SQL Injection with GO and Fix

  • Reading SQL-files in GO.
  • Reading text files through Standard Input in GO.
  • Running POSTGRESQL through Docker Container.
  • Connecting to SQL in GO.
  • Demonstrating SQL Injection with GO.
  • Fixing the SQL Injection in GO.
docker container run -e POSTGRES_HOST_AUTH_METHOD=trust -p 5432:5432 postgres:13-alpine
docker container ps -a
docker container exec -it 85dbf0b157c5 psql -U postgres -h localhost
  • At line #15, we basically read from the Standard Input.
  • At line #23, we establish connection to the database.
  • At line #31, we issue intent to the GO that, we wish to close the database.
  • At line #33 and 38, we go ahead to createTables and insertStatement to the table respectively.
go mod init hello
go get github.com/lib/pq
  • You can think of Go.mod as the packages you want.
  • You can think of Go.sum as the packages that you actually require.

** SQL-Injection STARTs **

Step #15.) Now, here is the text file that, we shall be executing with above code :-

** Fix to safeguard against SQL-Injection **

Step #18.) Here is how the insert query looks like now :-



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
aditya goel

aditya goel

Software Engineer for Big Data distributed systems