From 551443d830cc95f60c2ae2f446f7936a01efa2f6 Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 23 Jul 2024 01:43:15 +0800 Subject: [PATCH] sqlx sqlinject sqltransaction --- go.mod | 1 + go.sum | 4 +++ mysql/sql_inject.go | 61 +++++++++++++++++++++++++++++++++++ mysql/sql_prepare.go | 8 ----- mysql/sql_transaction.go | 69 ++++++++++++++++++++++++++++++++++++++++ mysql/sqlx.go | 62 ++++++++++++++++++++++++++++++++++++ 6 files changed, 197 insertions(+), 8 deletions(-) create mode 100644 mysql/sql_inject.go create mode 100644 mysql/sql_transaction.go create mode 100644 mysql/sqlx.go diff --git a/go.mod b/go.mod index 5c55d37..801b6e0 100644 --- a/go.mod +++ b/go.mod @@ -5,4 +5,5 @@ go 1.22 require ( filippo.io/edwards25519 v1.1.0 // indirect github.com/go-sql-driver/mysql v1.8.1 // indirect + github.com/jmoiron/sqlx v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 19dbcec..320e5f2 100644 --- a/go.sum +++ b/go.sum @@ -2,3 +2,7 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= +github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= +github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= diff --git a/mysql/sql_inject.go b/mysql/sql_inject.go new file mode 100644 index 0000000..2b9864b --- /dev/null +++ b/mysql/sql_inject.go @@ -0,0 +1,61 @@ +package main + +import ( + "fmt" + "github.com/jmoiron/sqlx" + "log" + + _ "github.com/go-sql-driver/mysql" +) + +var c *sqlx.DB + +type user23 struct { + ID int + NAME string + AGE int +} + +// sql 注入 +func main() { + err := connect() + if err != nil { + return + } + sqlInject("王奥") + //拼接之后会查出所有数据 + sqlInject("xxx' or 1=1 #") + +} + +func sqlInject(name string) { + sqlStr := fmt.Sprintf("select id,name,age from user where name='%v'", name) + fmt.Println("sql:", sqlStr) + var u []user23 + err := c.Select(&u, sqlStr) + if err != nil { + log.Fatal(err) + return + } + for _, user1 := range u { + fmt.Println("user1:", user1) + } +} + +func connect() (err error) { + c, err = sqlx.Connect("mysql", "root:123456@tcp(43.143.245.135:3306)/user") + if err != nil { + log.Println(err) + return err + } + //connect方法提供了ping。所以不需要ping + //err = databasE.Ping() + //if err != nil { + // log.Println(err) + // return err + //} + log.Println("Successfully connected to mysql") + c.SetMaxOpenConns(10) + c.SetMaxIdleConns(5) + return nil +} diff --git a/mysql/sql_prepare.go b/mysql/sql_prepare.go index cd1c237..f515983 100644 --- a/mysql/sql_prepare.go +++ b/mysql/sql_prepare.go @@ -32,14 +32,6 @@ type newUser struct { status int } -func generateNewUser(name, level string, status int) *newUser { - return &newUser{ - name: name, - level: level, - status: status, - } -} - // 预处理方式插入多条数据 func prepareInsert() { sqlStr := `insert into user (name,level,status) values (?,?,?)` diff --git a/mysql/sql_transaction.go b/mysql/sql_transaction.go new file mode 100644 index 0000000..83436e9 --- /dev/null +++ b/mysql/sql_transaction.go @@ -0,0 +1,69 @@ +package main + +import ( + "database/sql" + _ "github.com/go-sql-driver/mysql" + "log" +) + +var Db *sql.DB + +func initdb() (err error) { + Db, err = sql.Open("mysql", "root:123456@tcp(43.143.245.135:3306)/user") + if err != nil { + log.Println(err) + return err + } + err = Db.Ping() + if err != nil { + log.Println(err) + return err + } + log.Println("Successfully connected to mysql") + Db.SetMaxOpenConns(10) + Db.SetMaxIdleConns(5) + return nil +} + +func main() { + err := initdb() + if err != nil { + return + } + transaction() + +} + +func transaction() { + //开启事务 + tx, err := Db.Begin() + if err != nil { + log.Println("begin failed", err) + return + } + //执行多个sql操作,即一个事务 + sqlstr1 := `update user set age=age-1 where id=1` + sqlstr2 := `update user set age=age+1 where id=2` + + _, err = tx.Exec(sqlstr1) + if err != nil { + log.Println("执行sql1出错了,要回滚", err) + //回滚操作 + tx.Rollback() + return + } + _, err = tx.Exec(sqlstr2) + if err != nil { + log.Println("执行sql2出错了,要回滚", err) + //回滚操作 + tx.Rollback() + return + } + //上两步操作都执行成功,就提交本次事务 + err = tx.Commit() + if err != nil { + log.Println(err) + return + } + log.Println("事务执行成功") +} diff --git a/mysql/sqlx.go b/mysql/sqlx.go new file mode 100644 index 0000000..3f2888b --- /dev/null +++ b/mysql/sqlx.go @@ -0,0 +1,62 @@ +package main + +import ( + "fmt" + "github.com/jmoiron/sqlx" + "log" + + _ "github.com/go-sql-driver/mysql" +) + +// sqlx 另外的库 + +var databasE *sqlx.DB + +type users struct { + ID int + NAME string + AGE int +} + +func main() { + err := initd() + if err != nil { + return + } + //查询单行,不需要scan也能拿到结果 + sqlstr := `select id,name,age from user where id=1` + var u users + err = databasE.Get(&u, sqlstr) + if err != nil { + return + } + fmt.Println(u) + //查询多行 + var ulist = make([]users, 0, 1) //引用类型初始化 + sqlstr2 := `select id,name,age from user` + //必须要传指针 + err = databasE.Select(&ulist, sqlstr2) + if err != nil { + fmt.Println(err) + return + } + fmt.Println(ulist) +} + +func initd() (err error) { + databasE, err = sqlx.Connect("mysql", "root:123456@tcp(43.143.245.135:3306)/user") + if err != nil { + log.Println(err) + return err + } + //connect方法提供了ping。所以不需要ping + //err = databasE.Ping() + //if err != nil { + // log.Println(err) + // return err + //} + log.Println("Successfully connected to mysql") + databasE.SetMaxOpenConns(10) + databasE.SetMaxIdleConns(5) + return nil +}