Hacker News new | past | comments | ask | show | jobs | submit login

golang https://github.com/Masterminds/squirrel

Constructing sql by concat strings has a few issues, its repetitive and hard to assemble certain queries conditionally, and at least in golang its easy to write code vulnerable to sql injection and you can avoid that by using types




I never use string concat to generate SQL in Go - isn’t it normal to use placeholders? ie,

    db.QueryRow(“select $1”, n)
Looking at squirrel, I really don’t see how this

    sql, args, err := sq.Insert("users").Columns("name", "age").
    Values("moe", 13).Values("larry", sq.Expr("? + 5", 12)).
    ToSql()
Is better than this

    sql == "INSERT INTO users (name,age) VALUES (?,?),(?,? + 5)"
That said, I will happily agree that that SQL statement composition is not the same as an ORM, and I can see the benefit of Squirrel for those rare times you do need to conditionally build SQL statements.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: