Close all transaction-bound sql Statements

backend/sql/sql.go

@@ -124,7 +124,9 @@ func (b *sqlServiceBackend) GetUser(ctx context.Context, name string) (*backend.
 
 	// Use NullStrings for optional fields.
 	var nullableTOTP, nullableShard sql.NullString
-	row := tx.Stmt(b.stmts[sqlQueryGetUser]).QueryRow(name)
+	stmt := tx.Stmt(b.stmts[sqlQueryGetUser])
+	defer stmt.Close()
+	row := stmt.QueryRow(name)
 	if err := row.Scan(&user.Email, &user.EncryptedPassword, &nullableTOTP, &nullableShard); err != nil {
 		return nil, false
 	}
@@ -150,11 +152,13 @@ func (b *sqlServiceBackend) GetUser(ctx context.Context, name string) (*backend.
 }
 
 func (b *sqlServiceBackend) getUserU2FRegistrations(tx *sql.Tx, name string) ([]u2f.Registration, error) {
-	stmt, ok := b.stmts[sqlQueryGetU2F]
+	stmtTpl, ok := b.stmts[sqlQueryGetU2F]
 	if !ok {
 		return nil, nil
 	}
-	rows, err := tx.Stmt(stmt).Query(name)
+	stmt := tx.Stmt(stmtTpl)
+	defer stmt.Close()
+	rows, err := stmt.Query(name)
 	if err != nil {
 		return nil, err
 	}
@@ -179,11 +183,13 @@ func (b *sqlServiceBackend) getUserU2FRegistrations(tx *sql.Tx, name string) ([]
 }
 
 func (b *sqlServiceBackend) getUserASPs(tx *sql.Tx, name string) ([]*backend.AppSpecificPassword, error) {
-	stmt, ok := b.stmts[sqlQueryGetASP]
+	stmtTpl, ok := b.stmts[sqlQueryGetASP]
 	if !ok {
 		return nil, nil
 	}
-	rows, err := tx.Stmt(stmt).Query(name)
+	stmt := tx.Stmt(stmtTpl)
+	defer stmt.Close()
+	rows, err := stmt.Query(name)
 	if err != nil {
 		return nil, err
 	}
@@ -201,11 +207,13 @@ func (b *sqlServiceBackend) getUserASPs(tx *sql.Tx, name string) ([]*backend.App
 }
 
 func (b *sqlServiceBackend) getUserGroups(tx *sql.Tx, name string) ([]string, error) {
-	stmt, ok := b.stmts[sqlQueryGetGroups]
+	stmtTpl, ok := b.stmts[sqlQueryGetGroups]
 	if !ok {
 		return nil, nil
 	}
-	rows, err := tx.Stmt(stmt).Query(name)
+	stmt := tx.Stmt(stmtTpl)
+	defer stmt.Close()
+	rows, err := stmt.Query(name)
 	if err != nil {
 		return nil, err
 	}