[xquery-talk] questions about security and dynamically constructedqueries

[Paul Cotton]

> After all most databases allow you to create SQL dynamically, 
> so you there is no reason not to do the same for XQuery.

This is not really true. Most SQL systems I am familiar with allow you
to submit a SQL-statement dynamically with known <dynamic parameter
marker>s (question marks) in the statement in many locations where a
constant value can be supplied.  But SQL systems do NOT provide a
generalized eval() function that can take any SQL-statement at runtime.
And I think this is what Dhruba was asking about.

/paulc

Paul Cotton, Microsoft Canada 
17 Eleanor Drive, Nepean, Ontario K2E 6A3 
Tel: (613) 225-5445 Fax: (425) 936-7329 
mailto:pcotton at microsoft.com

  

> -----Original Message-----
> From: talk-bounces at xquery.com [mailto:talk-bounces at xquery.com] On
Behalf
> Of Per Bothner
> Sent: October 21, 2003 3:50 PM
> To: Dhruba Borthakur
> Cc: talk at xquery.com
> Subject: Re: [xquery-talk] questions about security and dynamically
> constructedqueries
> 
> Dhruba Borthakur wrote:
> 
> > 2. One XQuery implementation (that I am familiar with) has
implemented
> >   vendor extensions that allow constructing and executing a query
> >   dynamically. Do other implementations support a similar
functionality?
> 
> I would expect most implementations would support this, possibly
> exception those those that only support "stored queries".  After all
> most databases allow you to create SQL dynamically, so you there is no
> reason not to do the same for XQuery.  And implementation that are not
> tied to a database will probably also mostly allow dynamic query
> construction.  This certainly includes Qexo.
> 
> Perhaps I'm misunderstanding your question.
> --
> 	--Per Bothner
> per at bothner.com   http://per.bothner.com/
> 
> 
> _______________________________________________
> talk at xquery.com
> http://www.x-query.com/mailman/listinfo/talk