Sending SQL queries as strings from client to WCF service.
Posted on 2011-03-14
This is a Software Architecture question and not a technical question. Let me start to explain what the problem is with the following simplified example:
- My boss wants to make two cliënt applications (for instance CustomerWinform + CustomerASPWebsite) and a WCF service called CustomerService.
- He wants CustomerWinform and CustomerASPWebsite to construct the SQL queries they need themselves and pass these trough to CustomerService. CustomerService will execute the received SQL query, apply logic when needed and send data back.
- So quite literally:Enduser clicks on button in CustomerWinForm and the query "SELECT * FROM Customer WHERE Id = 1" will be concatenated together. This string will be passed to method GetCustomer(query As String) in CustomerService. The service will execute the query and return data.
This breaks so many common practices, I don't even know where to begin. I need other experts with good arguments why not to do this. So I can convince the others why we shouldn't do this. I'm confident that we shouldn't. Unless ofcourse the experts on this forum tell me this is the best thing ever since paperclips.