Limit to read only (no Insert, update, delete, create, etc)

Discussion of open issues, suggestions and bugs regarding ODAC (Oracle Data Access Components) for Delphi, C++Builder, Lazarus (and FPC)
Post Reply
DuckyDuck
Posts: 16
Joined: Mon 06 Apr 2009 07:58

Limit to read only (no Insert, update, delete, create, etc)

Post by DuckyDuck » Mon 06 Apr 2009 08:24

How can I make a TOraQuery be query only ?

I allow my user to type in some SQL, then copy it to the OraQuery.SQL and run it and show the results in a wwDBGrid

I want my user to only be able to run SELECT statements. How can I prevent them from running anything else (INSERT, UPDATE, DELETE, COMMIT, GRANTS, REVOKE, CREATE, DROP, PLSQL blocks etc)

Should I be using a different ODAC component instead of a TOraQuery ?

I have tried the following, but these settings seem to only limit data changes in the grid, and do not prevent the above

// prevent updates to database data
OraQuery1.ReadOnly := TRUE;
wwDataDBGrid.ReadOnly := TRUE;
OraSession1.AutoCommit := FALSE;
OraQuery1.AutoCommit := FALSE;

thanks
Top
Plash
Devart Team
Posts: 2844
Joined: Wed 10 May 2006 07:09

Post by Plash » Mon 06 Apr 2009 08:35

You should call the Prepare method of TOraQuery and check the SQLType property. It should be SQL_SELECT for a SELECT statement. This constant is declared in the OraCall unit.

Note: if SQL contains PL/SQL code, the Prepare method will execute it. So you should add a different check for PL/SQL.
Top
DuckyDuck
Posts: 16
Joined: Mon 06 Apr 2009 07:58

Post by DuckyDuck » Mon 06 Apr 2009 09:48

that worked, thanks
Top
Post Reply

Return to “Oracle Data Access Components”