On 28 Oct 2017, at 1:44pm, Shane Dev <devshan...@gmail.com> wrote:
> sqlite> select * from sql; > insert into tab1 select 'example text'; > update tab2 set col2 = 123 where col2 = 1; > delete from tab3 where col1 = 2; > > For the first row, I could build a query using instr and substr functions > to extract the first word after INSERT INTO. That would work for most > simple INSERT statements, but it would fail if (for example) the statement > was prepended with a WITH clause which happened to contain the text "INSERT > INTO". Is there more generalized way of achieving this? Instead of your rows containing real column names and text, have them include parameter markers for everything that might change. For instance insert into $1 select '$2'; update tab2 set $1 = $2 where $3 = $4; delete from $1 where col1 = $2; By the way, I’m just one of the hundred people who read your design and thought "security nightmare". Anyone who can force your system to write that table, or can interfere with the reading of it, can make your system do whatever they want. This includes anyone who can meddle with that file on disk. You’d better have some good security around your system to make sure it can only be written by the things you want. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
