SQL Keyword List function 1

[MagicFrisbee]

Is there a function I can call which will return a Boolean indicating if the given parameter is an SQL keyword? Something like:

if IsSQLKeyword( 'SELECT' ) then
...

"Roj"

GIS Programmer
City of Orem, UT

http://gis.orem.org

 

[MagicFrisbee]

I forgot to mention. The backend database is an AS/400 which is being accessed through Delphi's BDE. So I guess I'm merely asking for BDE SQL conflicts.

GIS Programmer
City of Orem, UT

http://gis.orem.org

 

[lespaul]

As long as you use SQL/400 syntax there shouldn't be any problems....are the users building the query dynamically? Why wouldn't you know if the SQL is valid?

I use the BDE to access AS400 data all the time and have never had any issues. But like I said, it has to be SQL/400 compliant. For example, in MS Access to parse a string you can use the MID function. In SQL/400 you have to use the SUBSTRING function. To concatenate in Access it's '&' (or sometimes '+') in SQL/400 it's '||'.

We have the SQL/400 Developer Guide and while it has some information that is only relevant to RPG programming, it also contains all the valid SQL for the 400.

You can also look at the IBM Redbooks, there may be one specifically for SQL, I'm not positive. I use the Stored Procedures & Trigger RedBook all the time and find it extremely helpful (they are available as PDFs from the IBM website).

HTH

Leslie

Anything worth doing is a lot more difficult than it's worth - Unknown Induhvidual

Essential reading for database developers:
The Fundamentals of Relational Database Design
Understanding SQL Joins

 

[MagicFrisbee]

lespaul,

Thanks for the response, but I asked a short question because I didn't want to go into all the details. I was hoping there was a short answer out there.

What I'm doing is creating a kind of metadata database on the AS/400, without the AS/400 having to know what metadata is. Users can define their own fields for objects, then query the database for objects with certain field values. The fields themselves won't be AS/400 fields--they will be rows of data in a table.

They will perform these metatdata queries via SQL. But my program will see the SQL before the AS/400 does. I will substitute field names for other secret internal words, but I don't want to substitute actual SQL keywords. Therefore, I want to prevent users from even creating field names that match SQL keywords.

Therefore, I don't think the AS/400 keywords would get in the way at all. I just have to worry about the BDE's SQL parser. So can I easily see if a given string is an SQL word?

GIS Programmer
City of Orem, UT

http://gis.orem.org

 

[wizzor]

This would also be useful in preventing SQL injection... One option would be to put all SQL keywords in an array and make a string comparison to every word, but as usual I hardly think that would be the easiest way to go...

 

[MagicFrisbee]

Well, if it was a StringList, you'd just call IndexOf. If the result is > -1 then you've hit a keyword.

Well, I'll probably just make my own list then and go with that. It'll be limited to whatever words I find in the BDE localsql help file.

Thanks everyone!

GIS Programmer
City of Orem, UT

http://gis.orem.org