yurixu

icon indicating a website link http://yurixu.com/ icon indicating an email [email protected]

Results 1 issues of yurixu

ToBoundSQL函数 不能过滤参数防止SQL注入吗?

6 comment

代码: name := "cat;sleep(1)" build := builder.MySQL() sql, err := build.Select("*").From(table).Where(builder.Cond(builder.Eq{"name": name})).ToBoundSQL() 生成的sql语句是:SELECT * FROM t_tmp_info WHERE name='cat;sleep(1)' 并没有将sleep(1)过滤掉

security