Does anyone have an idea how to implement a dynamic query over web services? For instance, taking an example like HQL I'd like to submit a string such as "Select Person.* from Person" and have a soap response returned containing an array of Person soap objects.
+1
A:
This doesn't really answer your question, but executing a dynamic query from a web-service is dangerous. If your service executes the query directly, your clients could potentially send in deletes/updates/inserts/drop table/etc. and mess up your database.
I would recommend implementing more specific service methods that accepts specific arguments and returns type-safe objects or collections.
Andy White
2009-04-28 01:05:36
+1 classic SQL Injection. Don't send SQL over the wire like that. :D
Chad Grant
2009-04-28 01:15:50
I was only going to expose read only capability as a dynamic query.
2009-04-29 21:13:25