Validating sql stored procedures functions views
Default values can be supplied for parameters, and input values can be validated by Regular Expressions to eliminate the risk of SQL injection attacks. This is the case for most SQL statements, but in some databases special syntax may be needed to call stored procedures.Also, all the columns returned by the SQL statement must have names.In many spatial databases the SRID is equal to the EPSG code for the specific spatial reference system, but this is not always the case (for instance, Oracle has a number of non-EPSG SRID codes).If stable feature ids are desired for the view’s features, one or more columns providing a unique id for the features should be checked in the Identifier column.
Starting with Geo Server 2.1.0, layers can also be defined as SQL Views.
Parameters can have default values specified, to handle the situation where they are not supplied in a request.
Even more usefully, SQL View queries can be parameterized via string substitution.
Parameter values can be supplied in both WMS and WFS requests.
Always ensure these attributes generate a unique key, or filtering and WFS requests will not work correctly.
Once the query and the attribute details are defined, press request parameter.