Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
v- death2015-10-23 14:08:15
MySQL
v- death, 2015-10-23 14:08:15

How to safely work with sql?

Hello. I did not find anything on the Internet about protection against sql injections in golang. Now there is a code

rows, err := DB.Query("SELECT * FROM dev_method WHERE name=?", ps.ByName("methods"))
  if err != nil {
    status.Code503(w, r)
  }
  defer rows.Close()
  bks := make([]*dev_method, 0)
  for rows.Next() {
    bk := new(dev_method)
    err := rows.Scan(&bk.id, &bk.id_menu, &bk.name, &bk.description)
    if err != nil {
      status.Code503(w, r)
    }
    bks = append(bks, bk)
  }
  if err = rows.Err(); err != nil {
    status.Code503(w, r)
  }

what vulnerabilities does it have and if so, how to fix them?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander Pavlyuk, 2015-10-23
@vGrabko99

The request here is quite normally formed, using placeholders. There can be no SQL injection, because "?" is replaced by the value via escaping.

Similar questions
R
Rooly2021-03-23 11:40:40
How to properly organize apiResource Laravel? 2Reply
A
Anholle2019-09-09 11:37:42
How to set up a filter in the feedback form? 0Reply
F
fara_ib2019-09-21 18:21:15
How to set up adding a port to vlan after checking for 802.1x? 2Reply
N
nerwind932021-04-07 15:31:56
How to substitute copied text in js? 3Reply
H
Hikanosu2021-05-04 17:22:30
AIOgram, what is the best way to update the mailing code so that it does not stop due to Flood control? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question