FAQ
Am I really blind, or are placeholder parameters merely mentioned without
any explanation in the package documentation?

Also, I'd have expected an encoding function to make sure strings are SQL
compatible (single quotes being doubled up, that type of thing), but I see
no such option.

Lucio.

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Andy Balholm at May 11, 2013 at 3:35 pm
    Placeholder parameters vary a lot from one database to another, so it's
    hard to go into much detail about them in the docs. But maybe the docs
    should mention that they do vary.

    You shouldn't need to escape your strings if you use parameterized SQL.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Lucio at May 11, 2013 at 4:18 pm
    I would if I knew what it is. Time for the wikipedia?
    On Saturday, 11 May 2013 17:35:14 UTC+2, Andy Balholm wrote:

    Placeholder parameters vary a lot from one database to another, so it's
    hard to go into much detail about them in the docs. But maybe the docs
    should mention that they do vary.

    You shouldn't need to escape your strings if you use parameterized SQL.
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Andy Balholm at May 11, 2013 at 7:59 pm
    Postgres:
    db.Query("select name, phone from contacts where state = $1 and totalSales
    $2", "WA", 1000000)
    Some other databases:
    db.Query("select name, phone from contacts where state = ? and totalSales >
    ?", "WA", 1000000)

    Instead of interpolating the parameter values (WA and 1000000 in this case)
    into the query string, the query and the parameters are sent to the
    database server separately. Then the server interprets the query as though
    they were substituted for the placeholders. But it doesn't use textual
    substitution, so they don't need to follow SQL quoting or escaping rules,
    and there is no risk of SQL injection.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Archos at May 11, 2013 at 5:42 pm
    http://code.google.com/p/go/issues/detail?id=3602

    El sábado, 11 de mayo de 2013 15:43:58 UTC+1, Lucio escribió:
    Am I really blind, or are placeholder parameters merely mentioned without
    any explanation in the package documentation?

    Also, I'd have expected an encoding function to make sure strings are SQL
    compatible (single quotes being doubled up, that type of thing), but I see
    no such option.

    Lucio.
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedMay 11, '13 at 2:44p
activeMay 11, '13 at 7:59p
posts5
users3
websitegolang.org

3 users in discussion

Lucio: 2 posts Andy Balholm: 2 posts Archos: 1 post

People

Translate

site design / logo © 2022 Grokbase