小编Din*_*ino的帖子

假设用户输入

mysite.com/profile?identity=1
mysite.com/profile?identity=dinodsja
mysite.com/profile?identity=1a

获得价值

$identity = $_GET['identity']; // identity can be user_id or user_name

我有一个简单的选择查询:

SELECT * FROM lb_users WHERE (user_id = 'dinodsja' OR user_name = 'dinodsja') AND user_status = 1

它工作正常.但问题是:

SELECT * FROM lb_users WHERE (user_id = '1a' OR user_name = '1a') AND user_status = 1

当我执行此查询时,它也返回结果而不满足条件.

表结构:

user_id     bigint(25)
user_name   varchar(50)     utf8_general_ci

**

-> Is this a MySQL Bug ? 
-> How can we avoid this ? 
-> What will be the query ? …