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'select.6 from mysql.user' at line 1
mysql> select .6from mysql.user;
+-----+
| .6 |
+-----+
| 0.6 |
| 0.6 |
| 0.6 |
+-----+
3 rows in set (0.00 sec) mysql>
.0就相当于0.0了, 可以这样写:
mysql> select 0.0 from mysql.user;
+-----+
| 0.0 |
+-----+
| 0.0 |
| 0.0 |
| 0.0 |
+-----+
3 rows in set (0.00 sec) mysql> select .0from mysql.user;
+-----+
| .0 |
+-----+
| 0.0 |
| 0.0 |
| 0.0 |
+-----+
3 rows in set (0.00 sec) mysql>
很好玩吧。
我们再看看别名:
mysql> select 'perl6' as P from mysql.user;
+-------+
| P |
+-------+
| perl6 |
| perl6 |
| perl6 |
+-------+
3 rows in set (0.00 sec) mysql>
as可省略:
mysql> select 'perl6' P from mysql.user;
+-------+
| P |
+-------+
| perl6 |
| perl6 |
| perl6 |
+-------+
3 rows in set (0.00 sec) mysql>
省略后可写在一起:
mysql> select'perl6'P from mysql.user;
+-------+
| P |
+-------+
| perl6 |
| perl6 |
| perl6 |
+-------+
3 rows in set (0.01 sec) mysql>
那数字能不能起别名呢?也可以:
mysql> select 1 as 'perl6' from mysql.user;
+-------+
| perl6 |
+-------+
| 1 |
| 1 |
| 1 |
+-------+
3 rows in set (0.00 sec) mysql>
结合前面的浮点型与省略as, 可以这样写:
mysql> select .0'perl6'from mysql.user;
+-------+
| perl6 |
+-------+
| 0.0 |
| 0.0 |
| 0.0 |
+-------+
3 rows in set (0.00 sec) mysql>
我们用union select 再看看:
mysql> select .0from mysql.user union select .01;
+------+
| .0 |
+------+
| 0.00 |
| 0.01 |
+------+
2 rows in set (0.00 sec) mysql>
加个条件:
mysql> select .0from mysql.user where user='root' union select .01;
+------+
| .0 |
+------+
| 0.00 |
| 0.01 |
+------+
2 rows in set (0.00 sec) mysql>
再改改:
mysql> select .0from mysql.user where 1. union select 'perl6';
+-------+
| .0 |
+-------+
| 0.0 |
| perl6 |
+-------+
2 rows in set (0.00 sec) mysql>
小数点数字可以跟后面关链字连起来的, 上面说了, 所以, 我们还可以这样:
mysql> select .0from mysql.user where .1union select'perl6';
+-------+
| .0 |
+-------+
| perl6 |
+-------+
1 row in set (0.00 sec) mysql>
0.开头的小数点会转化为整数, 都转为0。
除了where, 还有一个类似的, 叫做having:
mysql> select .0from mysql.user having .0union select'perl6';
+-------+
| .0 |
+-------+
| perl6 |
+-------+
1 row in set (0.00 sec) mysql>
where 跟having可以一起用:
mysql> select .0from mysql.user where .0 having 1 union select'perl6';
+-------+
| .0 |
+-------+
| perl6 |
+-------+
1 row in set (0.00 sec) mysql> select .0from mysql.user where 1.0 having 1 union select'perl6';
+-------+
| .0 |
+-------+
| 0.0 |
| perl6 |
+-------+
2 rows in set (0.00 sec) mysql>
where跟having一起时, 逻辑是从左到右, 先执行前面的where, 再执行后面的having。
但是having只能跟在where后面。
而且你也不能这么写: (select user from mysql.user where user='root' where user='root')
除了where/having类似外, 还有类似的:
union select
union distinct select
union all select
最后我们来看一下字符串转换为数字:
mysql> select 'a'+1;
+-------+
| 'a'+1 |
+-------+
| 1 |
+-------+
1 row in set, 1 warning (0.00 sec) mysql>
'a'转换为0, 相加结果是1。
提示有警告, 可以用如下命令查看信息:
mysql> select 'a'+1;
+-------+
| 'a'+1 |
+-------+
| 1 |
+-------+
1 row in set, 1 warning (0.00 sec) mysql> show warnings;
+---------+------+---------------------------------------+
| Level | Code | Message |
+---------+------+---------------------------------------+
| Warning | 1292 | Truncated incorrect DOUBLE value: 'a' |
+---------+------+---------------------------------------+
1 row in set (0.00 sec) mysql>
字符串会被转换为数字, 如果能转换, 就转换为相应的数字, 不能转换就转换为0
mysql> select '1a'+1;
+--------+
| '1a'+1 |
+--------+
| 2 |
+--------+
1 row in set, 1 warning (0.00 sec) mysql> select 'a1'+1;
+--------+
| 'a1'+1 |
+--------+
| 1 |
+--------+
1 row in set, 1 warning (0.02 sec) mysql> select ''+1;
+---------+
| ''+1 |
+---------+
| 124 |
+---------+
1 row in set (0.00 sec) mysql>
我们可以连着一起写:
mysql> select'per16'+.1'test';
+------+
| test |
+------+
| 0.1 |
+------+
1 row in set, 1 warning (0.00 sec) mysql>
最后再来看点好玩的:
mysql> select host from mysql.user;
+-----------+
| host |
+-----------+
| 127.0.0.1 |
| ::1 |
| localhost |
+-----------+
3 rows in set (0.00 sec) mysql> select host from mysql.user where password='a'+'a';
+-----------+
| host |
+-----------+
| localhost |
| 127.0.0.1 |
| ::1 |
+-----------+
3 rows in set, 5 warnings (0.00 sec) mysql> show warnings;
+---------+------+-------------------------------------------------------------------------------+
| Level | Code | Message |
+---------+------+-------------------------------------------------------------------------------+
| Warning | 1292 | Truncated incorrect DOUBLE value: '*81F5E21E35407D884A6CD4A731AEBFB6AF209E1B' |
| Warning | 1292 | Truncated incorrect DOUBLE value: 'a' |
| Warning | 1292 | Truncated incorrect DOUBLE value: 'a' |
| Warning | 1292 | Truncated incorrect DOUBLE value: '*81F5E21E35407D884A6CD4A731AEBFB6AF209E1B' |
| Warning | 1292 | Truncated incorrect DOUBLE value: '*81F5E21E35407D884A6CD4A731AEBFB6AF209E1B' |
+---------+------+-------------------------------------------------------------------------------+
5 rows in set (0.00 sec) mysql>
password='a'+'a', 字符串'a'转换成数字(因为有个 + 号), 会发生警告信息, 信息中包含用户的密码。
password='a'+'a', 会被转化为整数类型的表达式, 像 2=1+1
看下面的例子:
mysql> select user();
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec) mysql> select user()+'';
+-----------+
| user()+'' |
+-----------+
| 0 |
+-----------+
1 row in set (0.00 sec) mysql> select user()=''+'';
+--------------+
| user()=''+'' |
+--------------+
| 1 |
+--------------+
1 row in set (0.00 sec) mysql> select user()=''+'';
+---------------+
| user()=''+'' |
+---------------+
| 0 |
+---------------+
1 row in set (0.00 sec) mysql>
本身user()是字符串的, 遇到了左边的 两个字符串相加, 所以右边的user()也将会自动转换为数值类型。