On Thu, Aug 27, 2009 at 9:43 AM, Kelly Jones<kelly.terry.jones@xxxxxxxxx> wrote: > Many sites let you search databases of information, but the search > queries are very limited. > > I'm creating a site that'll allow arbitrary SQL queries to my data (I > realize I'll need to handle injection attacks). > > Are there other viable ways to query data? I read a little on > "Business System 12" (BS12), Tutorial D, and even something called > T-SQL (I think), but they all seem theoretical and not fully > implemented. > > I want a query language that non-techies can use easily, but also > supports arbitrarily complex queries. Does such a language exist? SQL is your best bet. It is probably the most natural language for non-programmers to learn and understand. It scales in difficulty with the problem you are trying to solve and is _much_ easier for non technical user than something like an ORM. That said, if your site allows arbitrary queries, sql injection is not your only problem. It is trivially easy to write a query that can DOS your server (with SQL access I could take any PostgreSQL server down in about 1 second)....so you need to think about how exactly who your are going to allow access to your database and how they can access it. merlin -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
