null is a library with reasonable options for dealing with nullable SQL and JSON values
There are two packages:nulland its subpackagezero.
Types innullwill only be considered null on null input, and will JSON encode tonull. If you need zero and null be considered separate values, use these.
Types inzeroare treated like zero values in Go: blank string input will produce a nullzero.String, and null Strings will JSON encode to"". Zero values of these types will be considered null to SQL. If you need zero and null treated the same, use these.
All types implementsql.Scanneranddriver.Valuer, so you can use this library in place ofsql.NullXXX.All types also implement:encoding.TextMarshaler,encoding.TextUnmarshaler,json.Marshaler, andjson.Unmarshaler. A null object'sMarshalTextwill return a blank string.
null package
import "gopkg.in/guregu/null.v4"
null.String
Nullable string.
Marshals to JSON null if SQL source data is null. Zero (blank) input will not produce a null String.
null.Int
Nullable int64.
Marshals to JSON null if SQL source data is null. Zero input will not produce a null Int.
null.Float
Nullable float64.
Marshals to JSON null if SQL source data is null. Zero input will not produce a null Float.
null.Bool
Nullable bool.
Marshals to JSON null if SQL source data is null. False input will not produce a null Bool.
null.Time
Marshals to JSON null if SQL source data is null. Zero input will not produce a null Time.
zero package
import "gopkg.in/guregu/null.v4/zero"
zero.String
Nullable string.
Will marshal to a blank string if null. Blank string input produces a null String. Null values and zero values are considered equivalent.
zero.Int
Nullable int64.
Will marshal to 0 if null. 0 produces a null Int. Null values and zero values are considered equivalent.
zero.Float
Nullable float64.
Will marshal to 0.0 if null. 0.0 produces a null Float. Null values and zero values are considered equivalent.
zero.Bool
Nullable bool.
Will marshal to false if null.falseproduces a null Float. Null values and zero values are considered equivalent.
zero.Time
Will marshal to the zero time if null. Usestime.Time's marshaler.
Can you add support for other types?
This package is intentionally limited in scope. It will only support the types thatdriver.Valuesupports. Feel free to fork this and add more types if you want.
Can you add a feature that ____?
This package isn't intended to be a catch-all data-wrangling package. It is essentially finished. If you have an idea for a new feature, feel free to open an issue to talk about it or fork this package, but don't expect this to do everything.
Package history
As of v4, unmarshaling from JSONsql.NullXXXJSON objects (ex.{"Int64": 123, "Valid": true}) is no longer supported. It's unlikely many people used this, but if you need it, use v3.
Bugs
json's",omitempty"struct tag does not work correctly right now. It will never omit a null or empty String. This might befixed eventually.
Buddhism has a good word, evil opinion.In dealing with the world, it is meaningless to draw conclusions from preset positions;It is also important to receive good logic training.
That's too right.Old Zhou can't control Google, but he can control 360.Do not do to others what you do not want.All 360 products should be opened first.
Why is this so-called "vulnerability" not a vulnerability? Spring, MyBatis and other frameworks can accept all kinds of CVE criticism, while MyBatisPlus has to dump the pot and accuse programmers of being too low-level#There is a difference. The premise is that you write XML, MyBatisPlus encapsulates Wrapper and claims to simplify code. Since it encapsulates and hides $#, it is not appropriate to do some necessary security checks?Instead of doubting the authority of CVE, you should know that SQL ->MyBatis ->MyBatisPlus ->various back-end scaffolds have multiple layers, each layer is simplifying, and each layer is throwing away the upper layer of the boiler. Who dares to use them.The programmers who use MyBatisPlus can't be expected to be at a high level. Every programmer wants to save effort. The front-end parameters can be directly obtained by HttpServletRequest from the back-end. Wrapper splicing can be found everywhere. If something goes wrong, is it the front-end or the framework?According to Qingmiao, can the injection vulnerability of the previous log4j and the deletion vulnerability of the Druid be used to eliminate low-level programmers?
It is compatible with Oracle, but does not know "just" or "just".Those who can be compatible with Oracle and do well are real men and real warriors.You should know that compatibility means that even bugs must be compatible, and you have no other code that can not be copied.It's all based on real skills and understanding of oracle.
Not everyone will go to see the document in full detail. As a general basic framework, the method naming should consider not only readability but also understandability. At least, it should also establish a cognition for developers. LambdaQueryWrapper is recommended. The official only briefly said that QueryWrapper may lead to SQL injection risks,There are no detailed examples (many people don't understand what SQL injection is).Now I met a jerk and submitted it to CVE to see who is the most powerful
My technical article was moved by CSDN. Why didn't anyone step on the sewing machine? This kind of report is a joke to me. The monsters with background are fine, and the monsters without background fight to death
Although France is the parent community, the core developers of OCCT on github are all Russians. Without Russians, the French parent community cannot continue to operate.So Huawei took over, moved to China, changed its name and resumed open source and community operations. What's the problem?
I give you six seconds. I give you six moves with the same effect in the martial arts contest, which shows the invincibility and confidence of the master
Wine runs the Android emulator of Windows. Chrome OS is installed in the Android emulator. Linux environment is installed in chrome OS. Linux environment is installed in the Linux environment. Wine is installed in the Android emulator
There is no tipping point. There are also many official documents stating that SQL fragments involving direct string splicing need to be controlled by the user, and specific solutions are also provided. If you say that the value part is injected, then we are also 100% free of any dispute. This obvious SQL fragment is unrealistic for ORM to explain without your control,Since SQL allows splicing fragments, there must be some scenarios that cannot be forced into non SQL strings. It is also very simple. Have you ever thought about why not force them???
It seems that the current version of the Foreign Function&Memory API is not as fast as that of jni, or even worse. In addition, before vallhala comes out, all interactions between java and c have to get an additional memory. Even if it comes out, it may not be possible to directly throw a copy of binary data into memory as a structure. When the two apis are completely stable, the day lily is cold
Don't expect programmers to have a deep understanding of the document. I still think that since the tool hides the details of $#, some necessary security checks are necessary.Many people do not use MybatisPlus directly, but use various so-called rapid development platforms.The MyBatisPlus rapid development platform Snowy, Guns, etc., has an impression that many versions have the problem of using Wrapper directly to splice the Request parameter.I remember that JeecgBoot was opened a lot of CVEs last year or the year before last because of the Wrapper splicing problem.Do you know the author of ibeetl? Many CVE blaming holes have been opened before. The problem is similar. The lack of basic knowledge "script editing permission" is actively handed over to the front end. What a low-level error or even low-energy behavior.However, I accepted it with an open mind and added a white list check.
This is also called floor washing?Does it mean that Tesla will not wash the floor if it releases all the source code?Some people HWptds?That is to say, the language is ambiguous, which will also rise to the washing ground?Are some people too focused?Think the people he pays attention to must be staring at?
I suggest that 360 open source all its products, and then become the leading enterprise in the domestic open source industry through open source, leading everyone to compete with foreign enterprises
If only the design and architecture are similar, what's the point? Good things must be learned, and you can't prove that the design is not the same. As for the source code, you also said that neither Oracle nor Damon is open source, and you can't prove it.There are many people who question Dream, but so far, no one has come up with strong evidence. You should at least provide evidence to copy
@Qingmiao Hutool has also been mentioned some loopholes that I think are relatively "low-level", or I think are not loopholes.At first, I was also very angry, but after thinking it through, I found that CVE's idea was that once you did not actively remind users that there was a pit, the user fell into the pit is your fault, that is, your vulnerability.For example, as a traffic policeman, you should remind everyone who crosses the road to pay attention to safety, and ask him to answer whether he knows. Once you don't remind someone and are hit by a car, you can't get away from it.Similarly, when using frameworks and tools, you should provide at least one parameter to remind users that there may be SQL injection vulnerabilities. Note that it is not in the comments, but in the method parameters, which is the user's responsibility.Therefore, it is not comprehensive to provide solutions in comments or documents.
The world only knows that Android was created by Google. Several people know that Android is only a product acquired by Google. Similarly, what is the problem with Huawei's contribution to the collection of OGG open source work and integration into its own proprietary product line?
As a lightweight database access auxiliary tool based on sqlx, daox is positioned as a function enhancement of sqlx, not an orm.Encapsulates the basic crud api, implements the sqlbuilder, and generates sql through the api
Redka is a project developed in Go language, which aims to use SQLite to re implement the outstanding parts of Redis while maintaining compatibility with the Redis API.The feature data does not need to be fully fit into RAM to support A
Cloudberry Database is the next generation unified open source database built for analysis and AI scenarios. It is compatible with PostgreSQL and Greenplum ecology, and supports rich data types and data warehouse/AI mixed loads
FnckSQL personal developers independently implemented the SQL DBMS based on LSM KV out of interest.This SQL database will prove to you that anyone can write to the database.Allow native Rust to call without any intermediate loss Support P
Search Template is a very practical function in Elasticsearch.With this feature, the query structure of the search request can be defined in advance, and then the search parameters can be passed in when the actual request is made.This not only makes the requester more concise, but also avoids