public static RepositoryItem[] executeQuery(Repository repository, String query,Object[] params)
{
RepositoryItem[] data = null;
try {
RepositoryView repositoryView = repository.getView(viewName);
RqlStatement statement = RqlStatement.parseRqlStatement(query);
}
}
The query is a parameterized query.
Depending on which database your are using, you could define the SQL connection or DBConnectionPool using credentials of a user which has readonly access. Any statement which is unauthorized will be rejected by the DBMS.