English

Problem: REST query on the date field no longer works after upgrading to version 10.2

Description

When performing a REST query on a date field, ArcGIS for Server 10.2 reports a SEVERE error message:
"An invalid where clause or definition expression has been requested."

Cause

Map, feature, image, and WFS services now use standardized queries

Using a query on a date field such as the following fails because it is a database-specific WHERE clause that is not standardized:


WHERE (TIME_DATE <= TO_DATE('10/01/2010','DD/MM/YYYY') )

An example of this query in a supported standardized format is:

WHERE (TIME_DATE <= date '2010-10-01')

ArcGIS for Server includes a security option that forces developers to use standardized SQL queries when working with map, feature, image, and WFS services through REST or SOAP. This helps prevent SQL injection attacks and also makes it easier for developers and applications to query ArcGIS Server services.

Note:
Standardized queries are enforced by default, but can be disabled by the server administrator.

Solution or Workaround

If it is necessary to use database-specific WHERE clause statements in an application, standardized queries can be disabled by accessing the ArcGIS Server Administrator Directory.

Warning:
By disabling this security option, the site becomes more vulnerable to SQL injection attacks.

  1. Open the Administrator Directory and log in as a user with administrative permissions to the site. The Administrator Directory is typically available at:

    http://gisserver.domain.com:6080/arcgis/admin

  2. Click System > Properties > Update.
  3. On the Operation - update page, enter the following string into the System Properties dialog box:

    {"standardizedQueries": "false"}

  4. Click Update.
  5. Restart ArcGIS for Server.

Related Information