Is there an extensible SQL like query language that is safe for exposing via a public API?

I want to expose some spatial (and a few non-spatial) datasets via a public API. The backend store will either be PostgreSQL/PostGIS, sqlite/spatialite, or CouchDB/GeoCouch.

My goal is to find a some, preferably standard, way to allow people to make complex spatial queries against the data. I would like it to be a simple GET based request. The idea is to allow safe SQL type queries, without allowing unsafe ones. I would rather modify something th开发者_StackOverflow中文版at is off the shelf than doing the entire thing myself. I specifically want to support requesting specific fields from a table; joining results; and spatial functions that are already implemented by the underlying datastore.

Ideas anyone?

Have a look at CQL in geoserver (and other places such as geotools). It is a safe way to filter the results and doesn't expose raw SQL.

http://docs.codehaus.org/display/GEOTDOC/14+CQL

If you want you could also implement the CQL language in a servlet or something like that. It would be relatively simple to do through geotools.

I think I found what I was looking for: odata, Microsoft's newly released specification.