Are query strings in golang safe?
1 answer
This is not db safe, and you must use escaping the database driver before putting anything into it.
You should use functions such as sql.DB.Query()
that will allow you to pass arguments and avoid them properly. http://golang.org/pkg/database/sql/#DB.Query
eg.
userId := http.Request.URL.Query().Get("userId")
rows, err := db.Query("SELECT * FROM users WHERE id=?", userId)
+6
source to share