Gorm Injection risk using ToSQL

Injection risk using ToSQL

In my case i should send a sql query to another service in string. I used ToSQL function to genrate query as string but as you said in documents (https://gorm.io/docs/sql_builder.html#ToSQL) GORM dont provide the safety guarantees. Is there any safe way to have the final query as string? do i have any risks in this case?

The document you expected this should be explained

https://gorm.io/docs/sql_builder.html#ToSQL

Expected answer

a safe way to get query as string

Comment From: a631807682

Currently not supported, you need to check parameters to prevent injection. Since we need to support different databases, the check for SQL injection depends on the driver. Supporting this feat requires a lot of cost, but the benefits are not obvious. We won't consider supporting it unless there's a lot of feedback.