MariaDB 漏洞?喜欢逃脱破碎
服务器版本:10.1.21-MariaDB-1~jessie
Server version: 10.1.21-MariaDB-1~jessie
select 'a%b' like '%\%\%';
+--------------------+
| 'a%b' like '%\%\%' |
+--------------------+
| 1 |
+--------------------+
1 row in set (0.00 sec)
like 子句表示 'wildcard + literal % + literal %' 但它匹配 'a%b'.
the like clause represents 'wildcard + literal % + literal %' but it matches 'a%b'.
或
select 'a%b' like '%\%\%\%\%\%';
+--------------------------+
| 'a%b' like '%\%\%\%\%\%' |
+--------------------------+
| 1 |
+--------------------------+
1 row in set (0.00 sec)
MySQL 5.5.38 对两个语句都返回 0.MariaDB的语法有什么不同吗?
MySQL 5.5.38 returns 0 for both statements. Is the syntax of MariaDB different?
添加
@rahul 指出语法错误,所以我创建了一个虚拟表并运行
@rahul pointed that the syntax is wrong, so I created a dummy table and ran
SELECT * FROM `table1` where 'a%b' like '%\%\%';
匹配表中的每一行.
但是,当我运行时,field1='a%b' 的行不匹配
However, a row with field1='a%b' doesn't match when I ran
SELECT * from `table` where field1 like '%\%\%';
现在将在 10.1.22 进行测试.
Now going to test on 10.1.22.
推荐答案
看来这个问题在 10.1.22 已经修复了.
It seems this is fixed in 10.1.22.
Server version: 10.1.22-MariaDB-1~xenial mariadb.org binary distribution
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> select 'a%b' like '%\%\%';
+--------------------+
| 'a%b' like '%\%\%' |
+--------------------+
| 0 |
+--------------------+
1 row in set (0.00 sec)
相关文章