Closed confusionhill closed 1 year ago
Hello, i am currently using SQLX for my SQL Client and I wanted to produce a query like this
SELECT * FROM "table_name" WHERE id = $1 because I trust SQLX for the sanitation (anti SQL Injection)
SELECT * FROM "table_name" WHERE id = $1
instead of producing a query like that, the generator generate this
SELECT * FROM "table_name" WHERE ("id" = '1')
the value have been injected into the query, I am no security expert but I am not with the query security"
are there a way to generate query like that? thank you
I know that toSQL() method returns query, params, and error but mine does not return any other than query
toSQL()
my implementation
query := builder.From("table_name").Where(goqu.C("id").Eq("1")). Select("*") // Generate the SQL and parameters sql, params, _ := query.ToSQL() fmt.Println("Generated SQL:", sql) fmt.Println("Parameters:", params)
should be something like query.Prepared(true).ToSQL() right
query.Prepared(true).ToSQL()
Hello, i am currently using SQLX for my SQL Client and I wanted to produce a query like this
SELECT * FROM "table_name" WHERE id = $1
because I trust SQLX for the sanitation (anti SQL Injection)instead of producing a query like that, the generator generate this
SELECT * FROM "table_name" WHERE ("id" = '1')
the value have been injected into the query, I am no security expert but I am not with the query security"
are there a way to generate query like that? thank you
I know that
toSQL()
method returns query, params, and error but mine does not return any other than querymy implementation