<p>Is golangs database drivers or the ORM layer handle the sql injection itself? or if not are there any extra layer to use to protect sql injection.</p>
<hr/>**评论:**<br/><br/>TheMerovius: <pre><p>If you use prepared statements, there are no SQL injections. The go database API does strongly encourage using prepared statements. Unless you manually <code>fmt.Sprintf</code> together the string passed to <a href="https://godoc.org/database/sql#DB.Exec" rel="nofollow">Exec</a> and the like, you don't have to worry about it.</p></pre>carsncode: <pre><p>If you are actually using ORM, then SQL injections are the responsibility of the ORM framework to prevent. With ORM, you're not writing SQL, so there is nowhere for you to be concerned with SQL injection.</p>
<p>If you're just talking about database drivers, then the same advice applies in go as it does in every other language: always use prepared statements. </p></pre>thesilentwitness: <pre><p>Sort of. SQL injections are the responsibility of the driver, however if the ORM does not utilise query parameters properly it can bypass that. </p></pre>
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889
- 请尽量让自己的回复能够对别人有帮助
- 支持 Markdown 格式, **粗体**、~~删除线~~、
`单行代码`
- 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
- 图片支持拖拽、截图粘贴等方式上传