Alternatives to such a poweruser interface are, you make use of parameterized views and let the user enter parameter values. Or even make use of macrosubstitution and use that eg in a where clause or in the field list.
SELECT &lcFields FROM sometable WHERE &lcWhere
You can use macrosubstitution anywhere, you can even do &lcSQL with a user entered SQL string, as long as you can trust the user's input.
If going that route, you would at least ensure the command has no syntax error and better yet, it's not an sql injection, that is a command that will do something else but sql, eg cause an error enabling debugging, decompiling, stealing data, destroying data.
If you are the user, you can trust the entered sql like you can trust any code of yours, of course <s>.
Bye, Olaf.