Inserting into a Postgresql table with Go

Question

I have the following table:

CREATE TABLE Users (
  user_id BIGSERIAL PRIMARY KEY,
  email VARCHAR(50) NOT NULL,
  password_hash VARCHAR(100) NOT NULL,
  points INT DEFAULT 0,
  created_at TIMESTAMP NOT NULL DEFAULT NOW(),
  updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
)

I take in a email and password, encrypt the password and attempt to insert them into the table:

import (
  _ "github.com/lib/pq"
  "database/sql"
  "code.google.com/p/go.crypto/bcrypt"
)

conn := OpenConnection()
defer conn.Close()
email := r.FormValue("email")
password, _ := bcrypt.GenerateFromPassword([]byte(r.FormValue("password")), bcrypt.DefaultCost)
res, err := conn.Exec("INSERT INTO users (email, password_hash) VALUES (?, ?)", email, password)
http.Redirect(w, r, "/", http.StatusFound)

The insert throws pq: P:"51" S:"ERROR" L:"1002" C:"42601" M:"syntax error at or near \",\"" F:"scan.l" R:"scanner_yyerror". The same error is thrown if i replace the byte type password with a simple string.

What am I doing wrong?

Answer 1

I will post as an answer in case the link goes away: From https://github.com/lib/pq/issues/65

by dpapathanasiou : I've figured out the problem; it's not a bug in pq but in the way I was creating the prepared statements: I need to use ($n) instead of ? for the bound parameters.

So all of these statements work correctly:

stmt, err := db.Prepare("select id from people where firstname = ($1) and lastname = ($2)")
stmt, err := db.Prepare("select id from people where firstname ~* ($1) and lastname ~* ($2)")
stmt, err := db.Prepare("select id from people where firstname = ($1)")