Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support native SQL as custom fields #1213

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

mimicode
Copy link

@mimicode mimicode commented Sep 13, 2024

  • Do only one thing
  • Non breaking API changes
  • Tested

What did this pull request do?

support native SQL as custom fields

User Case Description

field.NewFieldRaw("if(column1=?,column2,column3)", "1")

field.NewFieldRaw("if(column1=?,column2,column3)", field.NewField("", "new_id"))

@mimicode
Copy link
Author

#1212

@shiyuecamus
Copy link

When can this be merged?

@shiyuecamus
Copy link

anxious!

@serious-snow
Copy link

I need it.

@OneSeven
Copy link

OneSeven commented Mar 14, 2025

@tr1v3r 急需此功能pr,能否合并发版?

@shiyuecamus
Copy link

@tr1v3r 急需此功能pr,能否合并发版?

作者直接忽视咱们

@tr1v3r
Copy link
Member

tr1v3r commented Mar 17, 2025

@tr1v3r 急需此功能pr,能否合并发版?

这个可能会引入SQL注入漏洞

@shiyuecamus
Copy link

shiyuecamus commented Mar 17, 2025

@tr1v3r 急需此功能pr,能否合并发版?

这个可能会引入SQL注入漏洞

有道理,请教一下如果我需要使用sql原生的function应该怎么做呢?

@tr1v3r
Copy link
Member

tr1v3r commented Mar 17, 2025

@tr1v3r 急需此功能pr,能否合并发版?

这个可能会引入SQL注入漏洞

有道理,请教一下如果我需要使用sql原生的function应该怎么做呢?

原本的设计是使用动态SQL做:https://gorm.io/gen/dynamic_sql.html,
如果不想用这个但是一定要用一些raw function可以在特定场景调用UnderlyingDB().Raw()自己负责SQL的安全性进行查询

@tr1v3r
Copy link
Member

tr1v3r commented Mar 17, 2025

还有一种解决方案:NewFieldRaw -> NewUnsafeFieldRaw
明确声明Unsafe,安全性方面使用者自己保证

@shiyuecamus
Copy link

@tr1v3r 急需此功能pr,能否合并发版?

这个可能会引入SQL注入漏洞

有道理,请教一下如果我需要使用sql原生的function应该怎么做呢?

原本的设计是使用动态SQL做:https://gorm.io/gen/dynamic_sql.html, 如果不想用这个但是一定要用一些raw function可以在特定场景调用UnderlyingDB().Raw()自己负责SQL的安全性进行查询

好的。多谢

@shiyuecamus
Copy link

还有一种解决方案:NewFieldRaw -> NewUnsafeFieldRaw 明确声明Unsafe,安全性方面使用者自己保证

NewUnsafeFieldRaw请问这个函数在哪个包下面?

@tr1v3r
Copy link
Member

tr1v3r commented Mar 17, 2025

还有一种解决方案:NewFieldRaw -> NewUnsafeFieldRaw 明确声明Unsafe,安全性方面使用者自己保证

NewUnsafeFieldRaw请问这个函数在哪个包下面?

就是这个PR的,不过还没有改名,改名之后可以合入

@shiyuecamus
Copy link

shiyuecamus commented Mar 18, 2025

  • Do only one thing
  • Non breaking API changes
  • Tested

What did this pull request do?

support native SQL as custom fields

User Case Description

field.NewFieldRaw("if(column1=?,column2,column3)", "1")

field.NewFieldRaw("if(column1=?,column2,column3)", field.NewField("", "new_id"))

大佬,换个名字吧。这个PR等了个把月了 @mimicode

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants