Web Service to talk to SQL server database using custom queries
Posted on 2014-02-14
I have client with SQL server database on their server. They don't want to open the SQL server database to "world" so I thought that I could talk to it I could have say a web service? (previously used VPN but that is no longer)
I don't want client to have all the queries I use (not for any "bad" reason, rather just that we've taken a long time to develop).
So, on client side a service with method say something like
function GetData(theQuery as string)
do database stuff
The problem with this might be SQL injection with variable theQuery ? how to prevent?
I know could use stored procedures, but to do that again the client would know all the queries I use