golang search in mysql DB

Question

I'm currently working on implementing a new search function, and I've encountered some problems regarding the prewritten golang code.

The search function is really simple, I want to search for Id's of a certain year.

Now I can prepare my mysql statement, but at some point it has to be fed through this function:

func (papers *PapersEnv) StatementBegin(sql string, params ...interface{}) *mysql.Statement {
    papers.db.Lock()
    stmt, err := papers.db.Prepare(sql)
    if err != nil {
        fmt.Println("MySQL statement error;", err)
        return nil
    }
    err = stmt.BindParams(params...)
    if err != nil {
        fmt.Println("MySQL statement error;", err)
        return nil
    }
    err = stmt.Execute()
    if err != nil {
        fmt.Println("MySQL statement error;", err)
        return nil
    }
    return stmt
}

The second function parameter is what causes my problems. As far as I can understand this is a controle parameter, which limits the possibilities of the search function, so a user can't for instance input a command which deletes the database.

Anyone knows what's going on?

Possible duplicate of [what is difference between \[\]string and ...string in golang?](http://stackoverflow.com/questions/12907653/what-is-difference-between-string-and-string-in-golang) — RickyA, May 22 '17 at 11:41
http://stackoverflow.com/questions/23669720/dot-dot-dot-in-golang-interface-with-empty-braces — RickyA, May 22 '17 at 11:42
This is an ellipsis parameter that has discussed extensively before. http://stackoverflow.com/questions/19238143/does-golang-support-variadic-function — RickyA, May 22 '17 at 11:43

golang search in mysql DB

0 Answers0