-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for prepared statements and bound parameters #2926
Comments
+1 |
1 similar comment
+1 |
+1 |
1 similar comment
+1 |
jsternberg
added a commit
that referenced
this issue
May 16, 2016
The parser can be passed a map of keys to literal values to be replaced into the query. Parameters are preceded by a dollar sign (`$`). If a parameter key is missing, an error is thrown by the parser. Fixes #2926.
jsternberg
added a commit
that referenced
this issue
May 19, 2016
The parser can be passed a map of keys to literal values to be replaced into the query. Parameters are preceded by a dollar sign (`$`). If a parameter key is missing, an error is thrown by the parser. Fixes #2926.
+1 |
Is this the right way to address this issue now? https://docs.influxdata.com/influxdb/v1.7/tools/api/#bind-parameters |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
Please correct me if I'm wrong but I don't see any support for prepared statements and bound parameters. I'm trying to figure out a way to prevent SQL injection when using the Go client library.
Your README talks about doing something like this:
My understanding is that fmt.Sprintf does not protect against SQL injection at all. Is there a way to use Go's built-in prepare http://golang.org/pkg/database/sql/#DB.Prepare or query http://golang.org/pkg/database/sql/#DB.Query so that I can bind parameters to a query?
Thanks!
The text was updated successfully, but these errors were encountered: