yogurt-ui

> [@yogurt-ui](https://github.com/yogurt-ui) I would like to make sure that we understand your issue. I assume `dl` in your code excerpt is a [mongo.Collection](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo#Collection). We consider it a (no)sql injection if...

The type bson.M can be a no-sql injection attack,but Currently filterM["id"] = filter.ID, "id" is fixed, filter.ID defines a specific type and will only be used as an array value,...

At the same time, the SQL injection rules of Go, when the parameter is of this type(map[string]interface{}{"id": filter.ID}) and filter.ID is a SQL query that can be controlled by the...