Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
v- death2015-10-23 14:08:15
MySQL
v- death, 2015-10-23 14:08:15

How to safely work with sql?

Hello. I did not find anything on the Internet about protection against sql injections in golang. Now there is a code

rows, err := DB.Query("SELECT * FROM dev_method WHERE name=?", ps.ByName("methods"))
  if err != nil {
    status.Code503(w, r)
  }
  defer rows.Close()
  bks := make([]*dev_method, 0)
  for rows.Next() {
    bk := new(dev_method)
    err := rows.Scan(&bk.id, &bk.id_menu, &bk.name, &bk.description)
    if err != nil {
      status.Code503(w, r)
    }
    bks = append(bks, bk)
  }
  if err = rows.Err(); err != nil {
    status.Code503(w, r)
  }

what vulnerabilities does it have and if so, how to fix them?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander Pavlyuk, 2015-10-23
@vGrabko99

The request here is quite normally formed, using placeholders. There can be no SQL injection, because "?" is replaced by the value via escaping.

Similar questions
S
Sergey2018-01-29 18:59:09
How to upgrade MySQL version on CentOS 6? 2Reply
P
Pavlo Ponomarenko2010-12-18 18:14:03
mysql: slow alter? 2Reply
0
0ralo2020-04-14 19:16:19
How to work with pymysql? 1Reply
K
Kir Shatrov2010-12-22 20:13:30
Fetching similar results / MySQL 3Reply
A
arsenaljek2020-04-15 06:06:35
How to correctly display data from mysql? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question