Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
nice_guy
Starting Member
3 Posts |
 Posted - 2008-11-18 : 08:48:50
|
I have a simple winform that allow users to paste their sql code and click on a button that runs this code on the sql server. This can be used for any type of code (update values, create tables/procedure/views/etc., drop objects and anything else).
My question - I would like to allow users to enter exactly 1 action per button click, i.e., the following shouldn't be allowed and I would like to catch this case and display an error message:
update students set name='x' where Name='x1'
update students set name='y' where Name='y1'
for the above code the user will have to run the first line first and then the second line.
how can I count the number of actions inside the user script (without parsing it and looking for words like create/alter/drop etc.)?
Thanks! |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2008-11-18 : 08:58:10
|
| this looks like a good candidate for sql injection attack. can you imagine what happens if somebody type drop table or drop database on screen and click ok? Or is it not a thing to worry for you? |
 |
|
|
nice_guy
Starting Member
3 Posts |
Posted - 2008-11-18 : 09:13:19
|
| my users are developers. they have access to the mngt studio anyway so it's not a problem... |
|
|
|
|
|
|
number of sql-actions in a query