Sometimes when coding a client-server application, the client needs to make a bulk update. For example: “mark all pending orders as dispatched”. To implement these I typically write specific controller methods, which perform the required database operation.
It crossed my mind that theoretically this could be done without specific controller methods. In a simple approach, the client could iterate through the pending orders (which it can already access) and mark each as dispatched (again, it already has a call to do this). The problem with that approach is that it causes many network round-trips, increasing latency.
But this made me wonder, is there some kind of generic client-server query/update language? I would hesitate to allow SQL from client to server, unless I could create some very tight controls to prevent SQL injection. But in principle I want to client to tell the server to “UPDATE orders SET status=’dispatched’ WHERE status=’pending'” – and the server to action this, while enforcing any security controls applicable to the current user.
I figured this probably already has a solution, I just don’t know the name of it – hence this question. Any help appreciated.
Edit: on reflection, maybe this is a bad idea. When I explicitly code a controller, I can ensure the database has appropriate indexes to make the update efficient. If the query only exists on the front-end, then ensuring appropriate indexes are in place creates an uncomfortable front/back dependency.
flask-restless supports this behaviour with it’s multiple patch feature.
PUT /api/person
Sets specified attributes on every instance of Person
which meets the search criteria described in the q parameter.
I still don’t know the name for this general technique, but this does what I need.
Look into the SQL COPY command. It can take data as input and insert it into a table. So, SQL injection would not be an issue. You would just have to require a data-format for the file, or build an interface for the user to specify it.
4