search

surrealdb / surrealdb.go

SurrealDB SDK for Golang
https://surrealdb.com
Apache License 2.0
232 stars 60 forks source link

Feature: Formatting Query like fmt.Sprintf #97

Closed aoisensi closed 1 year ago

aoisensi commented 1 year ago

Is your feature request related to a problem?

Please add formatting query function. Like this one.

what := surrealdb.Format("SELECT * FROM user WHERE name = ?;", username")

You need to add like this function because SQL injection vulnerabilities occur frequently.

Describe the solution

-

Alternative methods

-

SurrealDB version

-

Contact Details

No response

Is there an existing issue for this?

Code of Conduct

plally commented 1 year ago

You can pass variables like this to prevent sql injection. Would that solve your issue?

result, err := db.Query("SELECT * FROM user WHERE name = $user;", map[string]any{
    "user": username.
})
aoisensi commented 1 year ago

Wow thank you LGTM Maybe I am blind... Sorry!