Is executing SQL through a WebService a really bad idea?
Posted
by
Kyle
on Programmers
See other posts from Programmers
or by Kyle
Published on 2012-07-04T15:06:34Z
Indexed on
2012/07/04
15:23 UTC
Read the original article
Hit count: 220
sql
|web-services
Typically when creating a simple tool or something that has to use a database, I go through the fairly long process of first creating a webservice that connects to a database then creating methods on this webservice that do all the type of queries I need.. methods like
List<Users> GetUsers()
{
...
}
User GetUserByID(int id)
{
...
}
//More Get/Update/Add/Delete methods
Is it terrible design to simply make the webservice as secure as I can (not quite sure the way to do something like this yet) and just make a couple methods like this
SqlDataReader RunQuery(string sql)
{
...
}
void RunNonQuery(string sql)
{
...
}
I would sorta be like exposing my database to the internet I suppose, which sounds bad but I'm not sure.
I just feel like I waste so much time running everything through this webservice, there has to be a quicker yet safe way that doesn't involve my application connecting directly to the database (the application can't connect directly to database because the database isn't open to any connections but localhost, and where the appliction resides the standard sql ports are blocked anyway)
Especially when I just need to run a few simple queries
© Programmers or respective owner