I would really like to start adding layers to my applications using Dynamic Layers and the QueryDataSource class. This would allow me to display some relatively complex relationships on the fly with minimal input from users and without having to pre-symbolize and anticipate all possible combinations in a map service beforehand.
My only concern is that exposing SQL queries through a client-side application might open us up to SQL injection. Is anyone out there working with the QueryDataSource class? Are there any built-in safegaurds against SQL injection?