golang
操纵mysql
package main
import (
"database/sql"
"fmt"
_ "github.com/go-sql-driver/mysql"
"log"
"time"
)
func main(){
db, err := sql.Open("mysql", "root:root@(127.0.0.1:3306)/test")
if err != nil {
log.Fatalf("DbOpenError:%s", err)
}
defer db.Close()
err = db.Ping()
if err != nil {
log.Fatalf("DbPingError:%s", err)
}
res0, _ := db.Exec("insert into time value(8,now())")
n, _ := res0.RowsAffected()
fmt.Println("RowsAffected:", n)
var res1, res2 string
res3, _ := db.Query("select * from time where id = -1 or 1=1")
for res3.Next() {
res3.Scan(&res1, &res2)
fmt.Println(res1, "--", res2)
}
stmt0, _ := db.Prepare("select * from time where id = ?")
res4, _ := stmt0.Query("-1 or 1=1")
for res4.Next() {
res4.Scan(&res1, &res2)
fmt.Println(res1, "--", res2)
}
stmt1, _ := db.Prepare("insert into time values (?,?)")
_, _ = stmt1.Exec(3, time.Now())
_, _ = db.Exec("insert into time values (?,?)", 3, time.Now())
}
go.mod
require github.com/go-sql-driver/mysql v1.6.0
mysql>show create table time;
CREATE TABLE `time` (
`id` int(11) DEFAULT NULL,
`updt_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=latin1
准备SQL语句有两种方式:直接定义和预定义。
直接定义:语句中的函数、关键字可以被转义成mysql识别的内容。
预定义:语句中的函数、关键字不可以被转义成mysql识别的内容,防止SQL注入。
预定义也有两种表达方式:
stmt1, _ := db.Prepare("insert into time values (?,?)")
_, _ = stmt1.Exec(3, time.Now())
_, _ = db.Exec("insert into time values (?,?)", 3, time.Now())
两种方式均可。
使用占位符预定义SQL语句时,不能直接使用SQL内置的函数,需要用golang相应的函数替代。
go get github.com/go-sql-driver/mysql
go run main.go