Typically when creating a simple tool or something that has to use a database, I go through the fairly long process of first creating a webservice that connects to a database then creating methods on this webservice that do all the type of queries I need.. methods like

List<Users> GetUsers()
{
    ...
}
User GetUserByID(int id)
{  
    ...
}
//More Get/Update/Add/Delete methods

Is it terrible design to simply make the webservice as secure as I can (not quite sure the way to do something like this yet) and just make a couple methods like this

SqlDataReader RunQuery(string sql)
{
     ...
}

void RunNonQuery(string sql)
{
     ...
}

I would sorta be like exposing my database to the internet I suppose, which sounds bad but I'm not sure.

I just feel like I waste so much time running everything through this webservice, there has to be a quicker yet safe way that doesn't involve my application connecting directly to the database (the application can't connect directly to database because the database isn't open to any connections but localhost, and where the appliction resides the standard sql ports are blocked anyway)

Especially when I just need to run a few simple queries