Chapter 26: CRUD: Delete in Go
Delete rows safely. In this chapter, you will learn crud: delete in depth with Go code examples, explanations, and best practices.
Overview
This chapter covers crud: delete for Kungfu.js developers using Go. We will start with the basics, move through practical examples, and end with advanced techniques and common pitfalls.
Why This Matters
Understanding crud: delete is essential because it is a core part of building web applications. Every real-world app needs to handle delete rows safely. Skipping this chapter would leave a gap in your knowledge that would cause problems later.
Code Example
Here is how to work with databases in Go:
// Delete by primary key
let deleted = User::delete_by_pk(1, &db).await?;
println!("Deleted {} rows", deleted);
// Delete with WHERE
let deleted = User::delete_where("status", "inactive", &db).await?;
How the ORM Works
The Kungfu.js ORM uses parameterized queries. This means user input never gets interpolated into SQL strings. Instead, placeholders like $1, $2 are used, and the actual values are passed separately. This makes SQL injection impossible.
For example, if you search for a user by email, the ORM generates: SELECT * FROM users WHERE email = $1 and passes the email value as a parameter. Even if the email contains SQL code like ' OR 1=1 --, it is treated as a plain string, not as SQL.
Common Mistakes
- Not reading the documentation: Always check the API reference when something does not work as expected.
- Skipping security: Never disable the default middleware unless you have a very good reason. Security is not optional.
- Not testing: Write tests for your handlers. Kungfu.js makes this easy with the built-in test utilities.
Summary
In this chapter, you learned about crud: delete in Go. You saw code examples, understood how things work under the hood, and learned about common mistakes to avoid.
What is Next?
In chapter 27, we will cover Query Builder: Type-safe parameterized queries explained.