Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Lufri Rais Maulana raismaulana

🎯
Focusing
View GitHub Profile
View safe_array_query.go
func query(db *sql.DB, name []string) {
query := fmt.Sprint("select id, name, grade from students ")
where := "where "
params := interface{}{}
if len(names) > 0 {
q, p := prepareStringArray(names, len(params))
params = append(params, p...)
where += fmt.Sprintf(`AND t.id IN (%v) `, q)
}
View unsafe_array_query.go
func query(db *sql.DB, name []string) {
query := fmt.Sprint("select id, name, grade from students ")
where := "where "
params := interface{}{}
if len(names) > 0 {
where += `f.id IN ('` + strings.Join(names, "','") + `') `
}
query = query + where
View safe_column_query.go
func query(db *sql.DB, orderBy []string) {
query := fmt.Sprint("select id, name, grade from students ")
paging := ""
if len(opt.OrderBy) > 0 {
validColumn := map[string]string{
"id": "id",
"created_at": "created_at",
}
paging = sanitizeOrderBy(orderBy, validColumn, paging)
}
View unsafe_column_query.go
func query(db *sql.DB, orderBy []string) {
query := fmt.Sprint("select id, name, grade from students ")
paging := ""
if len(opt.OrderBy) > 0 {
paging += `ORDER BY ` + strings.Join(orderBy, ",") + ` `
}
query = query + paging
_, err := db.Query(query)
if err != nil {
View safe_single_query.go
func query(db *sql.DB, name string) {
query := fmt.Sprint("select id, name, grade from students ")
where := "where "
params := interface{}{}
if name != "" {
params = append(params, name)
where += "name=$%d",len(params)"
}
@raismaulana
raismaulana / unsafe_single_query.go
Last active Sep 23, 2022
unsafe_single_query.go
View unsafe_single_query.go
func query(db *sql.DB, name string) {
query := fmt.Sprint("select id, name, grade from students where name = '%s'", name)
_, err := db.Query(query)
if err != nil {
fmt.Println(err.Error())
return
}
}
View safe_array_query.go
func query(db *sql.DB, name []string) {
query := fmt.Sprint("select id, name, grade from students ")
where := "where "
params := interface{}{}
if len(names) > 0 {
q, p := prepareStringArray(names, len(params))
params = append(params, p...)
where += fmt.Sprintf(`AND t.id IN (%v) `, q)
}
@raismaulana
raismaulana / safe_array_query.go
Last active Sep 23, 2022
Avoid SQL Injection by Writing Safe Query Using Prepare Statement and/or Whitelist Character
View safe_array_query.go
func query(db *sql.DB, name []string) {
query := fmt.Sprint("select id, name, grade from students ")
where := "where "
params := interface{}{}
if len(names) > 0 {
q, p := prepareStringArray(names, len(params))
params = append(params, p...)
where += fmt.Sprintf(`AND t.id IN (%v) `, q)
}
View I'm an early 🐤
🌞 Morning 116 commits ██████▋░░░░░░░░░░░░░░ 32.0%
🌆 Daytime 155 commits ████████▉░░░░░░░░░░░░ 42.8%
🌃 Evening 86 commits ████▉░░░░░░░░░░░░░░░░ 23.8%
🌙 Night 5 commits ▎░░░░░░░░░░░░░░░░░░░░ 1.4%