Drop Down Boxes And Dynamic SQL

Posted on 2005-03-03
Medium Priority
Last Modified: 2013-12-12

I was hoping somebody had a class or examples of this.

I need to have a box on a webpage that the user can type SQL into. However, the user also needs the option of being able to create the SQL using drop down boxes.

So if a user chooses drop down boxes, the sql would be created based on that. but if they entered the SQL into a text box, the drop down boxes would be selected to match the query criteria.

The drop downs and the text box wont have to be on the same page. There will be a basic page with the drop downs on and then an advanced page for the text box or if its easier, they'd both be on the same page. it doesn't matter which.

The SQL entered could be INSERT, UPDATE, DELETE, but not DROP or anything that could do major damage.

Thanks for any help.

Question by:m4cc4
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

gruntar earned 1000 total points
ID: 13456538
i would advise you not going this way (letting users to type their own SQL queryes). Why? First of any query except insert or select can do major damage.

for instance
UPDATE sometable SET colname1='', colname2=''...   // this way would replace all data with empry strings in all rows because of a missing where part. Same goes to delete statement
DELETE FROM tablename:  // no where clause, dis would delete all rows from that table

So, you see where this goes.. Do you really wanna do this?


Author Comment

ID: 13457029
Thanks for the advice, but i need to find a way to do this.

The drop downs and boxes will be in an admin section which only certain users will be able to access.


Assisted Solution

AlanJDM earned 1000 total points
ID: 13458440
With all due respect, you are opening a huge can of worms here. Not to mention the glaring security issues already touched on by gruntar, to accept freeform text as a query is a huge job. You have to write a complete parsing system that recognizes every SQL function, keyword and operator and understand the rules behind each one if you are going to offer any kind of error messages when they type in a bad query.

For example, what if I where to enter this...

select * from table where field = dog

Obviously an error because the value needs to be quoted because it is text field. How would you handle this?

And then, to have the text boxes update to match the query, another big job. Even if the query is syntacticly correct, what if they refer to fieldnames that dont correspond to the dropdown boxes? They query may be correctly typed in and it may run fine, but there would be no way to update the dropdon boxes because the user queried different fields than the ones the dropdowns represent.


LVL 10

Expert Comment

by:Kshitij Ahuja
ID: 15658898
No comment has been added to this question in more than 21

days,so it is now classified as abandoned..
I will leave the following recommendation for this question in

the Cleanup topic area:
[Points Split {AlanJDM} and {gruntar}]

Any objections should be posted here in the next 4 days. After

that time, the question will be closed.

Kshitij Ahuja
EE Cleanup Volunteer

Featured Post

WordPress Tutorial 3: Plugins, Themes, and Widgets

The three most common changes you will make to your website involve the look (themes), the functionality (plugins), and modular elements (widgets).

In this article we will briefly define each again, and give you directions on how to install them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question