Go语言的奇怪行为:将字符串存储到变量中的长度限制为64个字节。

huangapple go评论84阅读模式
英文:

Strange behaviour GoLang limits storing of string into a variable to 64 bytes length

问题

我一直在尝试将一个大字符串存储到Go语言的字符串变量中,但由于某种未知的原因,Go语言将字符串限制在64个字节的长度。

这个字符串拼接的主要目的是根据用户输入在运行时生成一个Couchbase的N1QL查询。

userInput := []string{"apple", "boy", "cat", "dog"}
var buffer string
buffer = "SELECT * FROM DB WHERE DB.ITEM_NAME="+userInput[0]+
"OR DB.ITEM_NAME="+userInput1

在这种情况下,如果我在变量buffer上进行调试,例如,我可以看到它只包含"SELECT * FROM DB WHERE DB.ITEM_NAME="+userInput[0]+OR",根据用户输入的大小它会有所变化,并将字符串限制在第64个字符。

英文:

I have been trying to store a large string into a string variable in GoLang , but for some unknown reason GoLang is limiting the string to 64 Bytes in length

The main purpose of this string concatenation is to generate a couchbase's N1QL query at runtime based on user input

userInput := []string{"apple", "boy", "cat", "dog"} 
var buffer string 
buffer = "SELECT * FROM DB WHERE DB.ITEM_NAME="+userInput[0]+
         "OR DB.ITEM_NAME="+userInput[1]

In such a case if I debug on variable buffer, for example I can see it contains only until "SELECT * FROM DB WHERE DB.ITEM_NAME="+userInput[0]+OR" depending upon user input size it varies and it caps the string to 64th character

答案1

得分: 2

行为符合预期。行为并不奇怪。

你的代码创建了明显错误的Couchbase N1QL查询语句:

package main

import (
	"fmt"
)

func main() {
	userInput := []string{"apple", "boy", "cat", "dog"}
	var buffer string
	buffer = "SELECT * FROM DB WHERE DB.ITEM_NAME=" + userInput[0] +
		"OR DB.ITEM_NAME=" + userInput[1]
	fmt.Println(buffer)
}

输出结果:

SELECT * FROM DB WHERE DB.ITEM_NAME=appleOR DB.ITEM_NAME=boy

这里是一个合理的解决方案:

package main

import (
	"fmt"
)

func main() {
	userInput := []string{"apple", "boy", "cat", "dog"}
	query := fmt.Sprintf(
		`SELECT * FROM DB WHERE DB.ITEM_NAME=%q OR DB.ITEM_NAME=%q;`,
		userInput[0], userInput[1],
	)
	fmt.Println(query)
}

输出结果:

SELECT * FROM DB WHERE DB.ITEM_NAME="apple" OR DB.ITEM_NAME="boy";

注意:要注意防止SQL注入。

参考资料:

Go编程语言规范

Couchbase:查询语言教程

Couchbase:使用N1QL查询

英文:

The behaviour is as expected. The behaviour is not strange.

Your code creates obviously wrong Couchbase N1QL:

package main

import (
	"fmt"
)

func main() {
	userInput := []string{"apple", "boy", "cat", "dog"}
	var buffer string
	buffer = "SELECT * FROM DB WHERE DB.ITEM_NAME=" + userInput[0] +
		"OR DB.ITEM_NAME=" + userInput[1]
	fmt.Println(buffer)
}

Output:

SELECT * FROM DB WHERE DB.ITEM_NAME=appleOR DB.ITEM_NAME=boy

Here is a plausible solution:

package main

import (
	"fmt"
)

func main() {
	userInput := []string{"apple", "boy", "cat", "dog"}
	query := fmt.Sprintf(
		`SELECT * FROM DB WHERE DB.ITEM_NAME=%q OR DB.ITEM_NAME=%q;`,
		userInput[0], userInput[1],
	)
	fmt.Println(query)
}

Output:

SELECT * FROM DB WHERE DB.ITEM_NAME="apple" OR DB.ITEM_NAME="boy";

Note: Beware of SQL injection.

References:

The Go Programming Language Specification

Couchbase: Query Language Tutorial

Couchbase: Querying with N1QL

huangapple
  • 本文由 发表于 2017年2月16日 00:47:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/42255334.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定