hi guys i've posted this on both the SQL and ASP.Net forums cause i ain't sure which one i should use so sorry about clogging up the message board.

Basicly i'm a newbie with ASP.net and i was looking for somw help with this query

i got a site and as part of the functionality i need to create a page where the user can create their own SQL statements to query a database (obc one thats connected to the web page). I got fairly basic knowledge when it comes to asp.net but i know how to access stored procedures and basic DB conectivity, but i've know idea how to do it when the user is meant to define the whole query from multiple tables (if possible) i know its asking a lot but any advice no matter how small would be appriciated...oh and while i remember its an Access DB im connecting to.

That's a very bad idea. A user could craft any statement they like? They could wipe out the entire database.

Your question is a bit too general to give a meaningful answer. Give them a textarea, and pass in what they type as the value of the CommandText property.

tgreer
Is 100% correct. What you are asking is dangerous and breaks the rules of n-tier application development.

But as tgreer mentioned, please provide more information, because what you are asking is not very clear, in the sense of why would you ever give such control to an end user?

That's a very bad idea. A user could craft any statement they like? They could wipe out the entire database.

Your question is a bit too general to give a meaningful answer. Give them a textarea, and pass in what they type as the value of the CommandText property.

This article has been dead for over six months. Start a new discussion instead.