史上最实用mysql参数之一-----sql_safe_updates

mysql数据库是能够开启安全模式，不过默认状况下，安全模式不开启的，下面就来讲说什么是mysql的安全模式

不知道小伙伴们是否有过维护的数据库表业务数据被人或者由于程序bug致使全表更新，全表删除的痛苦经历，恢复业务数据真的是一个精细活，尤为与交易和钱相关的数据，必须恢复成和原来如出一辙，那能不能在数据库层面架起最后一道安全堡垒，拒绝全表更新，全表删除的非法操做呢，答案是有的，在mysql中sql_safe_updates能够完美解决这个问题，下面就来给你们演示一下实际效果

sql_safe_updates默认是不开启的

mysql> show variables like 'sql_safe_updates';
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| sql_safe_updates | OFF   |
+------------------+-------+
1 row in set (0.01 sec)
复制代码

如今就开启这个参数，若是要永久生效，须要将参数添加到数据库配置文件（my.cnf）中

mysql> set global sql_safe_updates=1;
Query OK, 0 rows affected (0.00 sec)
复制代码

须要从新链接一下数据库，才会生效

mysql> show variables like 'sql_safe_updates';
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| sql_safe_updates | ON    |
+------------------+-------+
1 row in set (0.00 sec)
复制代码

下面就开始用表进行测试

mysql> create table t_test10 (id char(10),name char(20), primary key(id));
Query OK, 0 rows affected (0.29 sec)

插入语句
insert into t_test10 values('1','test1');
insert into t_test10 values('2','test2');
insert into t_test10 values('3','test3');
insert into t_test10 values('4','test4');
insert into t_test10 values('5','test5');
insert into t_test10 values('6','test6');
insert into t_test10 values('7','test7');
insert into t_test10 values('8','test8');

mysql> select * from t_test10;
+----+-------+
| id | name  |
+----+-------+
| 1  | test1 |
| 2  | test2 |
| 3  | test3 |
| 4  | test4 |
| 5  | test5 |
| 6  | test6 |
| 7  | test7 |
| 8  | test8 |
+----+-------+
8 rows in set (0.00 sec)
复制代码

测试一下全表删除

mysql> delete from t_test10;
ERROR 1175 (HY000): You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column. 
mysql> delete from t_test10 where 1=1;
ERROR 1175 (HY000): You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column. 
复制代码

从上面的结果看，所有被数据库安全策略拦截了 再来测试一下更新

mysql> update t_test10 set name='test';
ERROR 1175 (HY000): You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column. 
mysql> update t_test10 set name='test' where 1=1;
ERROR 1175 (HY000): You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column.
复制代码

不带条件的更新也被拦截，那测试一下正常带条件的更新和删除看看效果

mysql> update t_test10 set name='test' where name='test1';
ERROR 1175 (HY000): You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column.
mysql> delete from t_test10 where name='test2';
ERROR 1175 (HY000): You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column. 
复制代码

为何会这样呢，正常更新或者删除一条记录也会被mysql数据库安全策略拦截了呢，这是由于name列没有索引

mysql> show create table t_test10\G;
*************************** 1. row ***************************
       Table: t_test10
Create Table: CREATE TABLE `t_test10` (
  `id` char(10) NOT NULL,
  `name` char(20) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
1 row in set (0.00 sec)

ERROR: 
No query specified

在name列上加索引
mysql> alter table t_test10 add index idx_t_test10_name (name);
Query OK, 0 rows affected (0.44 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> show create table t_test10\G;
*************************** 1. row ***************************
       Table: t_test10
Create Table: CREATE TABLE `t_test10` (
  `id` char(10) NOT NULL,
  `name` char(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  KEY `idx_t_test10_name` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
1 row in set (0.00 sec)
复制代码

从新测试一下正常删除和更新语句

mysql> update t_test10 set name='test' where name='test1';
Query OK, 1 row affected (0.02 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> delete from t_test10 where name='test2';
Query OK, 1 row affected (0.01 sec)
复制代码

所有成功了，开启sql_safe_updates安全模式以后，要想正常删除或者更新，须要知足2个条件

1. delete,update必须带条件，或者加limit进行过滤
2. 所带条件必须走索引

喜欢的同窗能够关注个人公众号（db_arch）（Mysql数据库运维与架构设计）