新增防止sql注入

common/sql.go

@@ -2,10 +2,18 @@ package common
 
 import "strings"
 
-// SqlStrReplace 防止sql注入
-func SqlStrReplace(str string) string {
+// SqlStrReplaceSingleQuotes 防止sql注入 单引号
+func SqlStrReplaceSingleQuotes(str string) string {
 	if strings.Contains(str, "'") {
 		str = strings.Replace(str, "'", "\\'", -1)
 	}
 	return str
 }
+
+// SqlStrReplaceDoubleQuotes 防止sql注入 双引号
+func SqlStrReplaceDoubleQuotes(str string) string {
+	if strings.Contains(str, "\"") {
+		str = strings.Replace(str, "\"", "\\\"", -1)
+	}
+	return str
+}