In a project I work on I need the admins (not really programmers) to be able to specify pieces of SQL that are to be evaluated to compute the value of some fields. The number of people how have this level of access is very small but nevertheless this gives them too much power. They might cause a lot of problems with incorrect SQL.

They are supposed to use only things like

if @variable = ''
  SET @value = 'No option selected!'
else
  SET @value = 'They selected ' + @variable + '.'

[download]
That is they should be allowed to use only "SET", "IF', "ELSE", "BEGIN", "END", execute a few carefully selected stored procedures, use several selected functions like SUBSTR and CHARINDEX etc.

A message saying "You are doing something potentialy dangerous, please don't". would be just great.

Did anyone ever did something like this? Does anyone have a MS SQL (2000) parser that I could use to parse the SQL before I start looking whether they are using only the allowed stuff?

Thanks, Jenda
Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.
   -- Rick Osborne

In reply to (MS) SQL statement filtering by Jenda

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.