> That is what I'm thinking of doing as well. What concerns me is all > of the SQL queries that would fail if I blindly add 'rowid' as a > column to every query. So it seems I need to be smart about what > queries to add it to, and I'm a little worried I'm going to miss > cases. In fact, I'm not exactly sure the best way to detect which > queries I can legally add 'rowid' to. For example, this query would > definitely fail: > > SELECT rowid, test1.name FROM test2, test1 WHERE test2.id = test1.id > > I'm wondering how you handled this problem.
I didnt let users enter SQL. I provided a form with fields that correspond to the columns in the table. They could enter a search string into the form in the name field if they wanted to search by name, in the city field if they wanted a specific city, etc. No ugly syntax issues for me and it's simple for them to understand and use.