Simple SQL escape and format
//Format
sql := sqlstring.Format("select * from users where name=? and age=? limit ?,?", "t'est", 10, 10, 10)
fmt.Printf("sql: %s",sql)
//Escape
sql = "select * from users WHERE name = " + sqlstring.Escape(name);
fmt.Printf("sql: %s",sql)
MIT
PG Auth Proxy This is an experimental toolkit for injecting alternate authentication strategies into a PostgreSQL-compatible wire format. This is a pr
query2metric A tool to run db queries in defined frequency and expose the count as prometheus metrics. Why ? Product metrics play an important role in
OctoSQL OctoSQL is a query tool that allows you to join, analyse and transform data from multiple databases, streaming sources and file formats using
WAL-G is an archival restoration tool for PostgreSQL, MySQL/MariaDB, and MS SQL Server (beta for MongoDB and Redis).
Gendry gendry is a Go library that helps you operate database. Based on go-sql-driver/mysql, it provides a series of simple but useful tools to prepar
Squirrel is "complete". Bug fixes will still be merged (slowly). Bug reports are welcome, but I will not necessarily respond to them. If another fork
_____ _ _ ____ _____ ___ ____ ____ ___ _ | ____| | / \ / ___|_ _|_ _|/ ___|/ ___| / _ \ | | | _| | | / _ \ \___ \ |
GoTSQL - A Better Way to Organize SQL codebase using Templates in Golang Installation through Go Get command $ go get github.com/migopsrepos/gotsql In
TxWrapper TxWrapper is a sql transaction wrapper. It helps to exclude writing code for rollback and commit commands. Usage import ( "context"
Hello,
Is there any way change the default escape character '\ 'into ''' ? After my testing with oracle + database/sql + github.com/sijms/go-ora, it seems that escape single quote with ' didn't work. I used ReplaceAll instead to solve the current single quote issue I met.
Regards, Steven
Example shows
sql := sqlstring.Format("select * from users where name=? and age=? limit ?,?", "t'est", 10, 10, 10)
fmt.Printf("sql: %s\n", sql)
Outputting
sql: select * from users where name='t\'est' and age=10 limit 10,10
Which is correct. However, this protection can easily be defeated:
sql := sqlstring.Format("select * from users where name=? and age=? limit ?,?", `t\'est`, 10, 10, 10)
fmt.Printf("sql: %s\n", sql)
Outputting
sql: select * from users where name='t\\'est' and age=10 limit 10,10
The double backslash fails to escape the single quote resulting in SQL injection vulnerability.
https://go.dev/play/p/qVnax1F8P9M
SQLer SQL-er is a tiny portable server enables you to write APIs using SQL query to be executed when anyone hits it, also it enables you to define val
go-sql-reader go utility to read the externalised sql with predefined tags Usage
MSSQLDecryptor small and simple decryptor for encrypted objects in Microsoft SQL
QueryCrate A simple library for loading & getting string queries from files. How
SQL API SQL API is designed to be able to run queries on databases without any configuration by simple HTTP call. The request contains the DB credenti
SQLfuzz Load random data into SQL tables for testing purposes. The tool can get the layout of the SQL table and fill it up with random data. Installat
gosqlparser gosqlparser is a simple SQL parser. Installation As simple as: go get github.com/krasun/gosqlparser Usage ... Supported Statements CREATE
DBAuditor SQL数据库审计系统,目前支持SQL注入攻击审计 环境配置 sudo apt install golang 运行方式 将待审计语句填入test.txt中,然后运行主程序: 直接运行: go run main.go 编译运行: go build main.go ./main 主要目
Vectorized SQL for JSON at scale: fast, simple, schemaless Sneller is a high-performance vectorized SQL engine for JSON that runs directly on object s
Things Catalog Analyzer I recently started catalogging all the things I own. I simply wanted to have an overview over my things, think about what I ca