Post
6
Reply
Reply

When and why you should use 1=1 in WHERE clause?

Uma Shankar Patel

Uma Shankar Patel
Jan 24, 2014
2.5k
0
    Jignesh Trivedi

    When ever you want to build or create dynamic SQL and when you writing condition but you do not know whether your dynamic query has where clause or not. Use where 1=1 to make sure your dynamic query has where clause

    Jignesh Trivedi
    February 24, 2014
    1
    Avikshith Aradhya

    This will select all records from the mentioned table. Usually used in SQL injection to retrieve all data from Table.

    Avikshith Aradhya
    May 31, 2016
    0
    Pankaj Kumar Choudhary

    when we want to retrieve all record of a table..........

    Pankaj Kumar Choudhary
    May 25, 2015
    0
    Vithal Wadje

    I some time use 1=1 for checking sql injection attack possibilty

    Vithal Wadje
    February 24, 2014
    0
    Vithal Wadje

    it shows the all records from table

    Vithal Wadje
    February 23, 2014
    0
    Uma Shankar Patel

    If you don't know  the list of conditions at compile time and it will built at run time, Then you can made a condition with “where 1=1”. and for other conditions that will affect run time, use
    and .

    1. StringBuilder sb = new StringBuilder();  
    2.          sb.Append("SELECT * FROM Products");  // Your query  
    3.          sb.Append(" WHERE 1=1"); // always true condition  
    5.          // append query's where clause  
    7.          if (catID != 0)  
    8.          {  
    9.              sb.Append(" AND categoryID= {0}", catID);  
    10.          }  
    11.          if (minPrice > 0)  
    12.          {  
    13.              sb.Append(" AND itemPrice >= {0}", minPrice);  
    14.          }  
    16.          SqlCommand cmd = new SqlCommand(sb.ToString(), cnn);  
    17.          SqlDataReader dr = cmd.ExecuteReader();  
    18.          // your code to read data from dr.  

    Uma Shankar Patel
    January 24, 2014
    0