SQL vs XML for data transfer

Question

I am new to the world of web services and web APIs. I've noticed most companies offer an XML or JSON based connection that basically takes data from their database and encodes it into their format of choice. My question is, why don't I see anyone offering some sort of SQL connection?

At first i thought it was security. But with MySQL you can limit a users access all the way down to a specific column. You can allow them to only view, or only insert. You can create views and stored procedures to perform joins or veil your true backend structure. You can use an ssl connection to properly encode transmitted data. So really i think the only difference is style. It seems to me people would rather have me write

$conn->getWidgetAttr('widgetName');

rather than

SELECT widgetName FROM widgets;

Can someone tell me what I'm missing here?

Answer 1

1. Configuration complexity. It is difficult to configure permissions for all users, for all possible use cases.
2. Security. Exposing database connection and query is not secure, and offers a wide possibility of sql injection / exploit attacks.
3. Contract stability. Hiding implementation details on how items stored in the database allows you to change underlying storage without breaking exiting clients. For example, at one point you may decide replace sql server with mongodb.
4. Firewalls issue. Http connections are widely available, port 80 is open for most operations with web api, while exposing sql server port (default 1433) may impose additional deployment cost.