douzi1986 2017-11-07 10:06
浏览 1465
已采纳

Golang Sprintf格式化字符串并多次使用

I try to generate a sql query using Sprintf() where I have to use the same variable two times

myStr := "test"
str := Sprintf("SELECT ... WHERE a = '%#[1]s' or b = '%#[1]s'", myStr)
fmt.Println(str)

This snippets outputs the expected string

SELECT ... WHERE a = 'test' or b = 'test'

but go vet says:

unrecognized printf flag for verb 's': '#' (vet)

And I am puzzled why. Switching the printf verb to v satisfies go vet but adds " around my string. And I honestly doesn't see a mistake in using %#[1]s.

Any thoughts?

  • 写回答

2条回答 默认 最新

  • dongqian3750 2017-11-07 10:30
    关注

    Using printf to construct queries is a bad idea, it opens you up to SQL injection.

    See named parameters in the sql package.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 树莓派与pix飞控通信
  • ¥15 自动转发微信群信息到另外一个微信群
  • ¥15 outlook无法配置成功
  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题