ArcGIS Online includes a security configuration option that forces developers to use standardized SQL queries when working with hosted feature layers. This makes it easier for developers and apps to query hosted feature layers and helps prevent SQL injection attacks. The option to allow only standard SQL queries is enabled by default.
Limitations of standardized queries
- Standardized queries are applied to your entire organization; they cannot be enabled for some layers and disabled for others.
- Standardized queries are not supported on joins between different workspaces.
- Subqueries as a where clause, for example, POP_2010 = (SELECT min(POP_2010) FROM counties, are not supported.
- Queries from database services, for example, Windows Azure SQL Data, are also not supported.
Which SQL functions are supported in ArcGIS Online?
If you're an app developer currently using database-specific where clause syntax, you'll need to update the where clauses in your app's code to use common SQL syntax supported by ArcGIS Online. The following list shows which SQL functions are supported and the syntax for each. When the following functions and syntax are used in your apps, ArcGIS Online converts them to conform to the specification of the database used by the feature layer.
Returns the current date in the session time zone.
Datefield < CURRENT_DATE
Only the following date and timestamp syntax is supported:
date 'yyyy-mm-dd', for example, Datefield = date '2012-05-29'
timestamp 'yyyy-mm-dd hh:mm:ss', for example, Datefield = timestamp '2012-05-29 15:14:25'
Returns the current local time.
Timestampfield < CURRENT_TIMESTAMP
EXTRACT(extract_field FROM extract_source)
Returns a single part of the date/time, such as year, month, day, hour, minute, and so on.
The extract_field argument can be one of the following keywords: YEAR, MONTH, DAY, HOUR, MINUTE, or SECOND.
Search all rows from the month of November:
EXTRACT(MONTH FROM Datefield) = 11
Returns the absolute (positive) value of the specified numeric expression.
Returns the smallest integer greater than, or equal to, the specified numeric expression.
Returns the largest integer less than or equal to the specified numeric expression.
Returns the natural logarithm of the specified float expression.
Returns the base-10 logarithm of the specified float expression.
Returns the value of the specified expression to the specified power.
POWER(Numericfield, 2) = 16
Returns a numeric value, rounded to the specified length or precision.
Returns a numeric value without rounding the value to a specific length or precision.
Returns the length in characters of the input string.
Returns a string that is the result of concatenating two or more string values.
Returns a character expression after converting uppercase character data to lowercase.
SUBSTRING(string_exp FROM start FOR length)
Returns part of a character or text expression.
Search all rows where the first two characters from values in Stringfield are Ch:
SUBSTRING(Stringfield FROM 1 FOR 2)='Ch'
Returns a character expression with lowercase character data converted to uppercase.