Does anyone have an idea how to implement a dynamic query over web services? For instance, taking an example like HQL I'd like to submit a string such as "Select Person.* from Person" and have a soap response returned containing an array of Person soap objects.
From stackoverflow
-
This doesn't really answer your question, but executing a dynamic query from a web-service is dangerous. If your service executes the query directly, your clients could potentially send in deletes/updates/inserts/drop table/etc. and mess up your database.
I would recommend implementing more specific service methods that accepts specific arguments and returns type-safe objects or collections.
Chad Grant : +1 classic SQL Injection. Don't send SQL over the wire like that. :D
0 comments:
Post a Comment