3

我有一个看起来像这样的邀请表

sqlite> .schema invitations
CREATE TABLE "invitations" 
    ( "id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL
    , "sender_id" integer
    , "recipient_email" varchar(255)
    , "token" varchar(255)
    , "sent_at" datetime
    , "team_id" integer
    , "created_at" datetime
    , "updated_at" datetime
    );

CREATE UNIQUE INDEX "index_invitations_on_recipient_email_and_team_id"
    ON "invitations" ("recipient_email", "team_id");

CREATE INDEX "index_invitations_on_sender_id"
    ON "invitations" ("sender_id");

CREATE INDEX "index_invitations_on_team_id"
    ON "invitations" ("team_id");

令牌列存储在记录创建时生成的十六进制摘要,如下所示(Ruby):

self.token = Digest::SHA1.hexdigest([Time.now, rand].join)

当我将邀请插入数据库时​​,我可以使用

SELECT * FROM "invitations" where "invitations"."recipient_email" = "an email"


SELECT * FROM "invitations" where "invitations"."token" = "an token"

即使我从插入语句中复制/粘贴确切的标记,也会返回注意?

编辑
原来如此

SELECT * FROM "invitations" where "invitations"."token" LIKE "an token"

将正确检索记录。

为什么“LIKE”有效,但“=”无效?我尝试在插入之前剥离十六进制并进行不区分大小写的选择。都没有奏效。

编辑 2 看来我只能使用 ruby​​gem“sqlite3”和命令行来复制这个问题。那是没有Rails等。

这是过程:

stuff $ gem install sqlite3
Fetching: sqlite3-1.3.3.gem (100%)
Building native extensions.  This could take a while...
Successfully installed sqlite3-1.3.3
1 gem installed
Installing ri documentation for sqlite3-1.3.3...
Installing RDoc documentation for sqlite3-1.3.3...
stuff $ irb
ruby-1.9.2-head :001 > require "sqlite3"
ruby-1.9.2-head :017 > rows = db.execute <<-SQL
ruby-1.9.2-head :018"> create table invitations (
ruby-1.9.2-head :019"> token varchar(40)
ruby-1.9.2-head :020"> );
ruby-1.9.2-head :021"> SQL
# with normal strings for comparison
ruby-1.9.2-head :022 > ['4535435', 'jfeu833'].each {|hash| db.execute "insert into 'invitations' ('token') values (?)", hash }
 => ["4535435", "jfeu833"] 
ruby-1.9.2-head :023 > db.execute("select * from invitations where invitations.token = '4535435'") {|row| p row }
# it finds the row successfully
["4535435"]
 => #<SQLite3::Statement:0x000001011741c8> 
ruby-1.9.2-head :028 > require "digest/sha1"
 => true 
# now to try it with a hash
ruby-1.9.2-head :029 > [Digest::SHA1.hexdigest("banana")].each {|hash| db.execute "insert into 'invitations' ('token') values (?)", hash }
 => ["250e77f12a5ab6972a0895d290c4792f0a326ea8"]
ruby-1.9.2-head :031 > db.execute("select * from invitations where invitations.token = '250e77f12a5ab6972a0895d290c4792f0a326ea8'") {|row| p row }
# notice that no record is printed
 => #<SQLite3::Statement:0x0000010107c630>
4

2 回答 2

5

我在聊天中与 Dukeyfuzz(OP)讨论了这个问题,我们发现哈希在 sqlite 中存储为 BLOB:

sqlite> select typeof(token) from invitations; 
blob 
blob

所以出于某种原因,即使 ruby​​ 说插入的是一个字符串:

irb(main):002:0> (Digest::SHA1.hexdigest("banana")).class() 
=> String

它最终以 BLOB 形式出现在 sqlite 中。

插入值或作为文字插入,而不是使用参数插入会使问题消失(由 OP 测试):

oh ok got it
ruby-1.9.2-head :010 > db.execute("insert into invitations (token) VALUES ('#{the_hash}')") 
=> []
ok now the dump..

INSERT INTO "invitations" VALUES('bda04628ea94f26cac0793eac103258eb515c505');
much better!

该问题是由于sqlite3 ruby​​gem将二进制字符串存储为 blob的事实引起的。防止这种情况的方法是在插入之前将哈希编码为 UTF-8。

hash = Digest::SHA1.hexdigest("banana").encode("UTF-8")
db.execute("insert into invitations (token) values (?)", hash)

完成此操作后,哈希将存储为文本。

于 2011-07-13T13:31:22.477 回答
0

token从更改varchar(255)char(40)可能会有所帮助。

让我烦恼的另一件事是您使用双引号:"

我一直认为

select *
from "invitations" 
where "invitations"."token" = "e8c6ab9d5d1df98c906952c58e1be4d640d3c5ae"

不同于:

select *
from 'invitations' 
where 'invitations'.'token' = 'e8c6ab9d5d1df98c906952c58e1be4d640d3c5ae'

并且不同于:

select *
from `invitations` 
where `invitations`.token` = `e8c6ab9d5d1df98c906952c58e1be4d640d3c5ae`

完全不确定 Rails 和 SQLite 在这件事上的表现。我一直在使用(在 MySQL 和 SQL-Server 中):

select *
from invitations 
where invitations.token = 'e8c6ab9d5d1df98c906952c58e1be4d640d3c5ae'
于 2011-07-13T10:04:53.137 回答