問題 1：我有下面的 MySQL 查詢，它工作正常，但我剛剛發(fā)現(xiàn)這不是一種安全的方法，因?yàn)樗鼘?duì) SQL 注入開放。如您所見，如果我想作為參數(shù)傳遞， where 子句是一個(gè)問題。_, err := dbmap.Select(&response.AppsData, "SELECT...", ?)任何建議都非常有用。where := ""for i := 0; i < (len(acl_user_apps)); i++ {    fmt.Println(acl_user_apps[i].AppId)    fmt.Println(acl_user_apps[i].Permissions)    if where == "" {        where = "WHERE Apps.id=" + strconv.Itoa(acl_user_apps[i].AppId)    } else {        where = where + " OR Apps.id=" + strconv.Itoa(acl_user_apps[i].AppId)    }}query := "SELECT Apps.*, GROUP_CONCAT(DISTINCT IFNULL(AppCategoryMatches.category_id,'-1') SEPARATOR ',') as temp,   GROUP_CONCAT(DISTINCT IFNULL(AppCategories.category_name,'-1') SEPARATOR ',') as tmp_name FROM Apps LEFT JOIN AppCategoryMatches ON AppCategoryMatches.app_id=Apps.id LEFT JOIN AppCategories ON (AppCategoryMatches.`category_id` = AppCategories.id) " + where + " GROUP BY Apps.id ORDER BY " + sort_by + " " + order_by + " LIMIT " + limit + " OFFSET " + offset)_, err := dbmap.Select(&response.AppsData,query)問題 2：也只是想知道是否有人在傳遞 ORDER 參數(shù)時(shí)遇到過問題......_, err := dbmap.Select(&response.AppsData,        "SELECT Apps.*, GROUP_CONCAT(DISTINCT IFNULL(AppCategoryMatches.category_id,'-1') SEPARATOR ',') as temp, GROUP_CONCAT(DISTINCT IFNULL(AppCategories.category_name,'-1') SEPARATOR ',') as tmp_name FROM Apps LEFT JOIN AppCategoryMatches ON AppCategoryMatches.app_id=Apps.id LEFT JOIN AppCategories ON (AppCategoryMatches.category_id = AppCategories.id) GROUP BY Apps.id ORDER BY ?", "title")這個(gè)訂單是有史以來最簡單的事情......為什么它不起作用？