55 lines
1.1 KiB
Go
55 lines
1.1 KiB
Go
package gorqlite
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
// EscapeString sql-escapes a string.
|
|
func EscapeString(value string) string {
|
|
replace := [][2]string{
|
|
{`\`, `\\`},
|
|
{`\0`, `\\0`},
|
|
{`\n`, `\\n`},
|
|
{`\r`, `\\r`},
|
|
{`"`, `\"`},
|
|
{`'`, `\'`},
|
|
}
|
|
|
|
for _, val := range replace {
|
|
value = strings.Replace(value, val[0], val[1], -1)
|
|
}
|
|
|
|
return value
|
|
}
|
|
|
|
// PreparedStatement is a simple wrapper around fmt.Sprintf for prepared SQL
|
|
// statements.
|
|
type PreparedStatement struct {
|
|
body string
|
|
}
|
|
|
|
// NewPreparedStatement takes a sprintf syntax SQL query for later binding of
|
|
// parameters.
|
|
func NewPreparedStatement(body string) PreparedStatement {
|
|
return PreparedStatement{body: body}
|
|
}
|
|
|
|
// Bind takes arguments and SQL-escapes them, then calling fmt.Sprintf.
|
|
func (p PreparedStatement) Bind(args ...interface{}) string {
|
|
var spargs []interface{}
|
|
|
|
for _, arg := range args {
|
|
switch arg.(type) {
|
|
case string:
|
|
spargs = append(spargs, `'`+EscapeString(arg.(string))+`'`)
|
|
case fmt.Stringer:
|
|
spargs = append(spargs, `'`+EscapeString(arg.(fmt.Stringer).String())+`'`)
|
|
default:
|
|
spargs = append(spargs, arg)
|
|
}
|
|
}
|
|
|
|
return fmt.Sprintf(p.body, spargs...)
|
|
}
|