Documentation ¶
Overview ¶
Package sqlescape provides SQL escaping functionality.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EscapeSQL ¶
EscapeSQL will escape input arguments into the sql string, doing necessary processing. It works like printf() in c, there are following format specifiers: 1. %?: automatic conversion by the type of arguments. E.g. []string -> ('s1','s2'..) 2. %%: output % 3. %n: for identifiers, for example ("use %n", db) But it does not prevent you from doing:
EscapeSQL("select '%?", ";SQL injection!;") => "select '';SQL injection!;'".
It is still your responsibility to write safe SQL.
func EscapeString ¶
EscapeString is used by session/bootstrap.go, which has some dynamic query building cases not well handled by this package. For normal usage, please use EscapeSQL instead!
func FormatSQL ¶
FormatSQL is the io.Writer version of EscapeSQL. Please refer to EscapeSQL for details.
func MustEscapeSQL ¶
MustEscapeSQL is a helper around EscapeSQL. The error returned from escapeSQL can be avoided statically if you do not pass interface{}.
func MustFormatSQL ¶
MustFormatSQL is a helper around FormatSQL, like MustEscapeSQL. But it asks that the writer must be strings.Builder, which will not return error when w.Write(...).
Types ¶
This section is empty.