How do I avoid SQL injection using database/sql with MySQL?

To avoid SQL injection in Go when working with MySQL using the `database/sql` package, you should always use parameterized queries. This approach ensures that any user input is treated as data rather than executable code, effectively safeguarding your application against SQL injection attacks.

Here’s an example of how to use parameterized queries in Go:

package main import ( "database/sql" "fmt" "log" "github.com/go-sql-driver/mysql" ) func main() { // Open a connection to the database db, err := sql.Open("mysql", "user:password@/dbname") if err != nil { log.Fatal(err) } defer db.Close() // Use parameterized query to prevent SQL injection var id int err = db.QueryRow("SELECT id FROM users WHERE username = ?", "some_username").Scan(&id) if err != nil { log.Fatal(err) } fmt.Println("User ID:", id) }

SQL Injection Go database/sql MySQL Parameterized Queries Security

Related Questions

How do I avoid rehashing overhead with std::set in multithreaded code?

How do I find elements with custom comparators with std::set for embedded targets?

How do I erase elements while iterating with std::set for embedded targets?

How do I provide stable iteration order with std::unordered_map for large datasets?

How do I reserve capacity ahead of time with std::unordered_map for large datasets?

How do I erase elements while iterating with std::unordered_map in multithreaded code?

How do I provide stable iteration order with std::map for embedded targets?

How do I provide stable iteration order with std::map in multithreaded code?

How do I avoid rehashing overhead with std::map in performance-sensitive code?

How do I merge two containers efficiently with std::map for embedded targets?