英文:
Displaying results from a database in golang
问题
我正在从一个表单中读取一个MySQL查询输入:
<h1>MySQL页面</h1><small>在这里执行查询和编辑数据库</small><form method="get" action=""><label for="sqlQuery">MySQL查询:</label><input type="text" id="sqlQuery" name="sqlQuery"><button type="submit">执行查询</button></form>
之后,我想使用GoLang在同一页上显示结果,但它一直告诉我:
# command-line-arguments./sql.go:128: 无法将结果(类型为sql.Result)转换为字符串类型
请记住,这是我写的第一个GoLang应用程序,如果这是一个简单的问题,我很抱歉,以下是GoLang代码:
func sqlQueryHandler(response http.ResponseWriter, request *http.Request){userName := getUserName(request)db, err := sql.Open("mysql", userName)fmt.Fprintf(response, sqlPage)sqlCommand := request.FormValue("sqlQuery")//fmt.Fprintf(response, sqlCommand)if err != nil {fmt.Fprintf(response, "\n\n在执行MySQL命令时发生错误:%s", err)panic(err)} else {data, err := db.Exec(sqlCommand)if err != nil {http.Redirect(response, request, "/error", 302)} else {// 在这里显示SQL查询的输出}}}
英文:
I'm reading a MySQL query input from a form:
<h1>MySQL Page</h1><small>Perform queries and edit the database from here</small><form method="get" action=""><label for="sqlQuery">MySQL Query:</label><input type="text" id="sqlQuery" name="sqlQuery"><button type="submit">Perform Query</button></form>
After that I want to display the results on the same page using GoLang, however it keeps telling me that:
# command-line-arguments./sql.go:128: cannot convert results (type sql.Result) to type string
Please keep in mind, this is the first golang app I've ever written so I apologize if this is a simple issue, here is the golang code:
func sqlQueryHandler(response http.ResponseWriter, request *http.Request){userName := getUserName(request)db, err := sql.Open("mysql", userName)fmt.Fprintf(response, sqlPage)sqlCommand := request.FormValue("sqlQuery")//fmt.Fprintf(response, sqlCommand)if err != nil {fmt.Fprintf(response, "\n\nAn error occured during your MySQL command: %s", err)panic(err)} else {data, err := db.Exec(sqlCommand)if err != nil {http.Redirect(response, request, "/error", 302)} else {// display the output of the sql query here}}}
答案1
得分: 2
根据你的代码,这里有一个示例:
func sqlQueryHandler(response http.ResponseWriter, request *http.Request) {var (userName = getUserName(request)sqlCommand = request.FormValue("sqlQuery"))db, err := sql.Open("mysql", userName)if err != nil {fmt.Fprintf(response, "\n\n在执行MySQL命令时发生错误:%s", err)// 如果发生错误,你可以在这里停止执行,不需要else语句panic(err)}rows, err := db.Query(sqlCommand)if err != nil {http.Redirect(response, request, "/error", 302)// 返回,所以不需要else语句return}if err != nil {panic(err)}defer rows.Close()for rows.Next() {var (name stringage int)if err := rows.Scan(&name, &age); err != nil {panic(err)}fmt.Printf("%s is %d\n", name, age)}if err := rows.Err(); err != nil {panic(err)}}
然而,这种方法存在几个问题:
- 你从服务器外部传递了SQL语句。任何访问这个函数的人都可以读取你服务器上的所有数据。
- Go语言的一个优点是它是一种强类型语言。但是在这里,你正在构建一个处理通用SQL查询的函数,这与“强类型语言”的范例相矛盾。你可以编写处理不同结构化数据的通用函数(比如
json.Unmarshal()),但是特别是在编程Go语言的早期阶段,你不应该这样做。
英文:
Here an example based on your code:
func sqlQueryHandler(response http.ResponseWriter, request *http.Request) {var (userName = getUserName(request)sqlCommand = request.FormValue("sqlQuery"))db, err := sql.Open("mysql", userName)if err != nil {fmt.Fprintf(response, "\n\nAn error occured during your MySQL command: %s", err)// if you panic you stop here anyway. no else neededpanic(err)}rows, err := db.Query(sqlCommand)if err != nil {http.Redirect(response, request, "/error", 302)// return, so no else is neededreturn}if err != nil {panic(err)}defer rows.Close()for rows.Next() {var (name stringage int)if err := rows.Scan(&name, &age); err != nil {panic(err)}fmt.Printf("%s is %d\n", name, age)}if err := rows.Err(); err != nil {panic(err)}}
There are several problems however with this approach:
- You are passing the sql from outside the server. Anyone accessing this can read all the data from your server.
- One of Go's strengths is being a typed language. Here you are building a general sql query function which contradicts the
typed languageparadigm. You can write general function dealing with differently structured data (likejson.Unmarshal()) -- but especially early in programming go you shouldn't.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论