In reality, those three user accounts are actually quite dangerous. They pose a very great threat to test databases.
Unfortunately, mysql comes with full access to test databases. How can you find them ?
Run this query:
SELECT user,host,db from mysql.db;
Upon installation of mysql, you will see two rows that give full access to any database named 'test' or whose first 5 characters are 'test_'.
Why is this a problem ???
Try running this command:
$ mysql -u'' -Dtest
You will have connected the test database without a password.
Now, create a table and load it with a row:
CREATE TABLE mytable (a int);
INSERT INTO mytable VALUES (1);
OK, big deal. Could you double this table in size 30 times ???
INSERT INTO mytable SELECT * FROM mytable;
INSERT INTO mytable SELECT * FROM mytable;
... (30 times)
INSERT INTO mytable SELECT * FROM mytable;
What do you get ?? A table with 1,073,741,824 rows. Easily, 4GB+.
Imagine creating any table of any size. How about creating a bunch of tables in the test database and freely accessing them at will ?
The best thing you can do under these circumstances is to run this query:
DELETE FROM mysql.db;
and restart mysql. Then, those three accounts will be properly rendered inoperative.
Give it a Try !!!
UPDATE 2011-09-12 10:00 EDT
This delete:
DELETE FROM mysql.db;
FLUSH PRIVILEGES;
is just what you need for an initial installation. However, if you have users already established, You can run this instead:
DELETE FROM mysql.db WHERE db IN ('test','test_%');
FLUSH PRIVILEGES;
This will remove the specific two DB permissions.
As I mentioned in my answer, the three permissions are very dangerous for test databases. Running this DELETE will neutralize those accounts for having full rights to test databases.
There are several ways to pass the IN / LIMIT limitation and the UNION / ORDER BY syntax requirements.
Wrap the Union in a derived table:
SELECT * FROM comment AS tbl WHERE sscm_id IN
( SELECT sscm_id
FROM
( ( SELECT sscm_id FROM comment AS t1 WHERE t1.sscm_oid = 4
ORDER BY t1.sscm_id DESC LIMIT 3)
UNION ALL
( SELECT sscm_id FROM comment AS t2 WHERE t2.sscm_oid = 3
ORDER BY t2.sscm_id DESC LIMIT 3)
) AS tmp
) ;
Use JOIN instead of WHERE / IN:
UNION is required here instead of UNION ALL to avoid duplicates
SELECT tbl.*
FROM comment AS tbl
JOIN
( ( SELECT sscm_id FROM comment AS t1 WHERE t1.sscm_oid = 4
ORDER BY t1.sscm_id DESC LIMIT 3)
UNION
( SELECT sscm_id FROM comment AS t2 WHERE t2.sscm_oid = 3
ORDER BY t2.sscm_id DESC LIMIT 3)
) AS tmp
ON tmp.sscm_id = tbl.sscm_id ;
Best Answer
It's valid SQL as long as both sub-expressions,
(birthday)and(registered=0) are boolean expressions (or can be implicitly converted to). And whileregistered = 0is boolean, thebirthdayis probably not.In MySQL though, integer expressions can be converted to boolean and vice versa, according to the rules:
FALSEis0,TRUEis1(and anything other than0isTRUEfor the integer->boolean conversion).So, that's what happens, an implicit conversion. For any birthday value other than
0, the expression is evaluated as:which is equivalent to just
(registered=0).In Access, if I remember right,
-1stands forTRUE(instead of 1), but anything other than 0 is also converted to true, so the observed behaviour would be the same.The final use of the expression in the
ORDER BYdepends on how the DBMS sorts boolean values. I suppose that both (MySQL and Access) useFALSE < TRUE