here is a question I posted on dba.stackexchange:
https://dba.stackexchange.com/questions/282501/variable-number-of-arguments-with-golang
On Sun, Jan 3, 2021 at 2:20 PM Alexander Mills <alexander.d.mi...@gmail.com>
wrote:
> labels are variable arguments, so I don't know how to do it..i solved it
> for the time being using `fmt.Sprintf` but that leaves me vulnerable to sql
> injection I suppose.
>
>
> On Sun, Jan 3, 2021 at 8:58 AM 'Brian Candler' via golang-nuts <
> golang-nuts@googlegroups.com> wrote:
>
>> I think the nearest is:
>>
>> labelStrs := []interface{}{"carnivore", "mammal", "vertebrate"}
>> rows, err := c.Database.Db.Query(`
>> select id from mbk_user_label where label_name in (?,?,?)
>> `, labelStrs...)
>>
>> Of course, you may need to change the number of question-marks to match
>> len(labelStrs), but that's easily done with a helper function. It would be
>> nice if a placeholder could be a list and expand accordingly, though.
>>
>> On Sunday, 3 January 2021 at 09:29:25 UTC Reto wrote:
>>
>>> On Sun, Jan 03, 2021 at 12:53:03AM -0800, Alexander Mills wrote:
>>> > rows, err := c.Database.Db.Query(`
>>> >
>>> > select *, (
>>> > select count(*) from mbk_file_label
>>> > where file_id = mbk_file.id and label_id IN (
>>> > select id
>>> > from mbk_user_label
>>> > where label_name IN (
>>> > $2
>>> > )
>>> > )
>>> > ) as xxx
>>> > from mbk_file
>>> > where user_id = $1
>>> > order by xxx DESC
>>> > `,
>>> > loggedInUserId,
>>> > labelStr,
>>> > )
>>> >
>>> >
>>> > then the query doesnt work and I dont know why?
>>>
>>> You might want to debug log your statements in the database engine...
>>> What you want to do is not what it's doing.
>>>
>>> You ask the sql engine to escape the input you give it.
>>>
>>> So your question becomes `where label_name in ('"carnivore", "mammal",
>>> "vertebrate"')`
>>> Meaning the string exactly as given as single element.
>>>
>>> Maybe that helps: https://stackoverflow.com/a/38878826/6212932 if you
>>> use postgres.
>>>
>>> Cheers,
>>> Reto
>>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "golang-nuts" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/golang-nuts/PdzePaSYlUc/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> golang-nuts+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/golang-nuts/67dabe1f-e99a-43c4-a686-528227b38f28n%40googlegroups.com
>> <https://groups.google.com/d/msgid/golang-nuts/67dabe1f-e99a-43c4-a686-528227b38f28n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
> --
> Alexander D. Mills
> New cell phone # (415)730-1805
> linkedin.com/in/alexanderdmills
>
--
Alexander D. Mills
New cell phone # (415)730-1805
linkedin.com/in/alexanderdmills
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/CA%2BKyZp7ha1sADsGs%3Dp089zTRQrbJhOLPXTs-%2B%2BZCn8dc42f1zw%40mail.gmail.com.
