在Go中参数化SQL查询

Question

I have a simple query like the one below. 我有一个简单的查询，如下所示。

select json_agg(row_to_json(t)) from (select *                                                       
               from jobs, companies, locations                                                                                                                                                                                                                                 
               where jobs.company_id = companies.id and jobs.location_id = locations.id                                                                                                                                                                                        
               $extra                                                                                                                                                                                                                                                          
               and to_tsvector(jobs.name || ' ' || companies.name || ' ' || locations.name) @@ to_tsquery($1)                                                                                                                                                                  
               and to_tsvector(locations.name) @@ to_tsquery($2)                                                                                                                                                                                                               
               limit $3) t

But it has some problems regarding additional query. 但是它在附加查询方面存在一些问题。 The $1 and $2 parameters is optional based on the query user requests. $1和$2参数是可选的，基于查询用户的请求。 But still, at least in this case to_tsquery (postgresql) doesn't support any "match all" query like '*' so we must have the whole additional query and to_tsvector(locations.name) @@ to_tsquery($2) with proper parameter or not at all. 但是仍然，至少在这种情况下， to_tsquery （postgresql）不支持任何“匹配所有”查询，例如“ *”，因此我们必须具有整个附加查询and to_tsvector(locations.name) @@ to_tsquery($2)并带有适当的参数还是根本没有。

This makes building query based on parameter tiresome work since we have to copy same query and add additional query all the time, and it's easily add up. 这使基于参数的查询工作变得很麻烦，因为我们必须一直复制相同的查询并添加其他查询，而且添加起来很容易。 I have a solution in mind to use strings.Replace to add up additional queries, but still we need to escape the parameter if needed. 我有一个使用strings.Replace的解决方案，可以添加其他查询，但是如果需要，我们仍然需要对参数进行转义。 Is there any other solution can get this done in a clean way ? 还有其他解决方案可以干净地完成此操作吗？

Answer 1

Here the tricky solution, hope this can help you. 这里有棘手的解决方案，希望对您有所帮助。 this query example using syntax query for github.com/lib/pq 此查询示例使用针对github.com/lib/pq的语法查询

baseQuery := `
        SELECT *
        FROM
            tableName
        WHERE
            (name ILIKE $1)`

params := []interface{}{"%" + nameLike + "%"}

// you can add optional criteria using this way
if condition==true {
        baseQuery += fmt.Sprintf(` AND student_no=$%d`, len(params)+1)
        params = append(params, studentNo)
}

filterQuery := baseQuery + ` ORDER BY contract_no ASC`

if totalLimit != 0 {
    filterQuery += fmt.Sprintf(` LIMIT $%d OFFSET $%d`, len(params)+1, len(params)+2)
    params = append(params, totalLimit, totalSkip)
}

rows, err := db.Query(filterQuery, params...)

在Go中参数化SQL查询

问题描述

1 个解决方案

解决方案1
2 2015-04-28 07:28:21

在Go中参数化SQL查询

问题描述

1 个解决方案

解决方案1 2 2015-04-28 07:28:21

解决方案1
2 2015-04-28 07:28:21