-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathquery.go
92 lines (83 loc) · 3.04 KB
/
query.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
// Package builder provides a fluent SQL query builder with support for multiple SQL dialects.
package builder
import (
"fmt"
"strings"
)
// Query represents a SQL query with its associated parameter values.
// It provides methods for converting the parameterized query into a string
// representation with the parameter values interpolated.
//
// The Query type is typically created by calling Build() on a Builder instance
// and should not be created directly. It encapsulates both the SQL query string
// and its parameter values to ensure type safety and prevent SQL injection.
//
// Example usage:
//
// b := builder.New()
// query, err := b.Select("id", "name").From("users").Where(builder.Eq("status", "active")).Build()
// // query can be used with database/sql's Exec or Query methods
type Query struct {
// Query holds the parameterized SQL query string with placeholders
Query string
// Args holds the parameter values that correspond to the placeholders in Query
Args []interface{}
}
// NewQuery creates a new Query instance with the given SQL query string
// and parameter values. The query string should use placeholders (?) for
// parameter values that will be bound when executing the query.
//
// This function is primarily used internally by the Builder's Build method
// and should rarely be called directly. It ensures that the number of
// placeholders matches the number of provided arguments.
//
// Parameters:
// - q: The SQL query string with parameter placeholders
// - args: The parameter values that correspond to the placeholders
//
// Returns a new Query instance that can be used with database/sql methods.
func NewQuery(q string, args ...interface{}) *Query {
return &Query{
Query: q,
Args: args,
}
}
// String returns a string representation of the query with parameter values
// interpolated into the query string. This method is useful for debugging and logging
// purposes, but should not be used for actual query execution to avoid SQL
// injection vulnerabilities.
//
// The method performs simple string replacements to create a human-readable
// version of the query. It handles common SQL operators and placeholders,
// replacing them with the actual parameter values.
//
// Warning: The returned string may contain unescaped values and should never
// be executed directly against a database.
//
// Example:
//
// q := NewQuery("SELECT * FROM users WHERE status = ?", "active")
// fmt.Println(q.String()) // Outputs: SELECT * FROM users WHERE status = 'active'
func (q *Query) String() string {
replacements := map[string]string{
" = ?": " = '%v'",
" != ?": " != '%v'",
" <> ?": " <> '%v'",
" > ?": " > '%v'",
" >= ?": " >= '%v'",
" < ?": " < '%v'",
" <= ?": " <= '%v'",
" (?, ": " ('%v', ",
" (?)": " ('%v')",
", ?": ", '%v'",
" ?, ": " '%v', ",
" ? AS ": " '%v' AS ",
}
var result strings.Builder
str := q.Query
for pattern, replacement := range replacements {
str = strings.Replace(str, pattern, replacement, -1)
}
result.WriteString(fmt.Sprintf(str, q.Args...))
return result.String()
}