Any application working with SQL queries can benefit from using a query builder to improve code readability, maintainability, and security. In fact, there are many different libraries that do just that in Golang. Here at Vaunt, we tried many different options before finally deciding to create one ourselves. Ultimately, we wanted something that was secure and provided variable replacement to prevent SQL injection while still being readable and able to have conditional statements. So we created a new library called tqla, released and announced late last year. You can read more about it in this article.
Before we built tqla, we mainly used Squirrel for our SQL query building logic—and we highly recommend it. We still use Squirrel in some areas but have gradually started replacing and implementing new query building logic with tqla. We have found many instances where tqla has improved our ability to maintain our code and fix problems we ran into when using other statement builders.
Real World Use Case
At Vaunt, we recently underwent a database migration from CockroachDB to TiDB. While CockroachDB was performant and reliable, we ultimately faced the decision of adding to our techstack to support an OLAP database. The need for this was to support our analytical workload on our open source community insight product. To keep our technology footprint small, we decided to move forward with TiDB and take advantage of the database’s HTAP architecture.
CockroachDB is largely compatible with PostgreSQL, and we used the PostgreSQL syntax for many of our SQL queries. To switch to TiDB, we had to change a few of our tables and update queries to use MySQL syntax. In a few locations during the migration, we found that we were improperly using conditional query building statements and lacked the proper tests to catch that the statements were being generated incorrectly.
Demonstration
In Squirrel’s README, there is an example of how you can use conditional query building to update statements with optional filters:
if len(q) > 0 {
users = users.Where("name LIKE ?", fmt.Sprint("%", q, "%"))
}
Here is a real, but simplified, example of how we updated one of our queries to conditionally join tables and add an optional filter:
psql := squirrel.StatementBuilder.PlaceholderFormat(squirrel.Question)
statementBuilder := psql.Select(`i.id`).
From("vaunt.installations i").
Where(`entity_name = ?`, name)
if len(provider) > 0 {
statementBuilder.Where(`provider = ?`, provider)
}
if len(repo) > 0 {
statementBuilder.Join(`repositories as r on JSON_CONTAINS(i.repositories, CONCAT('["', r.id, '"]'))`)
statementBuilder.Where(`r.name = ?`, repo)
}
Can you spot the issue with the code? If not, don’t worry—it is something that slipped through our own code reviews as well until we ran our tests.
The issue here is that we forgot to update the statement builder with the result of the builder functions. For example, the provider condition filter should instead read:
if len(provider) > 0 {
statementBuilder = statementBuilder.Where(`provider = ?`, provider)
}
This is a relatively simple mistake to make and can easily be caught with sufficient test cases, but because it’s not technically invalid code, it can take a bit to realize what is happening immediately.
Another readability issue with this setup is that the conditional join is separated from the initial select statement. We could reorganize the builder to put each piece where it should go, but it would require multiple duplicate conditional statement checks and still suffer from some readability issues.
Using tqla
The above demonstration using Squirrel has since been rewritten, and the equivalent in tqla looks like this:
t, err := tqla.New(tqla.WithPlaceHolder(tqla.Question))
if err != nil {
return nil, err
}
query, args, err := t.Compile(`
SELECT i.id
FROM vaunt.installations as i
{{ if .Repo }}
JOIN vaunt.repositories as r on JSON_CONTAINS(i.repositories, CONCAT('["', r.id, '"]'), '$')
{{ end }}
WHERE entity_name = {{ .Name}}
{{ if .Provider }}
AND i.provider = {{ .Provider }}
{{ end }}
{{ if .Repo }}
AND r.name = {{ .Repo }}
{{ end }}
`, data)
if err != nil {
return nil, err
}
As you can see, the template syntax for tqla makes incorporating conditional clauses very simple. Tqla automatically replaces the variables we are setting with our specified placeholders and provides the arguments we can use with our sql driver to execute the statement.
Similar to Squirrel, this statement building approach is easy to test, as we can create different sets of data objects to pass to the template builder and validate the output.
You can see that we are easily able to add conditional pieces of the query where they would fit in best. For example, here we have a conditional JOIN directly after the FROM statement—and although we still have multiple condition checks, it does not overly complicate the template.
Custom Functions
Another nice tqla feature helping to improve the maintainability of our sql builders is the ability to define custom functions we could use in the templates to abstract some transformation logic.
Here is an example of how we used a function to convert the Golang’s time.Time value into a sql.NullTime to allow us to do an insert with our data objects without needing to convert it beforehand:
funcs := template.FuncMap{
"time": func(t time.Time) sql.NullTime {
if t.IsZero() {
return sql.NullTime{Valid: false}
}
return sql.NullTime{Time: t, Valid: true}
},
}
t, err := tqla.New(tqla.WithPlaceHolder(tqla.Question), tqla.WithFuncMap(funcs))
if err != nil {
return err
}
With this function defined in our tqla funcs map, we can now freely use it in our query templates by providing it a parameter from the data object that is a time.Time field. We can even call this function multiple times in the same template with different fields.
Here is a simplified example:
statement, args, err := t.Compile(`
INSERT INTO events
(name, created_at, merged_at, closed_at)
VALUES (
{{ .Name }},
{{ time .CreatedAt }},
{{ time .MergedAt }},
{{ time .ClosedAt }}
)`, eventData)
Conclusion
In conclusion, we believe that using tqla can help improve the maintainability of query building logic while offering some powerful utility for creating dynamic queries. The simplicity of the template structure allows for clean code readability and can make it faster to debug any potential errors.
We made tqla open source to share this library in hopes that it provides a good option for other users wanting a simple, maintainable, and secure way to build sql queries in many different types of applications.
If you are interested, please check out the repository and give it a star if it helps you in any way. Feel free to make any feature requests or bug reports!
We are always open to receiving feedback and contributions.
To stay in the loop on future development, follow us on X or join our Discord!
The above is the detailed content of Maintainable SQL Query Building with Golang. For more information, please follow other related articles on the PHP Chinese website!
Learn Go String Manipulation: Working with the 'strings' PackageMay 09, 2025 am 12:07 AMGo's "strings" package provides rich features to make string operation efficient and simple. 1) Use strings.Contains() to check substrings. 2) strings.Split() can be used to parse data, but it should be used with caution to avoid performance problems. 3) strings.Join() is suitable for formatting strings, but for small datasets, looping = is more efficient. 4) For large strings, it is more efficient to build strings using strings.Builder.
Go: String Manipulation with the Standard 'strings' PackageMay 09, 2025 am 12:07 AMGo uses the "strings" package for string operations. 1) Use strings.Join function to splice strings. 2) Use the strings.Contains function to find substrings. 3) Use the strings.Replace function to replace strings. These functions are efficient and easy to use and are suitable for various string processing tasks.
Mastering Byte Slice Manipulation with Go's 'bytes' Package: A Practical GuideMay 09, 2025 am 12:02 AMThebytespackageinGoisessentialforefficientbyteslicemanipulation,offeringfunctionslikeContains,Index,andReplaceforsearchingandmodifyingbinarydata.Itenhancesperformanceandcodereadability,makingitavitaltoolforhandlingbinarydata,networkprotocols,andfileI
Learn Go Binary Encoding/Decoding: Working with the 'encoding/binary' PackageMay 08, 2025 am 12:13 AMGo uses the "encoding/binary" package for binary encoding and decoding. 1) This package provides binary.Write and binary.Read functions for writing and reading data. 2) Pay attention to choosing the correct endian (such as BigEndian or LittleEndian). 3) Data alignment and error handling are also key to ensure the correctness and performance of the data.
Go: Byte Slice Manipulation with the Standard 'bytes' PackageMay 08, 2025 am 12:09 AMThe"bytes"packageinGooffersefficientfunctionsformanipulatingbyteslices.1)Usebytes.Joinforconcatenatingslices,2)bytes.Bufferforincrementalwriting,3)bytes.Indexorbytes.IndexByteforsearching,4)bytes.Readerforreadinginchunks,and5)bytes.SplitNor
Go encoding/binary package: Optimizing performance for binary operationsMay 08, 2025 am 12:06 AMTheencoding/binarypackageinGoiseffectiveforoptimizingbinaryoperationsduetoitssupportforendiannessandefficientdatahandling.Toenhanceperformance:1)Usebinary.NativeEndianfornativeendiannesstoavoidbyteswapping.2)BatchReadandWriteoperationstoreduceI/Oover
Go bytes package: short reference and tipsMay 08, 2025 am 12:05 AMGo's bytes package is mainly used to efficiently process byte slices. 1) Using bytes.Buffer can efficiently perform string splicing to avoid unnecessary memory allocation. 2) The bytes.Equal function is used to quickly compare byte slices. 3) The bytes.Index, bytes.Split and bytes.ReplaceAll functions can be used to search and manipulate byte slices, but performance issues need to be paid attention to.
Go bytes package: practical examples for byte slice manipulationMay 08, 2025 am 12:01 AMThe byte package provides a variety of functions to efficiently process byte slices. 1) Use bytes.Contains to check the byte sequence. 2) Use bytes.Split to split byte slices. 3) Replace the byte sequence bytes.Replace. 4) Use bytes.Join to connect multiple byte slices. 5) Use bytes.Buffer to build data. 6) Combined bytes.Map for error processing and data verification.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Notepad++7.3.1
Easy-to-use and free code editor
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
