I have a query in my application that selects users from a table by ID or by username:
SELECT * FROM users WHERE id = '$x' OR username = '$x'
This is working when given usernames like foo, bar123 or ids like 1, 123.
But when I give a username like 2foo it selects both user 2foo and user with id=2. So it takes the 2 of 2foo and finds a user. Additionally I get a warning message: 1292: Truncated incorrect DOUBLE value: 2foo.
Is there a way to tell MySQL not to do this conversion (for this query but not whole db)? Or do I need to do a filtering after the query to discard false results?
Your query is formed in a way, that triggers a “this-is-a-feature-not-a-bug” behaviour in MySQL: You compare the same string (‘$x’) to a numeric field (id) and to a varchar field (username).
While I am sure, there are ways to make this work in SQL, I suspect the only correct way is to fix the PHP that creates the query. Something like
should help.
Here is the SQL version, just for the sake of completeness:
Note: Form the OQ I assume, that $x is already escaped.