sqlx sqlinject sqltransaction

main
Your Name 2024-07-23 01:43:15 +08:00
parent ef2f287ae9
commit 551443d830
6 changed files with 197 additions and 8 deletions

1
go.mod
View File

@ -5,4 +5,5 @@ go 1.22
require ( require (
filippo.io/edwards25519 v1.1.0 // indirect filippo.io/edwards25519 v1.1.0 // indirect
github.com/go-sql-driver/mysql v1.8.1 // indirect github.com/go-sql-driver/mysql v1.8.1 // indirect
github.com/jmoiron/sqlx v1.4.0 // indirect
) )

4
go.sum
View File

@ -2,3 +2,7 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=

61
mysql/sql_inject.go Normal file
View File

@ -0,0 +1,61 @@
package main
import (
"fmt"
"github.com/jmoiron/sqlx"
"log"
_ "github.com/go-sql-driver/mysql"
)
var c *sqlx.DB
type user23 struct {
ID int
NAME string
AGE int
}
// sql 注入
func main() {
err := connect()
if err != nil {
return
}
sqlInject("王奥")
//拼接之后会查出所有数据
sqlInject("xxx' or 1=1 #")
}
func sqlInject(name string) {
sqlStr := fmt.Sprintf("select id,name,age from user where name='%v'", name)
fmt.Println("sql:", sqlStr)
var u []user23
err := c.Select(&u, sqlStr)
if err != nil {
log.Fatal(err)
return
}
for _, user1 := range u {
fmt.Println("user1:", user1)
}
}
func connect() (err error) {
c, err = sqlx.Connect("mysql", "root:123456@tcp(43.143.245.135:3306)/user")
if err != nil {
log.Println(err)
return err
}
//connect方法提供了ping。所以不需要ping
//err = databasE.Ping()
//if err != nil {
// log.Println(err)
// return err
//}
log.Println("Successfully connected to mysql")
c.SetMaxOpenConns(10)
c.SetMaxIdleConns(5)
return nil
}

View File

@ -32,14 +32,6 @@ type newUser struct {
status int status int
} }
func generateNewUser(name, level string, status int) *newUser {
return &newUser{
name: name,
level: level,
status: status,
}
}
// 预处理方式插入多条数据 // 预处理方式插入多条数据
func prepareInsert() { func prepareInsert() {
sqlStr := `insert into user (name,level,status) values (?,?,?)` sqlStr := `insert into user (name,level,status) values (?,?,?)`

69
mysql/sql_transaction.go Normal file
View File

@ -0,0 +1,69 @@
package main
import (
"database/sql"
_ "github.com/go-sql-driver/mysql"
"log"
)
var Db *sql.DB
func initdb() (err error) {
Db, err = sql.Open("mysql", "root:123456@tcp(43.143.245.135:3306)/user")
if err != nil {
log.Println(err)
return err
}
err = Db.Ping()
if err != nil {
log.Println(err)
return err
}
log.Println("Successfully connected to mysql")
Db.SetMaxOpenConns(10)
Db.SetMaxIdleConns(5)
return nil
}
func main() {
err := initdb()
if err != nil {
return
}
transaction()
}
func transaction() {
//开启事务
tx, err := Db.Begin()
if err != nil {
log.Println("begin failed", err)
return
}
//执行多个sql操作,即一个事务
sqlstr1 := `update user set age=age-1 where id=1`
sqlstr2 := `update user set age=age+1 where id=2`
_, err = tx.Exec(sqlstr1)
if err != nil {
log.Println("执行sql1出错了要回滚", err)
//回滚操作
tx.Rollback()
return
}
_, err = tx.Exec(sqlstr2)
if err != nil {
log.Println("执行sql2出错了要回滚", err)
//回滚操作
tx.Rollback()
return
}
//上两步操作都执行成功,就提交本次事务
err = tx.Commit()
if err != nil {
log.Println(err)
return
}
log.Println("事务执行成功")
}

62
mysql/sqlx.go Normal file
View File

@ -0,0 +1,62 @@
package main
import (
"fmt"
"github.com/jmoiron/sqlx"
"log"
_ "github.com/go-sql-driver/mysql"
)
// sqlx 另外的库
var databasE *sqlx.DB
type users struct {
ID int
NAME string
AGE int
}
func main() {
err := initd()
if err != nil {
return
}
//查询单行不需要scan也能拿到结果
sqlstr := `select id,name,age from user where id=1`
var u users
err = databasE.Get(&u, sqlstr)
if err != nil {
return
}
fmt.Println(u)
//查询多行
var ulist = make([]users, 0, 1) //引用类型初始化
sqlstr2 := `select id,name,age from user`
//必须要传指针
err = databasE.Select(&ulist, sqlstr2)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(ulist)
}
func initd() (err error) {
databasE, err = sqlx.Connect("mysql", "root:123456@tcp(43.143.245.135:3306)/user")
if err != nil {
log.Println(err)
return err
}
//connect方法提供了ping。所以不需要ping
//err = databasE.Ping()
//if err != nil {
// log.Println(err)
// return err
//}
log.Println("Successfully connected to mysql")
databasE.SetMaxOpenConns(10)
databasE.SetMaxIdleConns(5)
return nil
}