How to use wildcard in sql query in golang

huangapple go评论93阅读模式
英文:

How to use wildcard in sql query in golang

问题

查询 := "select p.project_id,p.name,p.org_id,p.user_id,p.email,p.status_ind,p.approver,p.favorite,p.create_timestamp,t.name as tagname,count(b.name) as total,t.colorCode from project p inner join tag t on p.project_id = t.project_id  ";
q2 := " left join build b on p.project_id = b.project_id AND b.status_ind = \"created\" AND p.status_ind = :status group by p.project_id, t.colorCode "
//查询 := "select project.project_id,project.name,project.org_id,project.user_id,project.email,project.status_ind,project.approver,project.favorite,project.create_timestamp,tag.name AS tagname, tag.colorCode from project INNER JOIN tag on project.project_id = tag.project_id where status_ind=:status "
if q["name"] != "" {
    查询 = 查询 + " AND p.name LIKE %:name " 
}
查询+=q2
查询 += " ORDER BY create_timestamp DESC "
查询 += " LIMIT :limit;"

这里的name是一个参数,它是一个Golang变量,来自JSON请求。每当我访问API时,它会抛出一个无效的SQL错误。

英文:
query := "select p.project_id,p.name,p.org_id,p.user_id,p.email,p.status_ind,p.approver,p.favorite,p.create_timestamp,t.name as tagname,count(b.name) as total,t.colorCode from project p inner join tag t on p.project_id = t.project_id  ";
	q2 := " left join build b on p.project_id = b.project_id AND b.status_ind = \"created\" AND p.status_ind = :status group by p.project_id, t.colorCode "
	//query := "select project.project_id,project.name,project.org_id,project.user_id,project.email,project.status_ind,project.approver,project.favorite,project.create_timestamp,tag.name AS tagname, tag.colorCode from project INNER JOIN tag on project.project_id = tag.project_id where status_ind=:status "
	if q["name"] != "" {
		query = query  + " AND p.name LIKE %:name " 
	}
    query+=q2
	query += " ORDER BY create_timestamp DESC "
	query += " LIMIT :limit;"

Here name is parameter which is a golang variable and comes from json request. It is throwing me an error of invalid sql whenever I hit the API.

答案1

得分: 2

关于SQL语法,有两个要注意的事项:

  • LIKE的参数必须是一个字符串。
  • 参数占位符不能位于SQL字符串定界符内部。

因此,你需要将LIKE的参数设置为一个由'%'和你的参数值拼接而成的字符串。

有两种方法可以实现这个目的。

第一种方法是使用CONCAT()函数将字面字符串'%'和你的参数拼接起来:

query := `
  SELECT ...
  FROM project p 
  INNER JOIN tag t ON p.project_id = t.project_id  
  LEFT JOIN build b ON p.project_id = b.project_id 
    AND b.status_ind = 'created' 
    AND p.status_ind = ? 
    AND p.name LIKE CONCAT('%', ?)
  GROUP BY p.project_id, t.colorCode
  ORDER BY create_timestamp DESC
  LIMIT ?`

rows, err := db.Query(query, status, name, limit)

第二种方法是只使用参数占位符,并在Go代码中将字符串拼接后再传递给查询:

query := `
  SELECT ...
  FROM project p 
  INNER JOIN tag t ON p.project_id = t.project_id  
  LEFT JOIN build b ON p.project_id = b.project_id 
    AND b.status_ind = 'created' 
    AND p.status_ind = ? 
    AND p.name LIKE ?
  GROUP BY p.project_id, t.colorCode
  ORDER BY create_timestamp DESC
  LIMIT ?`

namePattern := "%" + name

rows, err := db.Query(query, status, namePattern, limit)

上面的示例中,我使用了Go的反引号字符串,以便更容易地创建包含字面引号字符的多行字符串。这是我在Go中编写SQL查询的方式。

据我所知,MySQL只支持位置参数占位符,不支持命名参数占位符。

英文:

Two things to keep in mind about SQL syntax:

  • The argument to LIKE must be a string.

  • Parameter placeholders must not be inside SQL string delimiters.

So you need to make the argument to LIKE be a concatenated string of '%' and the value of your parameter.

There are two ways to do this.

The first way is to use CONCAT() to concatenate the literal string '%' and your parameter:

query := `
  SELECT ...
  FROM project p 
  INNER JOIN tag t ON p.project_id = t.project_id  
  LEFT JOIN build b ON p.project_id = b.project_id 
    AND b.status_ind = 'created' 
    AND p.status_ind = ? 
    AND p.name LIKE CONCAT('%', ?)
  GROUP BY p.project_id, t.colorCode
  ORDER BY create_timestamp DESC
  LIMIT ?`

rows, err := db.Query(query, status, name, limit)

The second way is to just use a parameter placeholder, and concatenate the string in Go code before passing it to the query.

query := `
  SELECT ...
  FROM project p 
  INNER JOIN tag t ON p.project_id = t.project_id  
  LEFT JOIN build b ON p.project_id = b.project_id 
    AND b.status_ind = 'created' 
    AND p.status_ind = ? 
    AND p.name LIKE ?
  GROUP BY p.project_id, t.colorCode
  ORDER BY create_timestamp DESC
  LIMIT ?`

namePattern := "%" + name

rows, err := db.Query(query, status, namePattern, limit)

I show in the example above using Go back-tick strings to make it easier to make multi-line strings that may contain literal quote characters. This is the way I write SQL queries in Go.

As far as I know, MySQL only supports positional query parameter placeholders, not named query parameter placeholders.

huangapple
  • 本文由 发表于 2021年8月30日 04:59:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/68976856.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定