Support for prepared statements and bound parameters #2926
Comments
|
+1 |
1 similar comment
|
+1 |
|
+1 |
1 similar comment
|
+1 |
jsternberg
added a commit
that referenced
this issue
May 16, 2016
The parser can be passed a map of keys to literal values to be replaced into the query. Parameters are preceded by a dollar sign (`$`). If a parameter key is missing, an error is thrown by the parser. Fixes #2926.
jsternberg
added a commit
that referenced
this issue
May 19, 2016
The parser can be passed a map of keys to literal values to be replaced into the query. Parameters are preceded by a dollar sign (`$`). If a parameter key is missing, an error is thrown by the parser. Fixes #2926.
|
+1 |
|
Is this the right way to address this issue now? https://docs.influxdata.com/influxdb/v1.7/tools/api/#bind-parameters |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
Please correct me if I'm wrong but I don't see any support for prepared statements and bound parameters. I'm trying to figure out a way to prevent SQL injection when using the Go client library.
Your README talks about doing something like this:
My understanding is that fmt.Sprintf does not protect against SQL injection at all. Is there a way to use Go's built-in prepare http://golang.org/pkg/database/sql/#DB.Prepare or query http://golang.org/pkg/database/sql/#DB.Query so that I can bind parameters to a query?
Thanks!
The text was updated successfully, but these errors were encountered: