Postgres中的Go and IN子句

I am trying to execute the following query against the PostgreSQL database in Go using pq driver:

SELECT COUNT(id)
FROM tags
WHERE id IN (1, 2, 3)

where 1, 2, 3 is passed at a slice tags := []string{"1", "2", "3"}.

I have tried many different things like:

s := "(" + strings.Join(tags, ",") + ")"
if err := Db.QueryRow(`
    SELECT COUNT(id)
    FROM tags
    WHERE id IN $1`, s,
).Scan(&num); err != nil {
    log.Println(err)
}

which results in pq: syntax error at or near "$1". I also tried

if err := Db.QueryRow(`
    SELECT COUNT(id)
    FROM tags
    WHERE id IN ($1)`, strings.Join(stringTagIds, ","),
).Scan(&num); err != nil {
    log.Println(err)
}

which also fails with pq: invalid input syntax for integer: "1,2,3"

I also tried passing a slice of integers/strings directly and got sql: converting Exec argument #0's type: unsupported type []string, a slice.

So how can I execute this query in Go?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duandun2218 2016-06-26 10:33
关注
Pre-building the SQL query (preventing SQL injection)

If you're generating an SQL string with a param placeholder for each of the values, it's easier to just generate the final SQL right away.

Note that since values are strings, there's place for SQL injection attack, so we first test if all the string values are indeed numbers, and we only proceed if so:

tags := []string{"1", "2", "3"} buf := bytes.NewBufferString("SELECT COUNT(id) FROM tags WHERE id IN(") for i, v := range tags { if i > 0 { buf.WriteString(",") } if _, err := strconv.Atoi(v); err != nil { panic("Not number!") } buf.WriteString(v) } buf.WriteString(")")

Executing it:

num := 0 if err := Db.QueryRow(buf.String()).Scan(&num); err != nil { log.Println(err) }

Using ANY

You can also use Postgresql's ANY, whose syntax is as follows:

expression operator ANY (array expression)

Using that, our query may look like this:

SELECT COUNT(id) FROM tags WHERE id = ANY('{1,2,3}'::int[])

In this case you can declare the text form of the array as a parameter:

SELECT COUNT(id) FROM tags WHERE id = ANY($1::int[])

Which can simply be built like this:

tags := []string{"1", "2", "3"} param := "{" + strings.Join(tags, ",") + "}"

Note that no check is required in this case as the array expression will not allow SQL injection (but rather will result in a query execution error).

So the full code:

tags := []string{"1", "2", "3"} q := "SELECT COUNT(id) FROM tags WHERE id = ANY($1::int[])" param := "{" + strings.Join(tags, ",") + "}" num := 0 if err := Db.QueryRow(q, param).Scan(&num); err != nil { log.Println(err) }
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

Postgres中的Go and IN子句 postgresql
2016-06-26 08:45

回答 2 已采纳 Pre-building the SQL query (preventing SQL injection) If you're generating an SQL string with a p
在golang中使用postgres IN子句 postgresql
2017-10-12 03:16

回答 2 已采纳 Instead of ?, using $1,$2 etc as placeholder worked.
使用php数组作为Postgres IN子句的参数 php postgresql
2017-12-08 14:59

回答 1 已采纳 Take a look at the Aura.Sql documentation for quote(), here: https://github.com/auraphp/Aura.Sql/
数据分析大数据面试题大杂烩01
2021-03-09 16:29

爱学习的菜鸟罢了的博客 hadoop框架是用java语言写的,也就是说,hadoop框架中运行的所有应用程序都要用java语言来写才能正常地在hadoop集群中运行 . 那么问题来了,如果有些开发者就是不会java语言,但是又想使用mapreduce这个并行计算模型的...
Postgres中的Golang包装查询执行 postgresql sql
2018-07-23 20:49

回答 2 已采纳 This may help you Variadic functions can be called in the usual way with individual arguments.
具有十六进制值的Golang + Postgres WHERE子句 postgresql
2014-12-12 02:01

回答 1 已采纳 When you ran the following query: insert into testhex (testhex) values ('\x123456'); You insert
我应该如何存储Go的time.Location在Postgres中？ postgresql
2019-05-03 08:59

回答 2 已采纳 Upon save, I would obtain the zone name and offset using Time.Zone(): func (t Time) Zone() (name
大数据存储技术之ClickHouse入门学习（二）
2021-09-14 18:27

日月星辰TEL的博客 SELECT StartURL AS URL, AVG(Duration) AS AvgDuration FROM tutorial.visits_v1 WHERE StartDate BETWEEN '2014-03-23' AND '2014-03-30' GROUP BY URL ORDER BY AvgDuration DESC LIMIT 10 SELECT sum(Sign) AS ...
如何在jackc / pgx中使用“ where id in”子句？ database postgresql
2019-05-10 09:16

回答 1 已采纳 As you already know IN expects a list of scalar expressions, not an array, however pgtype.Int4Arra
如何使用Golang在Postgres中批处理SQL语句 postgresql sql
2017-12-27 08:19

回答 1 已采纳 There is a bit old depesz blog post on that. His programs are Perl scripts, but if you concentrate
重写大IN子句的最有效方法是什么？ postgresql sql
2018-10-09 01:12

回答 1 已采纳 You can replace user_id IN (value [, ...]) with one of: user_id IN (subquery) user_id = ANY (subq
可以减税 PCA 什么是PostgreSQL
2022-07-12 00:10

云草桑的博客 1994 年，有两个研究生 Andrew yu 和 Jolly Chen 增加了对 SQL 语言的支持，建立 Postgres95，并发行到了互联网。 1996 年，该计划重新命名为 PostgreSQL，许多世界各地数据库开发者以及志愿者参与进来，并发行了 ...
从postgres中检索数组 php postgresql
2017-05-19 09:49

回答 1 已采纳 when selecting array, you can hack the way array is displayed: t=# select json_build_array(array[
一篇文章帮你详细了解Greenplum迁移工具—GPCopy
2020-03-12 17:30

Greenplum中文社区的博客您可以在完全限定的表名的数据库，模式和表部分中使用Go语言正则表达式来定义一组输入表。正则表达式模式必须用斜杠（/ RE_pattern /）括起来。例如，--include-table mytest.public.demo /.*/指定公共模式下mytest...
用Python和SQLite存储时间序列数据：高效与低成本的解决方案
2023-07-19 00:42

禅与计算机程序设计艺术的博客它采用 Go 编程语言编写，底层依赖 InfluxData 提供的 TSM（Time Structured Merge Tree，时间结构化合并树）引擎。TSM 是一个高效的索引结构，能够将多个小文件合并成一个大文件，并对其中的数据进行压缩，进一步...
没有解决我的问题, 去提问

悬赏问题

¥20 docker里部署springboot项目，访问不到扬声器
¥15 netty整合springboot之后自动重连失效
¥15 悬赏！微信开发者工具报错，求帮改
¥20 wireshark抓不到vlan
¥20 关于#stm32#的问题：需要指导自动酸碱滴定仪的原理图程序代码及仿真
¥20 设计一款异域新娘的视频相亲软件需要哪些技术支持
¥15 stata安慰剂检验作图但是真实值不出现在图上
¥15 c程序不知道为什么得不到结果
¥40 复杂的限制性的商函数处理
¥15 程序不包含适用于入口点的静态Main方法

Postgres中的Go and IN子句

2条回答 默认 最新

Pre-building the SQL query (preventing SQL injection)

Using ANY

悬赏问题

2条回答默认最新

Using `ANY`