Updated on 2025-09-04 GMT+08:00

Typical Issues

  1. SQL injection risks during the construction of batch insertion statements

    Placeholders and parameter binding are used rather than directly concatenating user-specified values. When inserting data, multi-line VALUES statements use placeholders (?) and a parameter list to prevent injection attacks. All dynamic data must be passed as parameters. For example, the Prepare or Exec API of the database object *DB can be used to pass variable parameter forms.

  2. Batch insertion failure

    If a record fails to be inserted during batch insertion, the database returns only general error information (such as primary key conflict, foreign key constraint violated, or data type mismatch). However, it does not indicate which specific record is causing the error. If an SQL statement contains multiple records and one of them fails to be inserted, the entire transaction may fail (unless the error ignoring mechanism is enabled). To pinpoint the specific row causing the error, it is common practice to divide the batch into smaller batches or insert data row by row for better error capture.

  3. Increased memory usage

    When large data sizes are involved, constructing SQL statements for batch insertion can significantly increase memory usage. This is particularly noticeable when you construct SQL statements through string concatenation, as it can lead to a sharp rise in memory consumption. Large-size batch processing may exceed the maximum SQL length limit of the database or Go driver, or trigger other parameter restrictions, potentially leading to errors or performance issues.