Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support native SQL as custom fields #1213

Merged
merged 4 commits into from
Mar 20, 2025
Merged

feat: support native SQL as custom fields #1213

merged 4 commits into from
Mar 20, 2025

Conversation

mimicode
Copy link
Contributor

@mimicode mimicode commented Sep 13, 2024
edited
Loading

  • Do only one thing
  • Non breaking API changes
  • Tested

What did this pull request do?

support native SQL as custom fields

User Case Description

field.NewUnsafeFieldRaw("if(column1=?,column2,column3)", "1")

field.NewUnsafeFieldRaw("if(column1=?,column2,column3)", field.NewField("", "new_id"))

@mimicode mimicode mentioned this pull request Sep 13, 2024
Closed
@mimicode
Copy link
Contributor Author

#1212

@mimicode mimicode mentioned this pull request Sep 18, 2024
Closed
@mimicode mimicode mentioned this pull request Sep 29, 2024
Closed
@shiyuecamus
Copy link

When can this be merged?

@shiyuecamus
Copy link

anxious!

@serious-snow
Copy link

I need it.

@OneSeven
Copy link

OneSeven commented Mar 14, 2025
edited
Loading

@tr1v3r 急需此功能pr,能否合并发版?

@shiyuecamus
Copy link

@tr1v3r 急需此功能pr,能否合并发版?

作者直接忽视咱们

@tr1v3r
Copy link
Member

tr1v3r commented Mar 17, 2025

@tr1v3r 急需此功能pr,能否合并发版?

这个可能会引入SQL注入漏洞

@shiyuecamus
Copy link

shiyuecamus commented Mar 17, 2025
edited
Loading

@tr1v3r 急需此功能pr,能否合并发版?

这个可能会引入SQL注入漏洞

有道理,请教一下如果我需要使用sql原生的function应该怎么做呢?

@tr1v3r
Copy link
Member

tr1v3r commented Mar 17, 2025

@tr1v3r 急需此功能pr,能否合并发版?

这个可能会引入SQL注入漏洞

有道理,请教一下如果我需要使用sql原生的function应该怎么做呢?

原本的设计是使用动态SQL做:https://gorm.io/gen/dynamic_sql.html,
如果不想用这个但是一定要用一些raw function可以在特定场景调用UnderlyingDB().Raw()自己负责SQL的安全性进行查询

@tr1v3r
Copy link
Member

tr1v3r commented Mar 17, 2025

还有一种解决方案:NewFieldRaw -> NewUnsafeFieldRaw
明确声明Unsafe,安全性方面使用者自己保证

@shiyuecamus
Copy link

@tr1v3r 急需此功能pr,能否合并发版?

这个可能会引入SQL注入漏洞

有道理,请教一下如果我需要使用sql原生的function应该怎么做呢?

原本的设计是使用动态SQL做:https://gorm.io/gen/dynamic_sql.html, 如果不想用这个但是一定要用一些raw function可以在特定场景调用UnderlyingDB().Raw()自己负责SQL的安全性进行查询

好的。多谢

@shiyuecamus
Copy link

还有一种解决方案:NewFieldRaw -> NewUnsafeFieldRaw 明确声明Unsafe,安全性方面使用者自己保证

NewUnsafeFieldRaw请问这个函数在哪个包下面?

@tr1v3r
Copy link
Member

tr1v3r commented Mar 17, 2025

还有一种解决方案:NewFieldRaw -> NewUnsafeFieldRaw 明确声明Unsafe,安全性方面使用者自己保证

NewUnsafeFieldRaw请问这个函数在哪个包下面?

就是这个PR的,不过还没有改名,改名之后可以合入

@shiyuecamus
Copy link

shiyuecamus commented Mar 18, 2025
edited
Loading

  • Do only one thing
  • Non breaking API changes
  • Tested

What did this pull request do?

support native SQL as custom fields

User Case Description

field.NewFieldRaw("if(column1=?,column2,column3)", "1")

field.NewFieldRaw("if(column1=?,column2,column3)", field.NewField("", "new_id"))

大佬,换个名字吧。这个PR等了个把月了 @mimicode

@mimicode
Copy link
Contributor Author

已经修改了

还有一种解决方案:NewFieldRaw -> NewUnsafeFieldRaw 明确声明Unsafe,安全性方面使用者自己保证

NewUnsafeFieldRaw请问这个函数在哪个包下面?

就是这个PR的,不过还没有改名,改名之后可以合入

已经修改函数名称和不安全提示

@shiyuecamus
Copy link

已经修改了

还有一种解决方案:NewFieldRaw -> NewUnsafeFieldRaw 明确声明Unsafe,安全性方面使用者自己保证

NewUnsafeFieldRaw请问这个函数在哪个包下面?

就是这个PR的,不过还没有改名,改名之后可以合入

已经修改函数名称和不安全提示

@tr1v3r 请知晓

@tr1v3r tr1v3r merged commit e2dcb6d into go-gorm:master Mar 20, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mimicode @shiyuecamus @serious-snow @OneSeven @tr1v3r