squirrel icon indicating copy to clipboard operation
squirrel copied to clipboard
verified publisher icon Masterminds

How to set dynamic parameters for the `From` field

Open batazor opened this issue 4 years ago • 1 comments

As example:

myQuery := myQuery.From(fmt.Sprintf(`myTable, to_tsquery('%s') AS q`, myVariable))

batazor avatar Aug 29 '21 22:08 batazor

Possible SQL injection here? Besides using fmt.Sprintf is a bad idea. We use squirrel to avoid using fmt.Sprintf, don't we?

ousloob avatar Mar 18 '22 22:03 ousloob