Bug #11303 sql bug
Submitted: 14 Jun 2005 1:40 Modified: 14 Jun 2005 13:50
Reporter: liang zhao Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S1 (Critical)
Version:4.1 OS:Windows (windows)
Assigned to: CPU Architecture:Any

[14 Jun 2005 1:40] liang zhao 
Description:
when sql like:
select * from mysql.user where user =''=''or'';
everything go out, of course the same in every sql;

How to repeat:
nah

Suggested fix:
nah
[14 Jun 2005 13:50] Hartmut Holzgraefe 
This is a mix of auto conversion and operator precedence, and the result is perfectly ok.
As '=' has a higher precedence than 'OR' the WHERE condition is equivalent to

  (user = '') = '') OR ''

user='' evaluates to false, or numeric 0

=>  (0 = '') OR ''

now we have a comparison between a number and a string, so the string is converted
into a number. the empty string doesn't contain any digits so its numeric equivalent is
0

=> (0 = 0) OR ''

0 = 0 is obviously true, or numeric 1

=> 1 OR ''

the left side of the OR expression is true already, no need to look further,
the result is also true

so your expression is always true and the query matches every row