Bug #57784 where clause dangerous
Submitted: 27 Oct 2010 20:42 Modified: 28 Oct 2010 4:00
Reporter: Francesco Giuliani Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Data Types Severity:S2 (Serious)
Version: OS:Any
Assigned to: CPU Architecture:Any

[27 Oct 2010 20:42] Francesco Giuliani 
Description:
create table MyTable(
 MyField varchar(10) not null;
);

insert into MyTable values ( "A" );
insert into MyTable values ( "a" );

> select * from MyTable where MyField = 'a';
Return 2 rows?!? It's dangerous if I search for login into my site

> delete from MyTable where MyField = 0
Deletes 2 (all) rows?!? It's very dangerous into my scripts

Bye

How to repeat:
See example
[28 Oct 2010 4:00] Valeriy Kravchuk 
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://dev.mysql.com/doc/.

Looks like you just use case-insensitive collation in the first case (check with SHOW CREATE TABLE) and in the second case you compare string to number, and, thus, MySQL compares them as doubles. All these details are explained in the manual.