Book Image

The Go Workshop

By : Delio D'Anna, Andrew Hayes, Sam Hennessy, Jeremy Leasor, Gobin Sougrakpam, Dániel Szabó
5 (2)
Book Image

The Go Workshop

5 (2)
By: Delio D'Anna, Andrew Hayes, Sam Hennessy, Jeremy Leasor, Gobin Sougrakpam, Dániel Szabó

Overview of this book

The Go Workshop will take the pain out of learning the Go programming language (also known as Golang). It is designed to teach you to be productive in building real-world software. Presented in an engaging, hands-on way, this book focuses on the features of Go that are used by professionals in their everyday work. Each concept is broken down, clearly explained, and followed up with activities to test your knowledge and build your practical skills. Your first steps will involve mastering Go syntax, working with variables and operators, and using core and complex types to hold data. Moving ahead, you will build your understanding of programming logic and implement Go algorithms to construct useful functions. As you progress, you'll discover how to handle errors, debug code to troubleshoot your applications, and implement polymorphism using interfaces. The later chapters will then teach you how to manage files, connect to a database, work with HTTP servers and REST APIs, and make use of concurrent programming. Throughout this Workshop, you'll work on a series of mini projects, including a shopping cart, a loan calculator, a working hours tracker, a web page counter, a code checker, and a user authentication system. By the end of this book, you'll have the knowledge and confidence to tackle your own ambitious projects with Go.
Table of Contents (21 chapters)
Free Chapter
1
1. Variables and Operators
2
2. Logic and Loops

Inserting Data

Long ago, when the era of web applications backed by SQL databases started to bloom, there were some gutsy people who invented the SQL injection attack. A type of authentication is done via SQL queries against a database and, for example, after converting the password with mathematical magic into hash functions, all the web app did was execute the query with the username and password coming from the input of the form. Many servers executed something like this:

"SELECT password FROM Auth WHERE username=<input from user>"

Then, the password gets rehashed; if the two hashes match, the password was good for the user.

The problem with this came from the <input from user> part, because if the attacker was smart enough, they could reformulate the query and run additional commands. For example:

"SELECT password FROM Auth WHERE username=<input  from user> OR '1'='1'"

The problem with this query is that OR...