I need to allow users to enter SQL select statements in my web application; these select statements will be used to generate the options in a customized dropdownlist.
So I have a field on the UI where the user enters a select; how to prohibit the user of entering an insert/update/delete? I could check that the first statement word is select however they could enter multiple statements on the UI separated by semicolons.
Aucun commentaire:
Enregistrer un commentaire