Executing Template Files Using HTTP
Writing long SQL queries at the URL can get cumbersome. Instead, templates can be used to specify queries (SQL or XPath). The template file name is specified in the URL. A template is a well-formed XML document containing one or more SQL statements and XPath queries.
Using a template you can:
- Specify SQL queries or XPath queries. When XPath queries are specified in the template, the mapping XML-Data Reduced (XDR) schema file against which the query is to be executed is also identified in the template.
- Specify a top-level element for the XML fragment that is returned by executing SQL or XPath queries; thereby, making the result of executing the template in the URL a valid XML document.
- Define parameters that can be passed to SQL statements or XPath queries.
- Declare namespaces.
- Specify an Extensible Stylesheet Language (XSL) style sheet to apply to the resulting document.
Template files also enhance security. Because the URLs (and thus the queries in the URL) can be edited, by having the queries stored in a file (template file), you can prevent users from modifying the queries and obtaining information you do not want them to see.
The security is enforced by removing the URL query-processing service on the virtual root and leaving only the Microsoft® SQL Server™ XML ISAPI to process the files and return the result set. The virtual root is registered using IIS Virtual Directory Management for SQL Server utility.
Before templates can be specified in the URL, the virtual name of template type must be created using the IIS Virtual Directory Management for SQL Server utility. For more information, see Using IIS Virtual Directory Management for SQL Server Utility.