0

One of the functionality that I'm developing allows end-user to view their own database like a Database Browser. I would like to allow them to Select and Update freely but not Drop or Delete. I'm using SQLite in this project.

Currently, I did through the dummy method by checking the input beforehand.I made sure the input doesn't contain specifically 'delete ' and 'drop '.(Case-insensitive and a single space). SQLite doesn't support Truncate so I ignored that one. In this case, any record namely 'delete' or 'drop' can still be queried.

As per my understanding, Parameterization doesn't suit in this context. Please enlighten me if there's a way to workaround this. Is the current method sufficient?

Improve this question
2
  • 1
    Pick an ORM that fits your use case. Commented May 8, 2020 at 6:28
  • 1
    SQLite don't have that functionality. Since this is main functionality, you need to choose a DBMS that supports it, like mysql or such which has Users and permissions concept built in. Commented May 8, 2020 at 6:54
Related questions
2
preventing my application from sql injection?
0
Database injection prevention c#
6
SQL Injection Prevention in .NET
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.