[xquery-talk] questions about security and dynamically
constructedqueries
Paul Cotton
pcotton at microsoft.com
Tue Oct 21 19:02:12 PDT 2003
> After all most databases allow you to create SQL dynamically,
> so you there is no reason not to do the same for XQuery.
This is not really true. Most SQL systems I am familiar with allow you
to submit a SQL-statement dynamically with known <dynamic parameter
marker>s (question marks) in the statement in many locations where a
constant value can be supplied. But SQL systems do NOT provide a
generalized eval() function that can take any SQL-statement at runtime.
And I think this is what Dhruba was asking about.
/paulc
Paul Cotton, Microsoft Canada
17 Eleanor Drive, Nepean, Ontario K2E 6A3
Tel: (613) 225-5445 Fax: (425) 936-7329
mailto:pcotton at microsoft.com
> -----Original Message-----
> From: talk-bounces at xquery.com [mailto:talk-bounces at xquery.com] On
Behalf
> Of Per Bothner
> Sent: October 21, 2003 3:50 PM
> To: Dhruba Borthakur
> Cc: talk at xquery.com
> Subject: Re: [xquery-talk] questions about security and dynamically
> constructedqueries
>
> Dhruba Borthakur wrote:
>
> > 2. One XQuery implementation (that I am familiar with) has
implemented
> > vendor extensions that allow constructing and executing a query
> > dynamically. Do other implementations support a similar
functionality?
>
> I would expect most implementations would support this, possibly
> exception those those that only support "stored queries". After all
> most databases allow you to create SQL dynamically, so you there is no
> reason not to do the same for XQuery. And implementation that are not
> tied to a database will probably also mostly allow dynamic query
> construction. This certainly includes Qexo.
>
> Perhaps I'm misunderstanding your question.
> --
> --Per Bothner
> per at bothner.com http://per.bothner.com/
>
>
> _______________________________________________
> talk at xquery.com
> http://www.x-query.com/mailman/listinfo/talk
More information about the talk
mailing list