You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello friends! I tried using safesql and it didn't work out that well.
database/sql is not wrapped properly in safesql/sqlwrap.go. The args are not spread out in the call to the underlying functions. Here is Exec as an example:
// Exec is a tiny wrapper for https://pkg.go.dev/sql#DB.Execfunc (dbDB) Exec(queryTrustedSQLString, args...interface{}) (Result, error) {
returndb.db.Exec(query.s, args) // <-- Should be args...
}
This seems to be the case for all functions taking an args ...interface{} in sqlwrap.go.
Here is a small POC:
Hello friends! I tried using
safesql
and it didn't work out that well.database/sql
is not wrapped properly insafesql/sqlwrap.go
. Theargs
are not spread out in the call to the underlying functions. Here isExec
as an example:This seems to be the case for all functions taking an
args ...interface{}
insqlwrap.go
.Here is a small POC:
Running this gives:
But if i run the same code using
database/sql
it works.The text was updated successfully, but these errors were encountered: