Is golang's ORM drivers like pq handle sql injections?

xuanbao · · 691 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>Is golangs database drivers or the ORM layer handle the sql injection itself? or if not are there any extra layer to use to protect sql injection.</p> <hr/>**评论:**<br/><br/>TheMerovius: <pre><p>If you use prepared statements, there are no SQL injections. The go database API does strongly encourage using prepared statements. Unless you manually <code>fmt.Sprintf</code> together the string passed to <a href="https://godoc.org/database/sql#DB.Exec" rel="nofollow">Exec</a> and the like, you don&#39;t have to worry about it.</p></pre>carsncode: <pre><p>If you are actually using ORM, then SQL injections are the responsibility of the ORM framework to prevent. With ORM, you&#39;re not writing SQL, so there is nowhere for you to be concerned with SQL injection.</p> <p>If you&#39;re just talking about database drivers, then the same advice applies in go as it does in every other language: always use prepared statements. </p></pre>thesilentwitness: <pre><p>Sort of. SQL injections are the responsibility of the driver, however if the ORM does not utilise query parameters properly it can bypass that. </p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

691 次点击  
加入收藏 微博
0 回复
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传