Dear Kim,
I'm planning to use BaseX as the database behind a web service. While implementing this web service, I ran into these issues:
- Is there a way to have an auto-incremented attribute added on every
insert of a certain element type?
You might specify the attribute counter within your XML file/database and increment it every time when you insert an element. A simple example:
input.xml: <root count="0"/>
insert.xq: let $root := doc('input.xml')/root let $count := $root/@count return ( insert node <node id='{ $count }'/> into $root, replace value of node $count with $count + 1 )
- How do I avoid XQuery injection? Currently I just use a whitelist of
characters that are allowed in user input. But what if I want users to be able to input special characters? How would I escape them in my queries? Did I overlook something in the API?
XQuery supports the full unicode range. Special XML characters (such as <, >, &, ", and ') need to encoded as entities; see e.g. http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_reference....
Hope this helps, Christian ___________________________
Christian Gruen Universitaet Konstanz Department of Computer & Information Science D-78457 Konstanz, Germany Tel: +49 (0)7531/88-4449, Fax: +49 (0)7531/88-3577 http://www.inf.uni-konstanz.de/~gruen