Re: Semi-customized queries? Subset of SQL? Accessing the parser? Injection?

> Or do it with simple combo boxes if you
> want to limit the users to crippled queries.)

I want to limit my users to *half* crippled queries -- arbitrary
column lists, where clauses, group by lists, and sort by lists.  I
want to make sure that they aren't doing any data modifications nested
inside a where clause or a column definition as a subquery.

> I don't see anything that suggests hacking the SQL parser
> is going to be a useful thing to do.

I would think that I could *use* (definitely not hack -- good god!)
the parser to ask how deep the nested subqueries are, etc.

> I'm guessing that roles, constraints, resource limits and possibly
> a sacrificial replicated database will provide the answer to your
> actual problem, but we'd need to know what that is first.

I am thinking that I may need to give them all, as in all or
nothing..., and kind of follow David Wilson's plan above.  I was
hoping someone had already done what Sam Mason suggested as being the
"fun thing", though ...

Oh -- I think query builders are a thing of the devil.

Thanks to all for putting up with my lack of good of writing.
-W