[xquery-talk] questions about security and dynamically constructedqueries

Per Bothner per at bothner.com
Tue Oct 21 16:25:54 PDT 2003

Paul Cotton wrote:

>>After all most databases allow you to create SQL dynamically, 
>>so you there is no reason not to do the same for XQuery.
> This is not really true. Most SQL systems I am familiar with allow you
> to submit a SQL-statement dynamically with known <dynamic parameter
> marker>s (question marks) in the statement in many locations where a
> constant value can be supplied.  But SQL systems do NOT provide a
> generalized eval() function that can take any SQL-statement at runtime.
> And I think this is what Dhruba was asking about.

I assumed that most relational databases have query interface where you 
can type in SQL queries and get results back, so at least in that sense 
you can create SQL dynamically.  But I understand that creating a query 
dynamically as part of executing some "outer" query may be a different 
matter ...
	--Per Bothner
per at bothner.com   http://per.bothner.com/

More information about the talk mailing list