禁止使用JDBC进行所有删除/更新/插入?
[英]Disallow all delete/update/insert using JDBC?
问题描述
In one of my applications I am providing the users the ability to issue direct SQL queries against a database. 
在我的一个应用程序中,我为用户提供了对数据库发出直接SQL查询的能力。 They type the SQL text into a text box, then I run it exactly as is using JDBC. 他们将SQL文本键入文本框,然后我就像使用JDBC一样运行它。
Obviously I trust these users very much. 显然我非常信任这些用户。 But I would like to limit them programatically to issuing only SELECT statements. 但我想以编程方式将它们限制为仅发出SELECT语句。 They should never DELETE/UPDATE/INSERT. 它们永远不应该DELETE / UPDATE / INSERT。 I thought maybe JDBC itself could help me here. 我想也许JDBC本身可以帮助我。 I found the executeQuery() method in the java.sql.Statement class. 我在java.sql.Statement类中找到了executeQuery()方法。 But that method allows me to call DELETE (and maybe UPDATE and INSERT too). 但是这个方法允许我调用DELETE(也可能是UPDATE和INSERT)。 It does throw an Exception because no ResultSet is returned, but only after deleting the records. 它确实抛出一个Exception,因为没有返回ResultSet,只是在删除记录之后。
So, I ask here, is there any way in JDBC to make sure that a SQL statement is only performed if it is a query? 所以,我在这里问一下,JDBC中是否有任何方法可以确保仅在查询时才执行SQL语句? Or do I have to parse the statement myself and make sure it complies with my wishes? 或者我是否必须自己解析声明并确保它符合我的意愿?
1 个解决方案
解决方案1
4 已采纳 2012-06-14 10:45:36
我建议您使用缺少DELETE / UPDATE和INSERT权限的用户连接到DBMS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.