Thanks for your reply. You have deepened my understanding of placeholders. It seems to be the limitations of using placeholders in MySQL. 在2023年9月18日星期一 UTC+8 20:01:52<Vladimir Varankin> 写道:
> A thing, that it may be valuable to explain further, is that Go's > "database/sql" doesn't come with a built-in query builder. > > The package implements the database connection pooling/management, but it > passes the user's SQL input and its arguments to the "driver". Depending on > the particular database kind, the driver may or may not try to interpret > the query (and the args), before it passes them to the database server. > > In the specific example of MySQL/MariaDB, the support for placeholder "?" > is a part of this database's flavour of SQL. Thus, it's likely, the driver > you're using, passes the query with a placeholder to the DB server, but the > DB's support of placeholders is limited to only a subset of queries (or > places inside a query) — as the link to SO's answer, shared previously, > explained. > > Hope this makes it a little bit more clear. > > On Sunday, September 17, 2023 at 10:45:27 AM UTC+2 Brian Candler wrote: > >> According to this SO answer, CREATE USER in mysql doesn't support >> placeholders: >> >> https://stackoverflow.com/questions/20647115/how-to-write-create-user-with-mysql-prepared-statement >> *"+1 for a legitmiate use of QUOTE() which is really the sanest thing >> that can be done here, since CREATE USER doesn't support ? placeholders"* >> >> You can test this by trying a simple DML statement, e.g. >> UPDATE users SET name=? where name=? >> >> On Sunday, 17 September 2023 at 01:02:08 UTC+1 John Zh wrote: >> >>> Hi ! >>> I am going to make some kind of manager app over MySQL clusters by using >>> Golang. But I found that when I try to exec some SQL line includes user >>> name or db name, the SQL line can't be correctly parameterized. >>> For example: >>> Using GORM based on database/sql or directly using database/sql >>> ``` >>> err := db.Exec("CREATE USER ? IDENTIFIED BY ?", a.Name, a.Pwd).Error >>> ``` >>> Got >>> ``` >>> [1.824ms] [rows:0] CREATE USER 'Reiis' IDENTIFIED BY '12345' >>> Error 1064 (42000): You have an error in your SQL syntax; check the >>> manual that corresponds to your MySQL server version for the right syntax >>> to use near '? IDENTIFIED BY ?' at line 1 >>> ``` >>> >>> Seems like it does not replace "?" with a.Name, but rather passes the >>> SQL command with "?" directly to MySQL. What is more wired, it prints >>> the SQL command with correctly replaced parameters in the log. >>> >>> I don't know the the underlying reason behind this phenomenon, is it >>> intentionally designed like that? >>> Thx! >>> >> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/b0376b5e-2589-4810-918c-74336e940f30n%40googlegroups.com.
