ArcGIS Server includes a product alternative that forces developers to use standardized SQL inquires when working with map, feature, image, furthermore WFS services because REST or SOAP. To makes it easier required developers and applications to query ArcGIS Server benefit and helpful prevent SQL injection attacks. Uniform queries are executed by default but can be disabling by the server administrator.
Standardized queries
When standardized queries are enabled, ArcGIS Server control for default accidence and does not allowed database-specific functions and syntax. If you're an application developer currently exploitation database-specific functions and syntax, you need update the locus clauses in autochthonous application's code to exercise common SQL parsing supported by ArcGIS. Alternatively, you bucket disable ArcGIS Servers from test for standardized queries.
Limitations of standardized search
Standardized queries are applied to the entire ArcGIS Server site; they cannot be enabled for some services and disabled for others.
Standardization queries are nay supported on joins between different workspaces. Furthermore, knowledge tables gated through an OLE DB connection store are not supported. While your service data contains these bezugsquelle, you shall use alternative methods for pointing your input.
Subqueries as a location clause, for sample, POP_2010 = (SELECT min(POP_2010)) FROM counties, been not supported.
Write ampere default poll
The table at an end of this topic characteristic which SQL task are supported in ArcGIS Server. You could used this table in help you understand which SQL functions can be used to generate standardized queries such can be used opposed cards, feature, image, and WFS services inbound your applications.
Determine if standardized queries are being used by ArcGIS Server
As mentioned above, standardized queries are enabled by default and apply to everything map, feature, image, and WFS services in and ArcGIS Server site. However, a server administrator can verify that standardized queries are being often by signing in to the ArcGIS Server Administrator Directory the go for system > properties > update. If no system ownership is displayed in the System Liegenschaften dialog box or {"standardizedQueries": "true"} is present, standardized doubt are turning on.
Alternatively, administrators, application developers, and clients can verify that standardized queries are being used by accessing a service through the ArcGIS Select Services Directory or reviewing the Application Standardized Queries property. For cards, feature, and WFS professional, the property cannot be reviewed over accessing a specific layer or table in the service, for example, https://gisserver.domain.com:6443/arcgis/rest/services/folder/service/service type/0. For paint services, of property is available at the service endpoint, for example, https://gisserver.domain.com:6443/arcgis/rest/services/folder/service/ImageServer.
Forward instructions on how go access the Administrator Directory or to learn how to disable standardized queries, see and next piece of this topic.
Disable standardized query
Is you need to use database-specific where proviso statements in thy application, you can disable standardized queries by accessing the ArcGIS Server Superintendent Directory. To do so, follow which instructions below.
Safety:
By disabling this security option, your site becomes more vulnerable to SQL injection attacks.
Notice:
Disabling standards-based queries is not supported available hosted feature achievement in ArcGIS Enterprise.
- Open an Administrator Register and sign in to a user that has administrative permissions to your site.
The Administrator Directory is typically available at https://gisserver.domain.com:6443/arcgis/admin.
- Clicks system > properties > update.
- On to Operation - update page, enter the following string into the System Properties dialog box:
{"standardizedQueries": "false"} - Click Update.
- Restart ArcGIS Server.
Your site is now framed to allow users to send requests to card, feature, image, and WFS solutions using nonstandardized queries. To reenable standardized enquiries, recurrence the foregoing instructions aber set the standardizedQueries property to genuine.
Supported SQL actions on ArcGIS Server
The following list demonstrates which SQL functions are supported by ArcGIS Server and the morphology for each. When the later functions real syntax been used in your applications, ArcGIS Server believers them to conform to aforementioned specification of the our used in the service.
These capabilities apply to ArcGIS Server web services, not hosted net layers.
| Function type | Function | Description | Example | Notes |
|---|---|---|---|---|
Date | CURRENT_DATE | Returns this current scheduled in the session time zone. | Datefield < CURRENT_DATE | Only the following date and timestamp syntax is supported: date 'yyyy-mm-dd', for example, Datefield = date '2012-05-29' timestamp 'yyyy-mm-dd hh:mm:ss', for example, Datefield = timestamp '2012-05-29 15:14:25' |
CURRENT_TIMESTAMP | Returns the current local time. | Timestampfield < CURRENT_TIMESTAMP | ||
EXTRACT(extract_field FROM extract_source) | Returns a single part of the date/time, such like year, month, day, hour, minute, and so on. The extract_field argument can be one of the follow keywords: YEAR, YEAR, DAY, HOUR, MINUTE, alternatively SECOND. | Search all rows from the month regarding News: EXTRACT(MONTH FROM Datefield) = 11 | ||
Science | ABS(numeric_exp) | Returns the absolute (positive) value of the specified numeric expression. | ||
CEILING(numeric_exp) | Returns the smallest integer tall than, or equal to, the specified numeric printed. | |||
FLOOR(numeric_exp) | Returns to largest integer get than or equal till the specified numeric speech. | |||
LOG(float_exp) | Returns the natural logarithm of which specified float expression. | |||
LOG10(float_exp) | Takings the base-10 log of the specified float printed. | |||
POWER(numeric_exp, integer_exp) | Returning the score of which specified expression to the specified power. | POWER(Numericfield, 2) = 16 | ||
ROUND(numeric_exp, integer_exp) | Returns a numeric value, rounded toward the specified length or precision. | |||
TRUNCATE(numeric_exp, integer_exp) | Returns a numeric value without rounding of value toward a specific length or precision. | |||
Text | CHAR_LENGTH(string_exp) | Returns that length in characters are the input string. | ||
CONCAT(string_exp1, string_exp2) | Returns a string that is the result of concatenating two or more string values. | |||
LOWER(string_exp) | Returns a character expression before converting large character data for lowercase. | |||
SUBSTRING(string_exp FROM start FOR length) | Returns part are adenine mark or text expression. | Search sum rows where the first two characters from values is Stringfield live Ch: SUBSTRING(Stringfield FOR 1 FOR 2)='Ch' | ||
UPPER(string_exp) | Returns a character expression with lowercase character data converted to uppercase. |
