[xquery-talk] questions about security and dynamically constructedqueries

Dhruba Borthakur dhruba_borthakur at hotmail.com
Wed Oct 22 11:26:51 PDT 2003 

Hi Paul,

I was looking for exactly what you said: a direct invocation of a XQuery. 
>From your comments,
and the general discussion in this forum, I gather that it is unlikely that 
this feature will become
part of the XQuery standard. This feature will remain pretty much
dependent on vendor-implementation.

thanks,
dhruba


>From: "Paul Cotton" <pcotton at microsoft.com>
>To: "Per Bothner" <per at bothner.com>,"Dhruba Borthakur" 
><dhruba_borthakur at hotmail.com>
>CC: <talk at xquery.com>
>Subject: RE: [xquery-talk] questions about security and dynamically 
>constructedqueries
>Date: Tue, 21 Oct 2003 18:02:12 -0400
>
> > After all most databases allow you to create SQL dynamically,
> > so you there is no reason not to do the same for XQuery.
>
>This is not really true. Most SQL systems I am familiar with allow you
>to submit a SQL-statement dynamically with known <dynamic parameter
>marker>s (question marks) in the statement in many locations where a
>constant value can be supplied.  But SQL systems do NOT provide a
>generalized eval() function that can take any SQL-statement at runtime.
>And I think this is what Dhruba was asking about.
>
>/paulc
>
>Paul Cotton, Microsoft Canada
>17 Eleanor Drive, Nepean, Ontario K2E 6A3
>Tel: (613) 225-5445 Fax: (425) 936-7329
>mailto:pcotton at microsoft.com
>
>
>
> > -----Original Message-----
> > From: talk-bounces at xquery.com [mailto:talk-bounces at xquery.com] On
>Behalf
> > Of Per Bothner
> > Sent: October 21, 2003 3:50 PM
> > To: Dhruba Borthakur
> > Cc: talk at xquery.com
> > Subject: Re: [xquery-talk] questions about security and dynamically
> > constructedqueries
> >
> > Dhruba Borthakur wrote:
> >
> > > 2. One XQuery implementation (that I am familiar with) has
>implemented
> > >   vendor extensions that allow constructing and executing a query
> > >   dynamically. Do other implementations support a similar
>functionality?
> >
> > I would expect most implementations would support this, possibly
> > exception those those that only support "stored queries".  After all
> > most databases allow you to create SQL dynamically, so you there is no
> > reason not to do the same for XQuery.  And implementation that are not
> > tied to a database will probably also mostly allow dynamic query
> > construction.  This certainly includes Qexo.
> >
> > Perhaps I'm misunderstanding your question.
> > --
> > 	--Per Bothner
> > per at bothner.com   http://per.bothner.com/
> >
> >
> > _______________________________________________
> > talk at xquery.com
> > http://www.x-query.com/mailman/listinfo/talk

_________________________________________________________________
Never get a busy signal because you are always connected  with high-speed 
Internet access. Click here to comparison-shop providers.  
https://broadband.msn.com

More information about the talk mailing list