Can someone explain to me why this does not work?
inq := "6,7" //strings.Join(artIds, ",")
rows, err = db.Query("SELECT DISTINCT title FROM tags_for_articles LEFT JOIN tags ON tags.id = tags_for_articles.tag_id WHERE article_id IN (?)", inq)
And this does
rows, err = db.Query("SELECT DISTINCT title FROM tags_for_articles LEFT JOIN tags ON tags.id = tags_for_articles.tag_id WHERE article_id IN (6,7)", inq)
I’m trying to do a simple IN clause with a slice of ints, and every solution suggested doesn’t seem very idiomatic
Tried to do this, but the problem appears to be the string substitution.
inq := strings.Join(artIds, ",")
I’m a bit surprised that go doesn’t seem to have a graceful way to handle this query.
Advertisement
Answer
If you have been careful to build your inq string from real ints (to avoid injection), you can just build the string yourself and avoid using ?:
inq := "6,7"
sql := fmt.Sprintf("SELECT DISTINCT title FROM tags_for_articles LEFT JOIN tags ON tags.id = tags_for_articles.tag_id WHERE article_id IN (%s)",inq)
rows, err := db.Query(sql)
If you do it a lot, better to have a WhereIn function that does this for you, or use an orm. Be careful which args you accept though, as if you accept arbitrary strings anything could be injected.