I'm logging this as a bug because it's a security problem.

Description

This was mentioned in #4858, but that issue was closed.

When logging SQL, Gorm logs the full SQL which is generally considered a bad practice. eg

SELECT * FROM `users` WHERE email = "[email protected]" ORDER BY `users`.`id` LIMIT 1

This causes problems by leaking sensitive fields into the logs, especially when doing inserts and updates. A parameterized version of the query that's always safe to log would be:

SELECT * FROM `users` WHERE email = ? ORDER BY `users`.`id` LIMIT 1

A custom logger here isn't enough, because it doesn't expose the parameterized sql, just the final result with values, and parsing the log line to filter it is both expensive and unrealistic

This would involve changing the Execute function in callbacks.go from

	if stmt.SQL.Len() > 0 {
		db.Logger.Trace(stmt.Context, curTime, func() (string, int64) {
			return db.Dialector.Explain(stmt.SQL.String(), stmt.Vars...), db.RowsAffected
		}, db.Error)
	}

to

	if stmt.SQL.Len() > 0 {
		db.Logger.Trace(stmt.Context, curTime, func() (string, int64) {
			return stmt.SQL.String(), db.RowsAffected
		}, db.Error)
	}