SQLi and templates
lojikil opened this issue · comments
Logyi, hajnalvédő commented
Most of the non-compliant Go SQL code I see is actually abuse of templates, rather than string joins. We should show non-compliance via templating as well, so that developers do not think that templating can necessarily save them here.
PauloASilva commented
Hi @lojikil,
Can you please provide an example of it?
Cheers,
Paulo A. Silva
PauloASilva commented
By "abuse of templates" do you mean stuff like:
rows, err := db.Query(fmt.Sprintf("SELECT * FROM user WHERE id = %s", id))
@lojikil would you like to open a Pull Request?
Cheers,
Paulo A. Silva