Re: [json] Expressing SQL queries in JSON
- Gene Berger a écrit :
> You should only give your user's the options on a screen of what fields toYes the user would have a nice graphical interface to specify which
> choose, not have them write out the fields names themselves. (Is that what
> you are doing?) You would face a big inject attack if you let them write
> the SQL fields themselves.
fields he wants. Also, I would validate the fields names on the backend
before creating the SQL query.
[Non-text portions of this message have been removed]
- --- In firstname.lastname@example.org, Guillaume Filion <gfk@...> wrote:
> SELECT std_id, code, lastname, firstname FROM students
> WHERE prog IN ('200A0','200A1') AND decision LIKE 'A%'
> ORDER BY cote_mix DESC
> But I feel like I'm re-inventing the wheel here...
> Is there already a specification for expressing an SQL query in JSON?
But you may take a look to myPatterns.free.fr, too, which complements LINQ with JSON patterns.