douli2876 2017-12-14 08:53
浏览 826
已采纳

在Golang中动态创建PostgreSQL表

I am using "database/sql" package in GO. I want to create a table of variable name.

Only way I can think of is-

db.Exec(`CREATE TABLE`+table_name+`;`)

But it is not safe as there can be SQL injection.

  • 写回答

3条回答 默认 最新

  • dsnhalq37505 2017-12-14 09:01
    关注

    I don't code in GO, but this would probably be safe for injection:

    tx.Prepare(`do $$ begin execute format($f$create table %I()$f$,$1); end; $$;`)
    

    and then

    stmt.Exec(table_name)
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?