Inline comment with a question mark ? results in a "number of bindVars exceeds arguments" error within sqlx.In

[shakram02]

Consider this panicing main.go file

package main

import (
	"fmt"

	"github.com/jmoiron/sqlx"
)

func main() {
	query, args, err := sqlx.In(`
		SELECT
			*	-- Should we use field names ?
		FROM students
		WHERE id IN (?)
	`,
		[]int{1, 2, 3},
	)

	if err != nil {
		panic(fmt.Sprintf("Failed to generate query: %v", err.Error()))
	}

	fmt.Printf("Query: %s Args: %s", query, args)
}

If we remove the ? the program will work normally.

My educated guess is that the reason is that the following lines check for the position of the ? regardless of the existence of an inline comment, i.e. the query isn't being cleaned before bindVars getting evaluated. in bind.go line 201

for i := strings.IndexByte(query[offset:], '?'); i != -1; i = strings.IndexByte(query[offset:], '?') {
		if arg >= len(meta) {
			// if an argument wasn't passed, lets return an error;  this is
			// not actually how database/sql Exec/Query works, but since we are
			// creating an argument list programmatically, we want to be able
			// to catch these programmer errors earlier.
			return "", nil, errors.New("number of bindVars exceeds arguments")
		}
// ....
}