英文:
Strange behaviour GoLang limits storing of string into a variable to 64 bytes length
问题
我一直在尝试将一个大字符串存储到Go语言的字符串变量中,但由于某种未知的原因,Go语言将字符串限制在64个字节的长度。
这个字符串拼接的主要目的是根据用户输入在运行时生成一个Couchbase的N1QL查询。
userInput := []string{"apple", "boy", "cat", "dog"}
var buffer string
buffer = "SELECT * FROM DB WHERE DB.ITEM_NAME="+userInput[0]+
"OR DB.ITEM_NAME="+userInput1
在这种情况下,如果我在变量buffer上进行调试,例如,我可以看到它只包含"SELECT * FROM DB WHERE DB.ITEM_NAME="+userInput[0]+OR",根据用户输入的大小它会有所变化,并将字符串限制在第64个字符。
英文:
I have been trying to store a large string into a string variable in GoLang , but for some unknown reason GoLang is limiting the string to 64 Bytes in length
The main purpose of this string concatenation is to generate a couchbase's N1QL query at runtime based on user input
userInput := []string{"apple", "boy", "cat", "dog"}
var buffer string
buffer = "SELECT * FROM DB WHERE DB.ITEM_NAME="+userInput[0]+
"OR DB.ITEM_NAME="+userInput[1]
In such a case if I debug on variable buffer, for example I can see it contains only until "SELECT * FROM DB WHERE DB.ITEM_NAME="+userInput[0]+OR" depending upon user input size it varies and it caps the string to 64th character
答案1
得分: 2
行为符合预期。行为并不奇怪。
你的代码创建了明显错误的Couchbase N1QL查询语句:
package main
import (
"fmt"
)
func main() {
userInput := []string{"apple", "boy", "cat", "dog"}
var buffer string
buffer = "SELECT * FROM DB WHERE DB.ITEM_NAME=" + userInput[0] +
"OR DB.ITEM_NAME=" + userInput[1]
fmt.Println(buffer)
}
输出结果:
SELECT * FROM DB WHERE DB.ITEM_NAME=appleOR DB.ITEM_NAME=boy
这里是一个合理的解决方案:
package main
import (
"fmt"
)
func main() {
userInput := []string{"apple", "boy", "cat", "dog"}
query := fmt.Sprintf(
`SELECT * FROM DB WHERE DB.ITEM_NAME=%q OR DB.ITEM_NAME=%q;`,
userInput[0], userInput[1],
)
fmt.Println(query)
}
输出结果:
SELECT * FROM DB WHERE DB.ITEM_NAME="apple" OR DB.ITEM_NAME="boy";
注意:要注意防止SQL注入。
参考资料:
英文:
The behaviour is as expected. The behaviour is not strange.
Your code creates obviously wrong Couchbase N1QL:
package main
import (
"fmt"
)
func main() {
userInput := []string{"apple", "boy", "cat", "dog"}
var buffer string
buffer = "SELECT * FROM DB WHERE DB.ITEM_NAME=" + userInput[0] +
"OR DB.ITEM_NAME=" + userInput[1]
fmt.Println(buffer)
}
Output:
SELECT * FROM DB WHERE DB.ITEM_NAME=appleOR DB.ITEM_NAME=boy
Here is a plausible solution:
package main
import (
"fmt"
)
func main() {
userInput := []string{"apple", "boy", "cat", "dog"}
query := fmt.Sprintf(
`SELECT * FROM DB WHERE DB.ITEM_NAME=%q OR DB.ITEM_NAME=%q;`,
userInput[0], userInput[1],
)
fmt.Println(query)
}
Output:
SELECT * FROM DB WHERE DB.ITEM_NAME="apple" OR DB.ITEM_NAME="boy";
Note: Beware of SQL injection.
References:
The Go Programming Language Specification
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论