Postgresql 使用数组值更新表中的记录
我试图用一个数组(片)值更新postgres表中的记录。该表具有以下DDL:Postgresql 使用数组值更新表中的记录,postgresql,go,Postgresql,Go,我试图用一个数组(片)值更新postgres表中的记录。该表具有以下DDL: CREATE TABLE slm_files ( id uuid DEFAULT gen_random_uuid() PRIMARY KEY, filename character varying NOT NULL, status character varying NOT NULL, original_headers text[] ); 我的Go代码如下: package main
CREATE TABLE slm_files (
id uuid DEFAULT gen_random_uuid() PRIMARY KEY,
filename character varying NOT NULL,
status character varying NOT NULL,
original_headers text[]
);
package main
import (
"context"
"database/sql"
"encoding/json"
"fmt"
"os"
"strings"
"time"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
"github.com/lib/pq"
)
type message struct {
ID string `json:"id"`
Filename string `json:"filename"`
Status string `json:"status"`
OriginalHeaders []string `json:"OriginalHeaders"`
}
func main() {
host := os.Getenv("PGhost")
port := 5432
user := os.Getenv("PGuser")
password := os.Getenv("PGpassword")
dbname := os.Getenv("PGdbname")
pgConString := fmt.Sprintf("port=%d host=%s user=%s "+
"password=%s dbname=%s sslmode=disable",
port, host, user, password, dbname)
msgBody := `update_headers___
{
"id": "76b67119-d8c1-4a20-b53e-49e4972e2f19",
"filename": "SLM1171_inputData_preNCOA-5babc88b-1d14-468d-bf6e-c3b36ce90d95.csv",
"status": "Submitted",
"OriginalHeaders": [
"city",
"state",
"zipcode",
"full_name",
"individual_id"
]
}`
fmt.Println("Processing file", msgBody)
queryMethod := strings.Split(msgBody, "___")[0]
fieldDict := strings.Split(msgBody, "___")[1]
db, err := sql.Open("postgres", pgConString)
if err != nil {
panic(err)
}
fmt.Println("Connected Successfully")
defer db.Close()
body := message{}
json.Unmarshal([]byte(fieldDict), &body)
fmt.Println(queryMethod)
fmt.Println(body)
var sqlStatement string
switch queryMethod {
case "update_ncoa":
sqlStatement = fmt.Sprintf(`UPDATE slm_files SET status = '%s', updated_at = '%s' where id = '%s';`,
body.Status,
body.UpdatedAt,
body.ID,
)
case "update_headers":
sqlStatement = fmt.Sprintf(`UPDATE slm_files SET original_headers = '%s', updated_at = '%s' where id = '%s';`,
pq.Array(body.OriginalHeaders),
body.UpdatedAt,
body.ID,
)
}
fmt.Println(sqlStatement)
_, err = db.Query(sqlStatement)
if err != nil {
fmt.Println("Failed to run query", err)
return
}
}
fmt.Println("Query executed!")
return
}
pq: malformed array literal: "&[first_name last_name city state zipcode full_name individual_id]": Error
null
pq.Array()我已经读到了Go数组和Postgres数组在格式上的差异,所以我希望让pq.Array函数来解决问题,但显然不是这样。正如Peter建议的那样,数据库处理有很多问题需要解决。而且绝对值得重做这些SQL语句,以避免使用Sprintf进行查询 但是,在使用postgres数组和pq库时,需要使用pq.Array的Value()方法来获取postgres格式。将标题的update语句更改为以下内容:
arrayVal, _ := pq.Array(body.OriginalHeaders).Value()
sqlStatement = fmt.Sprintf(`UPDATE slm_files SET original_headers = '%s', updated_at = '%s' where id = '%s';`,
arrayVal,
body.UpdatedAt,
body.ID,
)
值得检查Value()方法的返回以确保没有错误,我只是为了一个简单的示例而忽略了它。不要使用Sprintf构造SQL查询,至少不要对动态值进行查询。这为SQL注入打开了大门。使用占位符和变量参数来执行,如中所示。谢谢,我知道这不是最佳实践,但这是不是我的遗留代码,我只需要做一件事。这不仅是最佳实践,也是关于正确性的。Sprintf无法生成有效的SQL语法,因此无法工作。你必须重写代码。