sqlescape

package
v1.1.0-beta.0...-cc83417 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EscapeSQL

func EscapeSQL(sql string, args ...any) (string, error)

EscapeSQL will escape input arguments into the sql string, doing necessary processing. It works like printf() in c, there are following format specifiers: 1. %?: automatic conversion by the type of arguments. E.g. []string -> ('s1','s2'..) 2. %%: output % 3. %n: for identifiers, for example ("use %n", db) But it does not prevent you from doing:

EscapeSQL("select '%?", ";SQL injection!;") => "select '';SQL injection!;'".

It is still your responsibility to write safe SQL.

func EscapeString

func EscapeString(s string) string

EscapeString is used by session/bootstrap.go, which has some dynamic query building cases not well handled by this package. For normal usage, please use EscapeSQL instead!

func FormatSQL

func FormatSQL(w io.Writer, sql string, args ...any) error

FormatSQL is the io.Writer version of EscapeSQL. Please refer to EscapeSQL for details.

func MustEscapeSQL

func MustEscapeSQL(sql string, args ...any) string

MustEscapeSQL is a helper around EscapeSQL. The error returned from escapeSQL can be avoided statically if you do not pass interface{}.

func MustFormatSQL

func MustFormatSQL(w *strings.Builder, sql string, args ...any)

MustFormatSQL is a helper around FormatSQL, like MustEscapeSQL. But it asks that the writer must be strings.Builder, which will not return error when w.Write(...).

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL