Hello list, while playing with MapServer WFS Filter Encoding capabilities I found some strange things when it comes to form the DB-queries (the requested layer is PostGIS-driven).
It seems that there will always be a full table-scan and later on the FE will be applied. Is this done by design? Using URL-substitutions of the Search-keyword and apply it to a FILTER-element the resulting SQL-query has the given WHERE-filter set. But this opens the door for SQL-injections AFAIK. Setting the validation pattern is a little prevention. Are there any other ways to realize a keyword-driven search with MapServer beside FE IsLike or FILTER-substitution? I am using MS 5.6.5 on debian stable. TIA Stephan -- Stephan Holl <stephan.h...@intevation.de> | Tel.: +49 (0)541-33 508 3663 Intevation GmbH, Neuer Graben 17, 49074 OS | AG Osnabrück - HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: PGP signature
_______________________________________________ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users