AnsweredAssumed Answered

Potential for SQL injection using QueryDataSource

Question asked by bdaigle on Feb 4, 2015
Latest reply on Jun 2, 2015 by bdaigle

I would really like to start adding layers to my applications using Dynamic Layers and the QueryDataSource class.  This would allow me to display some relatively complex relationships on the fly with minimal input from users and without having to pre-symbolize and anticipate all possible combinations in a map service beforehand.

 

My only concern is that exposing SQL queries through a client-side application might open us up to SQL injection.  Is anyone out there working with the QueryDataSource class?  Are there any built-in safegaurds against SQL injection?

Outcomes