Hi guys...I am working on a project that involves SQL interaction with a database - mainly using SELECT statements, few JOINS etc.
Before an SQL statement is executed I would like to test it for content. I have seen this done before at an old job, but was unable to save the code. It prevented the user from executing any statement containing a list of commands, but I am not sure how implement it :
SQLString = "SELECT * FROM Customer"
If SQLString LIKE "CREATE,DELETE,ALTER,INSERT,UPDATE" Then SQLString = ""
Obviously this LIKE string is not correct, just showing the intention. I have seen it on a one liner.