Menu
I am going to provide SQL console like data.stackexchange.com for developers on one of the sites I have. The problem is I can not let them execute all type of SQL. So there will be some constrains. Here are some example constrains
COUNT() functionLIMIT with maximum value 100
5
SELECT statements will be allowed to be used.I using regular expression to filter these. Also planning to invoke EXPLAIN or similar query to determine its impact in db prior to executing.
Is there any better way than regex? How it's done on data.SE? Is there anything else I should be worried about?
These two rules can be applied by restricting user permission in database server.
SELECT statements will be allowed to be used.So only problem is to validate the SQL
I know If I write an SQL parser it'll do. It'll be like writing JS interpreter just remove eval() as its bad practice. So writing an SQL parser from scratch is really not an option. here.
572
To validate the sorting data from SQL we can use the order by clause. We can validate the data in sorting manner using order by clause. In Real life example if you want to sort the employee data according to alphabetical order then with using order by you can sort it using a single query.
You can create new grammar for yacc, that contains subset of SQL. Than you able to check input SQL with this grammar. SQL lex yacc grammar
102
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
