You may access the data found in the Minnesota CTU database via a web service interface using the file query.pl. This allows end users to create programs that use the data without having to store it in a local database, thus avoiding the need to periodically update the local data source to reflect changes.
Querying this data is accomplished by sending parameters which get converted into a SQL statement on our server. Results are returned to the requesting process in XML format. Prior to the construction of the SQL statement on our server, the user supplied parameters are parsed and sanitized (i.e. words such as 'drop', 'delete' and characters such as ";" are removed to prevent SQL injection attacks).
When a properly formatted query is sent to query.pl, results are returned wrapped in a <response></response> tag. Each line of response is wrapped in a <result> tag. Additionally, to assist in development / debugging, the response also includes the following fields:
<ERROR>: An error message in the event a blocked string was included in the
other parameters
<SELECT>: The select clause as received by our server.
<WHERE>: The where clause as receive by our server.
<ORDER>: The order clause as receive by our server.
<SQL>: The SQL statement created as a result of the parameters sent, and
processed by our database.
select: A comma separated list of fields you wish returned. Fields are case insensitive. Available fields are:
GNIS_FEATURE_ID_INTEGERwhere: Any valid SQL limiting where clause (excluding the word 'where')
order: Any valid SQL ordering clause (excluding the words 'order by')