The dcterms:
prefix has a typo
The dcterms:
prefix is incorrect (it has subject
at the end). It should be
http://purl.org/dc/terms/
Use ParameterizedSparqlStrings to avoid injection problems
Also, the way that you're splicing the uri
parameter into the query is a bit brittle, and it's subject to injection attacks. E.g., what would happen if uri
were the following string?
> <>* <> . <http://example.org/secretData> ?anyProperty ?comment . #
You'd leak information about http://example.org/secretData
, since <> <>* <>
will always match, and then you'd bind ?comment
to all the values of any property of http://example.org/secretData
. There's an example of how to do this in this answer to get latitude and longitude of a place dbpedia.