sqlx sqlinject sqltransaction
Your Name
parent
ef2f287ae9
commit
551443d830
1
go.mod
1
go.mod
|
|
@ -5,4 +5,5 @@ go 1.22
|
|||
require (
|
||||
filippo.io/edwards25519 v1.1.0 // indirect
|
||||
github.com/go-sql-driver/mysql v1.8.1 // indirect
|
||||
github.com/jmoiron/sqlx v1.4.0 // indirect
|
||||
)
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -2,3 +2,7 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
|
|||
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
|
||||
github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
|
||||
github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
|
||||
github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
|
||||
github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
|
||||
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
|
||||
github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
|
||||
|
|
|
|||
|
|
@ -0,0 +1,61 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/jmoiron/sqlx"
|
||||
"log"
|
||||
|
||||
_ "github.com/go-sql-driver/mysql"
|
||||
)
|
||||
|
||||
var c *sqlx.DB
|
||||
|
||||
type user23 struct {
|
||||
ID int
|
||||
NAME string
|
||||
AGE int
|
||||
}
|
||||
|
||||
// sql 注入
|
||||
func main() {
|
||||
err := connect()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
sqlInject("王奥")
|
||||
//拼接之后会查出所有数据
|
||||
sqlInject("xxx' or 1=1 #")
|
||||
|
||||
}
|
||||
|
||||
func sqlInject(name string) {
|
||||
sqlStr := fmt.Sprintf("select id,name,age from user where name='%v'", name)
|
||||
fmt.Println("sql:", sqlStr)
|
||||
var u []user23
|
||||
err := c.Select(&u, sqlStr)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
return
|
||||
}
|
||||
for _, user1 := range u {
|
||||
fmt.Println("user1:", user1)
|
||||
}
|
||||
}
|
||||
|
||||
func connect() (err error) {
|
||||
c, err = sqlx.Connect("mysql", "root:123456@tcp(43.143.245.135:3306)/user")
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return err
|
||||
}
|
||||
//connect方法提供了ping。所以不需要ping
|
||||
//err = databasE.Ping()
|
||||
//if err != nil {
|
||||
// log.Println(err)
|
||||
// return err
|
||||
//}
|
||||
log.Println("Successfully connected to mysql")
|
||||
c.SetMaxOpenConns(10)
|
||||
c.SetMaxIdleConns(5)
|
||||
return nil
|
||||
}
|
||||
|
|
@ -32,14 +32,6 @@ type newUser struct {
|
|||
status int
|
||||
}
|
||||
|
||||
func generateNewUser(name, level string, status int) *newUser {
|
||||
return &newUser{
|
||||
name: name,
|
||||
level: level,
|
||||
status: status,
|
||||
}
|
||||
}
|
||||
|
||||
// 预处理方式插入多条数据
|
||||
func prepareInsert() {
|
||||
sqlStr := `insert into user (name,level,status) values (?,?,?)`
|
||||
|
|
|
|||
|
|
@ -0,0 +1,69 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
_ "github.com/go-sql-driver/mysql"
|
||||
"log"
|
||||
)
|
||||
|
||||
var Db *sql.DB
|
||||
|
||||
func initdb() (err error) {
|
||||
Db, err = sql.Open("mysql", "root:123456@tcp(43.143.245.135:3306)/user")
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return err
|
||||
}
|
||||
err = Db.Ping()
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return err
|
||||
}
|
||||
log.Println("Successfully connected to mysql")
|
||||
Db.SetMaxOpenConns(10)
|
||||
Db.SetMaxIdleConns(5)
|
||||
return nil
|
||||
}
|
||||
|
||||
func main() {
|
||||
err := initdb()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
transaction()
|
||||
|
||||
}
|
||||
|
||||
func transaction() {
|
||||
//开启事务
|
||||
tx, err := Db.Begin()
|
||||
if err != nil {
|
||||
log.Println("begin failed", err)
|
||||
return
|
||||
}
|
||||
//执行多个sql操作,即一个事务
|
||||
sqlstr1 := `update user set age=age-1 where id=1`
|
||||
sqlstr2 := `update user set age=age+1 where id=2`
|
||||
|
||||
_, err = tx.Exec(sqlstr1)
|
||||
if err != nil {
|
||||
log.Println("执行sql1出错了,要回滚", err)
|
||||
//回滚操作
|
||||
tx.Rollback()
|
||||
return
|
||||
}
|
||||
_, err = tx.Exec(sqlstr2)
|
||||
if err != nil {
|
||||
log.Println("执行sql2出错了,要回滚", err)
|
||||
//回滚操作
|
||||
tx.Rollback()
|
||||
return
|
||||
}
|
||||
//上两步操作都执行成功,就提交本次事务
|
||||
err = tx.Commit()
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return
|
||||
}
|
||||
log.Println("事务执行成功")
|
||||
}
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/jmoiron/sqlx"
|
||||
"log"
|
||||
|
||||
_ "github.com/go-sql-driver/mysql"
|
||||
)
|
||||
|
||||
// sqlx 另外的库
|
||||
|
||||
var databasE *sqlx.DB
|
||||
|
||||
type users struct {
|
||||
ID int
|
||||
NAME string
|
||||
AGE int
|
||||
}
|
||||
|
||||
func main() {
|
||||
err := initd()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
//查询单行,不需要scan也能拿到结果
|
||||
sqlstr := `select id,name,age from user where id=1`
|
||||
var u users
|
||||
err = databasE.Get(&u, sqlstr)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
fmt.Println(u)
|
||||
//查询多行
|
||||
var ulist = make([]users, 0, 1) //引用类型初始化
|
||||
sqlstr2 := `select id,name,age from user`
|
||||
//必须要传指针
|
||||
err = databasE.Select(&ulist, sqlstr2)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return
|
||||
}
|
||||
fmt.Println(ulist)
|
||||
}
|
||||
|
||||
func initd() (err error) {
|
||||
databasE, err = sqlx.Connect("mysql", "root:123456@tcp(43.143.245.135:3306)/user")
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return err
|
||||
}
|
||||
//connect方法提供了ping。所以不需要ping
|
||||
//err = databasE.Ping()
|
||||
//if err != nil {
|
||||
// log.Println(err)
|
||||
// return err
|
||||
//}
|
||||
log.Println("Successfully connected to mysql")
|
||||
databasE.SetMaxOpenConns(10)
|
||||
databasE.SetMaxIdleConns(5)
|
||||
return nil
|
||||
}
|
||||
Loading…
Reference in New Issue