[xquery-talk] questions about security and dynamically constructedqueries

Per Bothner per at bothner.com
Wed Oct 22 11:43:17 PDT 2003

Paul Cotton wrote:
>>I assumed that most relational databases have query interface where
> you
>>can type in SQL queries and get results back, so at least in that
> sense
>>you can create SQL dynamically.
> Yes they do.  
> This is actually called "direct invocation of SQL" or "direct SQL", is
> very different than "dynamic SQL" and is NOT supported through any of
> the defined API's (e.g. embedded, CLI, JDBC, etc.).  In fact it should
> probably be consider an API in itself.  

I'm missing something here.  In JDBC you can create an SQL query at 
run-time by pasting together a String and passing that to the 
executeQuery method.  Is that considered "direct SQL"?  If so, it 
appears well-supported by at least JDBC.

(I admit we're getting a bit off-topic here ...)
	--Per Bothner
per at bothner.com   http://per.bothner.com/

More information about the talk mailing list