[xquery-talk] questions about security and dynamically
constructedqueries
Per Bothner
per at bothner.com
Tue Oct 21 16:25:54 PDT 2003
Paul Cotton wrote:
>>After all most databases allow you to create SQL dynamically,
>>so you there is no reason not to do the same for XQuery.
>
>
> This is not really true. Most SQL systems I am familiar with allow you
> to submit a SQL-statement dynamically with known <dynamic parameter
> marker>s (question marks) in the statement in many locations where a
> constant value can be supplied. But SQL systems do NOT provide a
> generalized eval() function that can take any SQL-statement at runtime.
> And I think this is what Dhruba was asking about.
I assumed that most relational databases have query interface where you
can type in SQL queries and get results back, so at least in that sense
you can create SQL dynamically. But I understand that creating a query
dynamically as part of executing some "outer" query may be a different
matter ...
--
--Per Bothner
per at bothner.com http://per.bothner.com/
More information about the talk
mailing list