I want to build a query dynamically based on the param it receives, for example
[SELECT (param) FROM (param) where (param) ] instead of writing query again and again for each use case i want to make it work totally dynamic. The main part what concern me is the WHERE clause as it can include different query operations ( AND , OR , %LIKE , etc ).
I want to achieve this using gorm to prevent sql-injections.
@fahad-fk Are you looking for this? It already lets you enter arbitrary SQL expressions and parameters. If not, can you clarify how what you’re looking for is different?
@skillian I will show you my code hope you understand, i Have written a code but it’s not perfect way to do this stuff. there is a first function called DynamicQuery() that gets the param in json for select , where , or , and bind them in a struct after that i pass it to the second function called QueryBuilder().
Now in the second function with the help of sprint.f() i make the structure of db.where() as you can see through the code to make it run using orm, and that excessive use of sprint.f() opens to sql injection in queries i guess so
Assuming your QueryBuilder function worked exactly how you wanted, how would you call it and use the results?
I used a struct to get the params and based on those params generate the result by passing them in a QueryBuilder function.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.