Using the Go SQL library we can create SELECT, INSERT, UPDATE and DELETE statements with parameters like this:
db.Query("SELECT * FROM database.table WHERE param = ?", param_value)
I want to create tables from user provided input that describes the table structure, users will be asked for the name of the table and the name and type of each column they want to create. However, building a CREATE statement in the query interface Creating a CREATE statement by concatenating strings together works, but that's a SQL injection attack waiting to happen.
Is there a way to parameterize CREATE statements using the Go SQL library?