labels are variable arguments, so I don't know how to do it..i solved it
for the time being using `fmt.Sprintf` but that leaves me vulnerable to sql
injection I suppose.
On Sun, Jan 3, 2021 at 8:58 AM 'Brian Candler' via golang-nuts <
golang-nuts@googlegroups.com> wrote:
> I think the nearest is:
>
> labelStrs := []interface{}{"carnivore", "mammal", "vertebrate"}
> rows, err := c.Database.Db.Query(`
> select id from mbk_user_label where label_name in (?,?,?)
> `, labelStrs...)
>
> Of course, you may need to change the number of question-marks to match
> len(labelStrs), but that's easily done with a helper function. It would be
> nice if a placeholder could be a list and expand accordingly, though.
>
> On Sunday, 3 January 2021 at 09:29:25 UTC Reto wrote:
>
>> On Sun, Jan 03, 2021 at 12:53:03AM -0800, Alexander Mills wrote:
>> > rows, err := c.Database.Db.Query(`
>> >
>> > select *, (
>> > select count(*) from mbk_file_label
>> > where file_id = mbk_file.id and label_id IN (
>> > select id
>> > from mbk_user_label
>> > where label_name IN (
>> > $2
>> > )
>> > )
>> > ) as xxx
>> > from mbk_file
>> > where user_id = $1
>> > order by xxx DESC
>> > `,
>> > loggedInUserId,
>> > labelStr,
>> > )
>> >
>> >
>> > then the query doesnt work and I dont know why?
>>
>> You might want to debug log your statements in the database engine...
>> What you want to do is not what it's doing.
>>
>> You ask the sql engine to escape the input you give it.
>>
>> So your question becomes `where label_name in ('"carnivore", "mammal",
>> "vertebrate"')`
>> Meaning the string exactly as given as single element.
>>
>> Maybe that helps: https://stackoverflow.com/a/38878826/6212932 if you
>> use postgres.
>>
>> Cheers,
>> Reto
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "golang-nuts" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/golang-nuts/PdzePaSYlUc/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> golang-nuts+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/67dabe1f-e99a-43c4-a686-528227b38f28n%40googlegroups.com
> <https://groups.google.com/d/msgid/golang-nuts/67dabe1f-e99a-43c4-a686-528227b38f28n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
Alexander D. Mills
New cell phone # (415)730-1805
linkedin.com/in/alexanderdmills
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/CA%2BKyZp6GO08_JY7jNuKuQNN-GQV%3DL%2B910Cq1jtu57NF%2BV%3DF-BQ%40mail.gmail.com.
