Feature: Formatting Query like fmt.Sprintf
Closed this issue · 2 comments
aoisensi commented
Is your feature request related to a problem?
Please add formatting query function.
Like this one.
what := surrealdb.Format("SELECT * FROM user WHERE name = ?;", username")You need to add like this function because SQL injection vulnerabilities occur frequently.
Describe the solution
Alternative methods
SurrealDB version
Contact Details
No response
Is there an existing issue for this?
- I have searched the existing issues
Code of Conduct
- I agree to follow this project's Code of Conduct
plally commented
You can pass variables like this to prevent sql injection. Would that solve your issue?
result, err := db.Query("SELECT * FROM user WHERE name = $user;", map[string]any{
"user": username.
})aoisensi commented
Wow thank you
LGTM
Maybe I am blind...
Sorry!