MCPcopy
hub / github.com/go-gorm/gorm / ExplainSQL

Function ExplainSQL

logger/sql.go:51–186  ·  view source on GitHub ↗

ExplainSQL generate SQL string with given parameters, the generated SQL is expected to be used in logger, execute it might introduce a SQL injection vulnerability

(sql string, numericPlaceholder *regexp.Regexp, escaper string, avars ...interface{})

Source from the content-addressed store, hash-verified

49
50// ExplainSQL generate SQL string with given parameters, the generated SQL is expected to be used in logger, execute it might introduce a SQL injection vulnerability
51func ExplainSQL(sql string, numericPlaceholder *regexp.Regexp, escaper string, avars ...interface{}) string {
52 var (
53 convertParams func(interface{}, int)
54 vars = make([]string, len(avars))
55 )
56
57 convertParams = func(v interface{}, idx int) {
58 switch v := v.(type) {
59 case bool:
60 vars[idx] = strconv.FormatBool(v)
61 case time.Time:
62 if v.IsZero() {
63 vars[idx] = escaper + tmFmtZero + escaper
64 } else {
65 vars[idx] = escaper + v.Format(tmFmtWithMS) + escaper
66 }
67 case *time.Time:
68 if v != nil {
69 if v.IsZero() {
70 vars[idx] = escaper + tmFmtZero + escaper
71 } else {
72 vars[idx] = escaper + v.Format(tmFmtWithMS) + escaper
73 }
74 } else {
75 vars[idx] = nullStr
76 }
77 case driver.Valuer:
78 reflectValue := reflect.ValueOf(v)
79 if v != nil && reflectValue.IsValid() && ((reflectValue.Kind() == reflect.Ptr && !reflectValue.IsNil()) || reflectValue.Kind() != reflect.Ptr) {
80 r, _ := v.Value()
81 convertParams(r, idx)
82 } else {
83 vars[idx] = nullStr
84 }
85 case fmt.Stringer:
86 reflectValue := reflect.ValueOf(v)
87 switch reflectValue.Kind() {
88 case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
89 vars[idx] = strconv.FormatInt(reflectValue.Int(), 10)
90 case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
91 vars[idx] = strconv.FormatUint(reflectValue.Uint(), 10)
92 case reflect.Float32, reflect.Float64:
93 vars[idx] = strconv.FormatFloat(reflectValue.Float(), 'f', 6, 64)
94 case reflect.Bool:
95 vars[idx] = strconv.FormatBool(reflectValue.Bool())
96 case reflect.String:
97 vars[idx] = escaper + strings.ReplaceAll(fmt.Sprintf("%v", v), escaper, escaper+escaper) + escaper
98 default:
99 if v != nil && reflectValue.IsValid() && ((reflectValue.Kind() == reflect.Ptr && !reflectValue.IsNil()) || reflectValue.Kind() != reflect.Ptr) {
100 vars[idx] = escaper + strings.ReplaceAll(fmt.Sprintf("%v", v), escaper, escaper+escaper) + escaper
101 } else {
102 vars[idx] = nullStr
103 }
104 }
105 case []byte:
106 if s := string(v); isPrintable(s) {
107 vars[idx] = escaper + strings.ReplaceAll(s, escaper, escaper+escaper) + escaper
108 } else {

Callers 2

ExplainMethod · 0.92
TestExplainSQLFunction · 0.92

Calls 8

ToStringFunction · 0.92
isPrintableFunction · 0.85
isNumericFunction · 0.85
ValueMethod · 0.65
TypeMethod · 0.65
WriteStringMethod · 0.65
WriteByteMethod · 0.65
StringMethod · 0.45

Tested by 1

TestExplainSQLFunction · 0.74