Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/mfichman/goqu/v9
__ _ ___ __ _ _ _
/ _` |/ _ \ / _` | | | |
| (_| | (_) | (_| | |_| |
\__, |\___/ \__, |\__,_|
|___/ |_|
goqu
is an expressive SQL builder and executor
If you are upgrading from an older version please read the Migrating Between Versions docs.
If using go modules.
go get -u github.com/doug-martin/goqu/v9
If you are not using go modules...
NOTE You should still be able to use this package if you are using go version >v1.10
but, you will need to drop the version from the package. import "github.com/doug-martin/goqu/v9
-> import "github.com/doug-martin/goqu"
go get -u github.com/doug-martin/goqu
goqu
comes with many features but here are a few of the more notable ones
SELECT * FROM "items" WHERE "id" = ?
-> SELECT * FROM "items" WHERE "id" = 1
)While goqu may support the scanning of rows into structs it is not intended to be used as an ORM if you are looking for common ORM features like associations, or hooks I would recommend looking at some of the great ORM libraries such as:
We tried a few other sql builders but each was a thin wrapper around sql fragments that we found error prone. goqu
was built with the following goals in mind:
mysql
, postgres
, sqlite3
, sqlserver
etc)goqu
expressions and common examples.goqu
.goqu
See the select dataset docs for more in depth examples
sql, _, _ := goqu.From("test").ToSQL()
fmt.Println(sql)
Output:
SELECT * FROM "test"
sql, _, _ := goqu.From("test").Where(goqu.Ex{
"d": []string{"a", "b", "c"},
}).ToSQL()
fmt.Println(sql)
Output:
SELECT * FROM "test" WHERE ("d" IN ('a', 'b', 'c'))
See the insert dataset docs for more in depth examples
ds := goqu.Insert("user").
Cols("first_name", "last_name").
Vals(
goqu.Vals{"Greg", "Farley"},
goqu.Vals{"Jimmy", "Stewart"},
goqu.Vals{"Jeff", "Jeffers"},
)
insertSQL, args, _ := ds.ToSQL()
fmt.Println(insertSQL, args)
Output:
INSERT INTO "user" ("first_name", "last_name") VALUES ('Greg', 'Farley'), ('Jimmy', 'Stewart'), ('Jeff', 'Jeffers') []
ds := goqu.Insert("user").Rows(
goqu.Record{"first_name": "Greg", "last_name": "Farley"},
goqu.Record{"first_name": "Jimmy", "last_name": "Stewart"},
goqu.Record{"first_name": "Jeff", "last_name": "Jeffers"},
)
insertSQL, args, _ := ds.ToSQL()
fmt.Println(insertSQL, args)
Output:
INSERT INTO "user" ("first_name", "last_name") VALUES ('Greg', 'Farley'), ('Jimmy', 'Stewart'), ('Jeff', 'Jeffers') []
type User struct {
FirstName string `db:"first_name"`
LastName string `db:"last_name"`
}
ds := goqu.Insert("user").Rows(
User{FirstName: "Greg", LastName: "Farley"},
User{FirstName: "Jimmy", LastName: "Stewart"},
User{FirstName: "Jeff", LastName: "Jeffers"},
)
insertSQL, args, _ := ds.ToSQL()
fmt.Println(insertSQL, args)
Output:
INSERT INTO "user" ("first_name", "last_name") VALUES ('Greg', 'Farley'), ('Jimmy', 'Stewart'), ('Jeff', 'Jeffers') []
ds := goqu.Insert("user").Prepared(true).
FromQuery(goqu.From("other_table"))
insertSQL, args, _ := ds.ToSQL()
fmt.Println(insertSQL, args)
Output:
INSERT INTO "user" SELECT * FROM "other_table" []
ds := goqu.Insert("user").Prepared(true).
Cols("first_name", "last_name").
FromQuery(goqu.From("other_table").Select("fn", "ln"))
insertSQL, args, _ := ds.ToSQL()
fmt.Println(insertSQL, args)
Output:
INSERT INTO "user" ("first_name", "last_name") SELECT "fn", "ln" FROM "other_table" []
See the update dataset docs for more in depth examples
sql, args, _ := goqu.Update("items").Set(
goqu.Record{"name": "Test", "address": "111 Test Addr"},
).ToSQL()
fmt.Println(sql, args)
Output:
UPDATE "items" SET "address"='111 Test Addr',"name"='Test' []
type item struct {
Address string `db:"address"`
Name string `db:"name" goqu:"skipupdate"`
}
sql, args, _ := goqu.Update("items").Set(
item{Name: "Test", Address: "111 Test Addr"},
).ToSQL()
fmt.Println(sql, args)
Output:
UPDATE "items" SET "address"='111 Test Addr' []
sql, _, _ := goqu.Update("test").
Set(goqu.Record{"foo": "bar"}).
Where(goqu.Ex{
"a": goqu.Op{"gt": 10}
}).ToSQL()
fmt.Println(sql)
Output:
UPDATE "test" SET "foo"='bar' WHERE ("a" > 10)
See the delete dataset docs for more in depth examples
ds := goqu.Delete("items")
sql, args, _ := ds.ToSQL()
fmt.Println(sql, args)
sql, _, _ := goqu.Delete("test").Where(goqu.Ex{
"c": nil
}).ToSQL()
fmt.Println(sql)
Output:
DELETE FROM "test" WHERE ("c" IS NULL)
I am always welcoming contributions of any type. Please open an issue or create a PR if you find an issue with any of the following.
If you have an issue with the package please include the following
Without those basics it can be difficult to reproduce your issue locally. You may be asked for more information but that is a good starting point.
New features and/or enhancements are great and I encourage you to either submit a PR or create an issue. In both cases include the following as the need/requirement may not be readily apparent.
If you are issuing a PR also include the following
If you find an issue you want to work on please comment on it letting other people know you are looking at it and I will assign the issue to you.
If want to work on an issue but dont know where to start just leave a comment and I'll be more than happy to point you in the right direction.
The test suite requires a postgres, mysql and sqlserver databases. You can override the connection strings with the MYSQL_URI
, PG_URI
, SQLSERVER_URI
environment variables*
go test -v -race ./...
You can also run the tests in a container using docker-compose.
MYSQL_VERSION=8 POSTGRES_VERSION=13.4 SQLSERVER_VERSION=2017-CU8-ubuntu GO_VERSION=latest docker-compose run goqu
goqu
is released under the MIT License.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.