Kristoffer Danielsson wrote: > Consider an application where the user enters a search string: > SELECT Year FROM Car WHERE Brand = 'Audi' > > Now I want to add some conditions, depending on settings in the application. > For instance, I would like to modify the above SQL string to get this: > SELECT Year, Color FROM Car WHERE Brand = 'Audi' AND DateCreated > > '2008-10-10' > > Obviously, making string replacements is not a good idea. The only smart > solution is to somehow edit the tree-representation of the SQL statement. > Probably the same technique used for statement optimization. > > The parser is already there so the question is; how do I edit the > SQL-statement on a low level, before executing it? > > Thanks.
A better safer solution for most cases is to not let user type raw SQL at all, but rather you can just provide a collection of form fields where they enter the basic information and then you generate a SQL query from it. In that case, you are *starting* with the tree as it were. -- Darren Duncan _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
