[xquery-talk] questions about security and dynamically
constructedqueries
Per Bothner
per at bothner.com
Wed Oct 22 11:43:17 PDT 2003
Paul Cotton wrote:
>>I assumed that most relational databases have query interface where
>
> you
>
>>can type in SQL queries and get results back, so at least in that
>
> sense
>
>>you can create SQL dynamically.
>
>
> Yes they do.
>
> This is actually called "direct invocation of SQL" or "direct SQL", is
> very different than "dynamic SQL" and is NOT supported through any of
> the defined API's (e.g. embedded, CLI, JDBC, etc.). In fact it should
> probably be consider an API in itself.
I'm missing something here. In JDBC you can create an SQL query at
run-time by pasting together a String and passing that to the
executeQuery method. Is that considered "direct SQL"? If so, it
appears well-supported by at least JDBC.
(I admit we're getting a bit off-topic here ...)
--
--Per Bothner
per at bothner.com http://per.bothner.com/
More information about the talk
mailing list