I'm planning to allow users to make database queries through a web page. I'm thinking of letting the user provide the string that goes between SELECT and FROM using the sqlite3 command tool, but what kind of input checking is then needed?
Obviously, I need to check that the input doesn't contain any semicolons, otherwise the user could enter something like "; DROP big_table;". But is there anything else that needs checking? I only want to make sure that the user can't change anything. If the query is too big and will take forever, that's fine for now. xkcd comes to mind: http://xkcd.com/327/ :) -- Steinar _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
