When and why you should use 1=1 in WHERE clause?

Post

By Uma Shankar Patel in C# on Jan 24 2014

Feb, 2014 24
When ever you want to build or create dynamic SQL and when you writing condition but you do not know whether your dynamic query has where clause or not. Use where 1=1 to make sure your dynamic query has where clause
- 1
May, 2016 31
This will select all records from the mentioned table. Usually used in SQL injection to retrieve all data from Table.
- 0
May, 2015 25
when we want to retrieve all record of a table..........
- 0
Feb, 2014 24
I some time use 1=1 for checking sql injection attack possibilty
- 0
Feb, 2014 23
it shows the all records from table
- 0
Jan, 2014 24
If you don't know the list of conditions at compile time and it will built at run time, Then you can made a condition with “where 1=1”. and for other conditions that will affect run time, use

and .
1. StringBuilder sb = new StringBuilder();
2. sb.Append("SELECT * FROM Products"); // Your query
3. sb.Append(" WHERE 1=1"); // always true condition
5. // append query's where clause
7. if (catID != 0)
8. {
9. sb.Append(" AND categoryID= {0}", catID);
10. }
11. if (minPrice > 0)
12. {
13. sb.Append(" AND itemPrice >= {0}", minPrice);
14. }
16. SqlCommand cmd = new SqlCommand(sb.ToString(), cnn);
17. SqlDataReader dr = cmd.ExecuteReader();
18. // your code to read data from dr.
- 0

Most Popular Job Functions