SQL over HTTP using JSON-RPC

[Raymund]

Just like to share a project I am doing which would enable clients to send SQL statements over HTTP using JSON-RPC, with the SQL statement in the params member. For security, whitelist validation is done using a dictionary, and table/column field names conversion so not to expose real database table/column names.

The script can be accessed at: https://github.com/ray-ang/rpc-ql/blob/master/rpc-ql.php

Line 110 is where SQL can be prepared using PDO. Use '?' as placeholder and query_data inside params for values in array. Also, make sure to reflect 'result' => $mod_query in response object to reflect the right result variable.

I tried this and was able to make database queries using Postman.

Raymund

[Raymund]

Use the GET method to view the whitelist dictionary and the POST method to access the function itself.

[Raymund]

I have updated the code to reflect a working example of SQL over HTTP using JSON-RPC v2.0 format.

https://github.com/ray-ang/rpc-ql/blob/master/rpc-ql.php

Is anyone working on the same functionality? Maybe using a different programming language?