| 65 | } |
| 66 | |
| 67 | export function validateQuery(query: string): { isValid: boolean; error?: string } { |
| 68 | const trimmedQuery = query.trim().toLowerCase() |
| 69 | |
| 70 | const allowedStatements = /^(select|insert|update|delete|with|show|describe|explain)\s+/i |
| 71 | if (!allowedStatements.test(trimmedQuery)) { |
| 72 | return { |
| 73 | isValid: false, |
| 74 | error: |
| 75 | 'Only SELECT, INSERT, UPDATE, DELETE, WITH, SHOW, DESCRIBE, and EXPLAIN statements are allowed', |
| 76 | } |
| 77 | } |
| 78 | |
| 79 | return { isValid: true } |
| 80 | } |
| 81 | |
| 82 | export function buildInsertQuery(table: string, data: Record<string, unknown>) { |
| 83 | const sanitizedTable = sanitizeIdentifier(table) |