Affected by GO-2024-2605 and 1 other vulnerabilities

GO-2024-2605: SQL injection in github.com/jackc/pgx/v4

GO-2024-2606: SQL injection in github.com/jackc/pgproto3 and github.com/jackc/pgx

The highest tagged major version is v5.

sanitize

package

v4.7.0 Latest Latest Go to latest Published: Jun 27, 2020 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jackc/pgx

Links

Open Source Insights

Documentation ¶

Index ¶

func QuoteBytes(buf []byte) string
func QuoteString(str string) string
func SanitizeSQL(sql string, args ...interface{}) (string, error)
type Part
type Query
- func NewQuery(sql string) (*Query, error)
- func (q *Query) Sanitize(args ...interface{}) (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func QuoteBytes ¶

func QuoteBytes(buf []byte) string

func QuoteString ¶

func QuoteString(str string) string

func SanitizeSQL ¶

func SanitizeSQL(sql string, args ...interface{}) (string, error)

SanitizeSQL replaces placeholder values with args. It quotes and escapes args as necessary. This function is only safe when standard_conforming_strings is on.

Types ¶

type Part ¶

type Part interface{}

Part is either a string or an int. A string is raw SQL. An int is a argument placeholder.

type Query ¶

type Query struct {
	Parts []Part
}

func NewQuery ¶

func NewQuery(sql string) (*Query, error)

func (*Query) Sanitize ¶

func (q *Query) Sanitize(args ...interface{}) (string, error)

Source Files ¶

View all Source files

sanitize.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL