MariaDB 漏洞?喜欢逃脱破碎

MariaDB Bugs? LIKE Escaping Broken(MariaDB 漏洞?喜欢逃脱破碎)

问题描述

服务器版本:10.1.21-MariaDB-1~jessie

Server version: 10.1.21-MariaDB-1~jessie

select 'a%b' like '%\%\%';
+--------------------+
| 'a%b' like '%\%\%' |
+--------------------+
|                  1 |
+--------------------+
1 row in set (0.00 sec)

like 子句表示 'wildcard + literal % + literal %' 但它匹配 'a%b'.

the like clause represents 'wildcard + literal % + literal %' but it matches 'a%b'.

或

select 'a%b' like '%\%\%\%\%\%';
+--------------------------+
| 'a%b' like '%\%\%\%\%\%' |
+--------------------------+
|                        1 |
+--------------------------+
1 row in set (0.00 sec)

MySQL 5.5.38 对两个语句都返回 0.MariaDB的语法有什么不同吗?

MySQL 5.5.38 returns 0 for both statements. Is the syntax of MariaDB different?

添加

@rahul 指出语法错误，所以我创建了一个虚拟表并运行

@rahul pointed that the syntax is wrong, so I created a dummy table and ran

SELECT * FROM `table1` where 'a%b' like '%\%\%';

匹配表中的每一行.

但是，当我运行时，field1='a%b' 的行不匹配

However, a row with field1='a%b' doesn't match when I ran

SELECT * from `table` where field1 like '%\%\%';

现在将在 10.1.22 进行测试.

Now going to test on 10.1.22.

推荐答案

看来这个问题在 10.1.22 已经修复了.

It seems this is fixed in 10.1.22.

Server version: 10.1.22-MariaDB-1~xenial mariadb.org binary distribution

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

MariaDB [(none)]> select 'a%b' like '%\%\%';
+--------------------+
| 'a%b' like '%\%\%' |
+--------------------+
|                  0 |
+--------------------+
1 row in set (0.00 sec)

这篇关于MariaDB 漏洞?喜欢逃脱破碎的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！