Arulprakasam Narasimhan wrote:These SQLs are dynamically typed by business users in UI and before it is executed I need to capture, check for security restrictions based on the logon user and edit or add where clause if needed.
This is a recipe for disaster. It would be a full-time job just chasing down and closing loopholes.
SQL is fairly easy to parse and you can use compiler-compiler tools like antlr to do that, but, as I said, the real issue isn't so much parsing as it is in anticipating and handling all the "gotcha's". Users can do horrible things with even the most basic SQL statements whether they intended to or not.
More likely what you really need is some sort of Business Intelligence tool that can build and run the SQL for them and return results in a format that's friendlier to their needs. There are plenty of those around.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.