Sign Up

Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.

Sign In

Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

You must login to ask a question.

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

Search

Ask A Question

0

Editorial Team

Asked: May 11, 20262026-05-11T16:56:04+00:00 2026-05-11T16:56:04+00:00

For example I’ve often wanted to search stackoverflow with SELECT whatever FROM questions WHERE

0

For example I’ve often wanted to search stackoverflow with

SELECT whatever FROM questions WHERE
   views * N + votes * M > answers AND NOT(answered) ORDER BY views;

or something like that.

Is there any reasonable way to allow users to use SQL as a search/filter language?

I see a few problems with it:

Accessing/changing stuff (a carefully setup user account should fix that)
SQL injection (given the previous the worst they should be able to do is get back junk and crash there session).
DOS attacks with pathological queries
What indexes do you give them?

Edit: I’d like to allow joins and what not as well.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team
2026-05-11T16:56:04+00:00Added an answer on May 11, 2026 at 4:56 pm
Accessing/changing stuff
No problem, just run the query with a crippled user, with permissions only to select

SQL injection
Just sanitize the query

DOS attacks
Time-out the query and throttle the access by IP. I guess you can also throttle the CPU usage in some servers
0

Reply

Share
Share

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on WhatsApp

Report