- From: Austin William Wright <aaa@bzfx.net>
- Date: Fri, 27 Jul 2012 05:11:03 -0700
- To: David Booth <david@dbooth.org>
- Cc: semantic-web <semantic-web@w3.org>
- Message-ID: <CANkuk-WORhhghoj=GV8+p4_yKyRkd98mHJ3W+cmFkz+R9_9fAQ@mail.gmail.com>
On Thu, Jul 26, 2012 at 1:06 PM, David Booth <david@dbooth.org> wrote:
>
> There doesn't seem to be any sort of community consensus on preferred
> syntax for indicating parameters in a SPARQL template. Several syntaxes
> were mentioned:
>
> {?foo} %{foo} %2 $foo ${foo}
I'll echo Steve Harris's concerns about security. You shouldn't place
variables inside string literals, that's asking for trouble. Why invent a
new variable/placeholder when one already exists? Almost certainly you
should be passing a raw query, and binding values onto variables at
query-time, or some equivalent if you can't do this on the query engine
level:
var query = SPARQLSubstitute( "SELECT * { ?president foaf:givenName
?firstName; foaf:familyName ?lastName. }" , {firstName: "Bill",
lastName:"Clinton"} );
For instance, modify a SPARQL lexer/parser to parse the query string for
particular variables, and substitute them with the (properly escaped)
value. No new, special syntax is necessary. You can probably get by
implementing subset of the SPARQL syntax since if you assume a well-formed
query, you only need to parse for variables and string literals (and maybe
comments). Luckily the SPARQL standard publishes a fairly readable grammar,
I wrote a parser in Javascript for all of SPARQL 1.1 in a fairly short
amount of time. (I might try this out tomorrow.)
Like you point out, you can't pass variable values over the HTTP query
protocol, a standard to do this over HTTP is very much needed.
Austin Wright.
Received on Friday, 27 July 2012 12:11:31 UTC