Dear Kim,
I'm planning to use BaseX as the database behind a web service. While implementing this web service, I ran into these issues: 1) Is there a way to have an auto-incremented attribute added on every insert of a certain element type?
You might specify the attribute counter within your XML file/database and increment it every time when you insert an element. A simple example: input.xml: <root count="0"/> insert.xq: let $root := doc('input.xml')/root let $count := $root/@count return ( insert node <node id='{ $count }'/> into $root, replace value of node $count with $count + 1 )
2) How do I avoid XQuery injection? Currently I just use a whitelist of characters that are allowed in user input. But what if I want users to be able to input special characters? How would I escape them in my queries? Did I overlook something in the API?
XQuery supports the full unicode range. Special XML characters (such as <, >, &, ", and ') need to encoded as entities; see e.g. http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_reference.... Hope this helps, Christian ___________________________ Christian Gruen Universitaet Konstanz Department of Computer & Information Science D-78457 Konstanz, Germany Tel: +49 (0)7531/88-4449, Fax: +49 (0)7531/88-3577 http://www.inf.uni-konstanz.de/~gruen