Re: Semi-customized queries? Subset of SQL? Accessing the parser? Injection?

On Tue, Nov 04, 2008 at 11:12:05AM -0800, Webb Sprague wrote:
> > If they're that smart, they're smart enough to deal with SQL, and
> > likely to be frustrated by a like-sql-but-not command language or
> > a GUI query designer.
> >
> > Instead, create a user that only has enough access to read data (and
> > maybe create temporary tables) and use that user to give them
> > a sql commandline.
> >
> > It'll be drastically less development effort for you, and the end result
> > is less likely to frustrate your users.
>
> Can't do that. (Or I wouldn't have asked the question.) Need a WWW
> interface, period.

Why not just write a web interface that accepts SQL and renders the
results into an HTML table? If you wanted to pretty it up a bit, you
could write an AJAX ditty to present a nice GUI query builder for those
that want it.

The fun thing, in my eyes, would be to sit down and define a new DSL
that exposes some subset of SQL that you're interested in. Once you've
learnt about parsing and lexing, transforming the result into SQL will
be easy. Coming up with an appropriately specific language would be a
good research project for someone, it'd be interesting to see how much
better than SQL it could be. You should be able to get the language a
bit more regular and tidy, but it would be interesting to see what your
users thought.

Sam