and or 混用
and or 混用
and 优先级 > or
1,SELECT * from managers WHERE `name` = 'admin' OR 1=1 and `password`='admin1111'
相当于 SELECT * from managers WHERE `name` = 'admin' OR (1=1 and `password`='admin1111')
能查出 name = admin 这一条数据 //因为name=admin 为真 (1=1 and `password`='admin1111') 为假 or是或者
1,SELECT * from managers WHERE `name` = 'admin' and `password`='admin1111' OR 1=1
相当于 SELECT * from managers WHERE ( `name` = 'admin' and `password`='admin1111') OR 1=1
能查出所有数据,因为前面为假,但是后面的1=1却永远为真
浙公网安备 33010602011771号