Timeline for Can I get information about an SQL SELECT query (such as the tables it accesses) using C#?
Current License: CC BY-SA 3.0
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 2, 2018 at 21:24 | audit | Suggested edits | |||
| Apr 2, 2018 at 21:26 | |||||
| Mar 13, 2018 at 10:06 | comment | added | Flater | Can you explain why these limitations need to be applied in the first place? It feels like an XY problem. It seems inefficient (from a coding perspective) to want to parse and inspect every SQL query, because it's so easy to go around your rules. E.g. suppose you do hide column 1 from table X when it is joined to table Y. What's stopping them from launching a second query that retrieves table X (with column 1) and join that to their initial result? A clever querier can get around your rules. This simply causes them to launch more queries to find and piece together all hidden fragments. | |
| Mar 11, 2018 at 13:34 | answer | added | YSharp | timeline score: 1 | |
| Mar 7, 2018 at 18:19 | comment | added | Jon Raynor | You can use the information schema to get details on the database if you have permission. docs.microsoft.com/en-us/sql/relational-databases/… | |
| Mar 7, 2018 at 7:56 | comment | added | Laiv | I wonder if you can get the explain plan of the TSQL before its execution. Does SQL server allow you get the Explain Plan of T-SQL? | |
| Mar 7, 2018 at 0:08 | comment | added | NoChance | This tool may help (if it can be called form code): [sqlparser.com/] You may talk to the author(s) to help. Also, if you are using SQL Server, see this: codetype.wordpress.com/2012/11/01/… | |
| Mar 6, 2018 at 18:15 | comment | added | candied_orange | Rather then let the user type up the SQL string why not offer them a query builder that knows these rules? | |
| Mar 6, 2018 at 17:00 | comment | added | paparazzo | Parse SQL is a little past regex | |
| Mar 6, 2018 at 15:49 | comment | added | Robert Harvey | Certain combinations should not be permitted, e.g. column 1 from table X should not be returned if table Y is joined on table X. A simpler example might be "Never include data from table Z" -- Why aren't these combinations coded into the database as constraints and triggers? Or, a better question, why are these combinations not allowed? | |
| Mar 6, 2018 at 15:20 | review | Close votes | |||
| Mar 14, 2018 at 19:19 | |||||
| Mar 6, 2018 at 15:07 | comment | added | πάντα ῥεῖ | Maybe this helps: stackoverflow.com/questions/589096/parsing-sql-code-in-c-sharp | |
| Mar 6, 2018 at 15:06 | comment | added | JᴀʏMᴇᴇ | I cannot edit the database in any way. that's really unfortunate, the database is where you'd typically implement permissions like this. I'm very interested in your requirements, sounds like a weird solution. Out of curiosity, what is it all about? | |
| Mar 6, 2018 at 15:02 | history | asked | mark_h | CC BY-SA 3.0 |