Golang Calling SQL Server proc

This is a creation in Article, where the information may have evolved or changed.

A long time did not write a blog, recently really a bit depressed, the first level of their own limited, in the road to become Daniel struggling, ferocious struggle, followed by some people dissatisfied with certain attitudes, I think attitude is very important, good, spit groove is complete.

SQL Server is required for the project. First Golang connect SQL Server with the official recommended package github.com/denisenkom/go-mssqldb, which can go directly to get. Golang call SQL Server stored procedure is compared to the egg pain, there is no way to call directly, so I wrote a method:

//proc is the proc name//declare is the proc declare with the return values//in is the params in//out is the params out//outparas is the Select parametersFunc Getprocsql (proc, declare,inch, out string, Outparas ...string)string{_sql: = FMT. Sprintf ("%v;exec%v%v", declare, Proc,inch)varOutparamstring     for_, out: = Range Outparas {outparam = fmt. Sprintf ("%v,%v=%v OUTPUT", Outparam, out, out)} Outparam = Fmt. Sprintf ("%V;", Outparam)if  out!=""{_sql = Fmt. Sprintf ("%v%vselect%v;", _sql, Outparam, out)    }Else{_sql = Fmt. Sprintf ("%v%v", _sql, Outparam)}return_sql}

The principle is this, the need to directly send SQL statements to the database, SQL Server is exec proc,mysql is call exec, the format of EXEC proc in out, if only input, no output results, then it is done. However, if you need to return the result set, that is, the need for a select, then the small egg hurts, online others to provide a lot of statements are not feasible, finally a bit did not fold, asked a friend of C # development, and then studied the implementation of the whole process of stored procedures, suddenly dawned.
Focus: to return the result set, use SELECT, but select must be with the EXEC proc, or you will not be able to select! And, it's also a critical place, so be sure to declare!. In short, the whole sentence is really wonderful writing, with query or queryrow can be executed, I am a little skeptical of life, but it is the correct way to write.

Xiao Kee: write SQL, the value to use "Number protection, field names to use" protection, one anti-injection, and so on, and so the security of the photo, I was a pit.

Give an example:

_sql:= ' Declare@PersonNovarchar -),@PersonNamevarchar -),@Timevarchar -),@MoneyDecimal A,2),@Placevarchar -),@Typevarchar -); execWeb_cost_getdata NULL,NULL,N' c123456 ',@PersonNo=@PersonNo OUTPUT,@PersonName=@PersonName OUTPUT,@Time=@Time OUTPUT,@Money=@Money OUTPUT,@Place=@Place OUTPUT,@Type=@Type OUTPUT; select@PersonNo;`