我遇到了一個MySQL存儲過程非常有趣的問題。其過程如下:影響刪除的MySQL存儲過程變量名稱
DROP PROCEDURE IF EXISTS `removeSubscription`;
DELIMITER ;;
CREATE DEFINER=`root`@`%` PROCEDURE `removeSubscription`(IN `userId` int,IN `channelId` int,IN `channelTypeTitle` varchar(255))
BEGIN
SET @userId = userId;
SET @channelId = channelId;
SET @channelTypeTitle = channelTypeTitle;
DELETE FROM subscriptions
WHERE
userid = @userId AND
channelid = @channelId AND
channeltypeid = (SELECT id FROM channeltypes WHERE `name` = @channelTypeTitle)
LIMIT 1;
END
;;
DELIMITER ;
當這個被稱爲存儲過程從PHP,是忽略所有的「WHERE子句中,並簡單地刪除它遇到的第一行。這意味着,當「LIMIT 1」冷落,它刪除一切從表:■
這是PHP:
$stmt = $db->prepare("CALL removeSubscription(:userId, :channelId, :channelTypeTitle)");
$stmt->bindValue('userId', $userId);
$stmt->bindValue('channelId', $channelId);
$stmt->bindValue('channelTypeTitle', $channelTypeTitle);
$stmt->execute();
奇怪的是,如果我在PHP都的重命名傳遞的參數準備並在存儲過程中(例如,在它們之前有一個'x'),那麼它就可以正常工作。我在這裏錯過了很明顯的東西嗎
我可以看到「create procedure removeSubscription」語句嗎? –
當然是@ SQL.injection - 我已經更新了原來的問題以包含CREATE語句 –