• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Parse SQL Statement and reconstructing after modifications using java

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does anyone know how to parse SQL statements, and again build in back using Java? This is required because I would need to add extra columns to WHERE clause based on the some conditions. FOr example, based on the Logon user, I would need to decide whether the user is restricted to see the records like it is restricted outside USA.
 
Saloon Keeper
Posts: 5581
144
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where do those SQL statements come from? Can't you just not create them until you know all the facts? You should generally use PreparedStatements anyway, and not create SQL strings from scratch.
 
Arulprakasam Narasimhan
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
These SQLs are dynamically typed by business users in UI and before it is executed I need to capture, check for security restrictions based on the logon user and edit or add where clause if needed.
 
Saloon Keeper
Posts: 2619
329
Android Eclipse IDE Angular Framework MySQL Database TypeScript Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rather than allowing the users query the tables directly and then trying to filter-out what they they are not permitted to access, try creating a collection of views for each  of the user roles, and let the views constrain what the role can access.
 
Bartender
Posts: 20842
125
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Arulprakasam Narasimhan wrote:These SQLs are dynamically typed by business users in UI and before it is executed I need to capture, check for security restrictions based on the logon user and edit or add where clause if needed.



This is a recipe for disaster. It would be a full-time job just chasing down and closing loopholes.

SQL is fairly easy to parse and you can use compiler-compiler tools like antlr to do that, but, as I said, the real issue isn't so much parsing as it is in anticipating and handling all the "gotcha's". Users can do horrible things with even the most basic SQL statements whether they intended to or not.

More likely what you really need is some sort of Business Intelligence tool that can build and run the SQL for them and return results in a format that's friendlier to their needs. There are plenty of those around.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!