there will be a lot of people using the site so I dont want to give permissions out, i was thinking more along the lines of checking the string to make sure it begins with 'SELECT', is this possible? "Richard Hutchins" <Richard.Hutchins@Getingeusa.com> wrote in message 1EA7D3AE70ACD511BE6D006097A78C1E033C8C57@USROCEXC">news:1EA7D3AE70ACD511BE6D006097A78C1E033C8C57@USROCEXC... > You'd have to check out the user manual for your specific "flavor" of > database and figure out how to set permissions for a given user. Once you > find that, you probably want to grant something like UPDATE and SELECT > privileges as a minimum, but that's your decision (and somewhat database > dependent). > > If you're using MySQL, check out the MySQL Database Administration section. > It's not too difficult once you figure it out. Just remember to FLUSH > PRIVILEGES when you're done (for MySQL). > > Hope this helps. > > > -----Original Message----- > > From: shaun [mailto:shaun@mania.plus.com] > > Sent: Tuesday, April 15, 2003 10:23 AM > > To: php-db@lists.php.net > > Subject: Entering a query > > > > > > Hi, > > > > I have a form on my page that lets a user enter a query to > > the database, how > > can I ensure that the user only enters 'SELECT' statements > > and therefore > > doesn't drop the whole database or do anything else malicious? > > > > Thanks for your help > > > > > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
