How can I prevent SQL injection attacks in Go while using “database/sql”?
As long as you’re using Prepare or Query, you’re safe. // this is safe db.Query(“SELECT name FROM users WHERE age=?”, req.FormValue(“age”)) // this allows sql injection. db.Query(“SELECT name FROM users WHERE age=” + req.FormValue(“age”))