如果您的地图具有这样的字段名称和值:
m := map[string]interface{}{"UserID": 1234, "Age": 18}那么您可以像这样构建查询:
var values []interface{}var where []stringfor _, k := range []string{"userId", "gender", "age", "name", "height", "weight", "ethnicity"} { if v, ok := m[k]; ok { values = append(values, v) where = append(where, fmt.Sprintf("%s = ?", k)) }}r, err := db.QueryRow("SELECt name FROM users WHERe " + strings.Join(where, " AND "), values...)这不会受到SQL注入的影响,因为占位符用于应用程序直接控制范围之外的查询部分。
如果已知映射键允许使用字段名称,请使用以下命令:
var values []interface{}var where []stringfor k, v := range m { values = append(values, v) where = append(where, fmt.Sprintf("%s = ?", k))}r, err := db.QueryRow("SELECt name FROM users WHERe " + strings.Join(where, " AND "), values...)
