Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » DBISAM Technical Support » Support Forums » DBISAM General » View Thread |
Messages 1 to 5 of 5 total |
find text |
Tue, Aug 15 2006 1:23 PM | Permanent Link |
Nate | This is not specifically a dbisam question, but will be used with a dbisam query. I am adding a 'admin SQL' function to a form which will allow an administrator to manually enter an sql query
for my database. However, I do not want the administrator to be able to modify the database in any way (ie. no Delete, Insert, Update, etc.). I have a TMemo box in which the code will be entered, and then a button that when clicked performs the query and displays the results in a TDBISAM grid. I was going to have the memo box search for these words (delete, insert, etc.) before it can do an SQL query, but cannot figure out how to do a search on the memo box for this. Maybe there is an easier way to restrict any editing of the database from an SQL statement? Thanks |
Tue, Aug 15 2006 2:13 PM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Nate
>I was going to have the memo box search for these words (delete, insert, etc.) before it can do an SQL query, but cannot figure out how to do a search on the memo box for this. Pos('delete',LowerCase(Memo1.Lines.Text) Roy Lambert |
Tue, Aug 15 2006 2:28 PM | Permanent Link |
Nate | >Pos('delete',LowerCase(Memo1.Lines.Text)
Awesome, thanks that works. Also, does anyone have a list of functions that should be restricted? So far I have come up with: Delete Update Create Add Alter Insert There must be more than that though? Thanks |
Wed, Aug 16 2006 6:06 AM | Permanent Link |
adam | Dear Nate,
I always start with checking that the first word in the statement is "SELECT" ... using POS as shown above. Then you know at least the first part of any SQL is OK. Then if you also check for POS of ";" users can only write a single "SELECT" & cannot write additional sections of a script ... so you are safe. Watch out for checking for words like "delete", "insert", "Update" etc. as some DB Structures may have fieldnames using these, i.e. "UpdatedOrders" ... I know it is unlikely, but it does happen! Adam |
Wed, Aug 16 2006 1:53 PM | Permanent Link |
Bernd Kuhlmann | Nate,
> This is not specifically a dbisam question, but will be used with a dbisam > query. I am adding a 'admin SQL' function to a form which will allow an > administrator to manually enter an sql query > for my database. However, I do not want the administrator to be able to > modify the database in any way (ie. no Delete, Insert, Update, etc.). I > have a TMemo box in which the code will be entered, and then a button that > when clicked performs the query and displays the results in a TDBISAM > grid. > > I was going to have the memo box search for these words (delete, insert, > etc.) before it can do an SQL query, but cannot figure out how to do a > search on the memo box for this. > > Maybe there is an easier way to restrict any editing of the database from > an SQL statement? Do you use the database server? If yes, you could create a special database user who has only been granted the read right. Bernd |
This web page was last updated on Thursday, March 28, 2024 at 06:05 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |