Comments (1)
Bot detected the issue body's language is not English, translate it automatically. π―ππ»π§βπ€βπ§π«π§πΏβπ€βπ§π»π©πΎβπ€βπ¨πΏπ¬πΏ
Is your feature request related to a problem? Please describe.
- Sometimes the sql statement originally contains the question mark character, but after using db.query, the question mark that does not want to be escaped will be replaced, causing sql execution errors;
- In addition, during the sql filling process, a value may be filled repeatedly in multiple places. Using question marks as placeholders will cause many repeated values ββββin the input parameters. The input parameters will be very long and it is easy to make wrong rows;
- It is expected that the injection of SQL can be allowed in the custom SQL. It is hoped that the table to be queried by the SQL can be added through placeholders. Currently, it can only be processed through character splicing, and the custom statement processing will be very fragmented. If you are worried about SQL injection, direct string concatenation is unavoidable.
Describe the solution you'd like
I hope there is a method similar to Java that uses ${} #{} placeholders to splice complete statements, and you can choose whether to add quotation marks to the fill parameters.
Describe alternatives you've considered
Or you can add corresponding interfaces to allow customization of relevant injection rules.
Additional
from gf.
Related Issues (20)
- There is a deadlock in gcache HOT 13
- codecov: runing ci-mail.sh failed
- util/gvalid: json array validation is invalid HOT 2
- cmd/gf: gf run how to exclude dir or file ? HOT 2
- os/ghttp: streamζ΅εΌθΎεΊε―θ½εε¨bug HOT 6
- os/grpool: AddWithRecover Panic HOT 4
- os/gtime: issue config HOT 7
- gf gen dao use config database.default.link? HOT 4
- The fields in the structure will not be set to default values ββwhen requesting HOT 2
- If the request structure is a slice type structure, it is not bound to a value that meets the requirements. HOT 2
- gf gen ctrl bug
- database/gdb: I noticed there was a sharding feature before. Why was it removed HOT 1
- net/ghttp: openapi doc misses request parameter constraints when `CommonRequest` is set.
- Bug caused by combining ORM's List method and garry HOT 4
- database/gdb: Do you want to change the default Charset? HOT 1
- gf pack arg -p / not affect HOT 2
- database/gdb: create/update/delele time should not be overridden if it has been specified
- gf gen service -f CamelLower
- gdb: issue The SQL is wrong when using "WhereNotIn", if an empty parameter is passed
- os/glog/glog_logger_rotate.go
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gf.