sqlescape

package
v0.1.0-prerelease Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 24, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

README

sqlescape

This is a copy of the sqlescape package from github.com/pingcap/tidb.

You should really be cloning sqlescape from the original location. This copy is only here to workaround a go.mod issue temporarily.

Documentation

Overview

Package sqlescape provides SQL escaping functionality.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EscapeSQL

func EscapeSQL(sql string, args ...interface{}) (string, error)

EscapeSQL will escape input arguments into the sql string, doing necessary processing. It works like printf() in c, there are following format specifiers: 1. %?: automatic conversion by the type of arguments. E.g. []string -> ('s1','s2'..) 2. %%: output % 3. %n: for identifiers, for example ("use %n", db) But it does not prevent you from doing:

EscapeSQL("select '%?", ";SQL injection!;") => "select '';SQL injection!;'".

It is still your responsibility to write safe SQL.

func EscapeString

func EscapeString(s string) string

EscapeString is used by session/bootstrap.go, which has some dynamic query building cases not well handled by this package. For normal usage, please use EscapeSQL instead!

func FormatSQL

func FormatSQL(w io.Writer, sql string, args ...interface{}) error

FormatSQL is the io.Writer version of EscapeSQL. Please refer to EscapeSQL for details.

func MustEscapeSQL

func MustEscapeSQL(sql string, args ...interface{}) string

MustEscapeSQL is a helper around EscapeSQL. The error returned from escapeSQL can be avoided statically if you do not pass interface{}.

func MustFormatSQL

func MustFormatSQL(w *strings.Builder, sql string, args ...interface{})

MustFormatSQL is a helper around FormatSQL, like MustEscapeSQL. But it asks that the writer must be strings.Builder, which will not return error when w.Write(...).

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL