| 48 | } |
| 49 | |
| 50 | export function validateQuery(query: string): { isValid: boolean; error?: string } { |
| 51 | const trimmedQuery = query.trim().toLowerCase() |
| 52 | |
| 53 | const allowedStatements = /^(select|insert|update|delete|with|explain|analyze|show)\s+/i |
| 54 | if (!allowedStatements.test(trimmedQuery)) { |
| 55 | return { |
| 56 | isValid: false, |
| 57 | error: |
| 58 | 'Only SELECT, INSERT, UPDATE, DELETE, WITH, EXPLAIN, ANALYZE, and SHOW statements are allowed', |
| 59 | } |
| 60 | } |
| 61 | |
| 62 | return { isValid: true } |
| 63 | } |
| 64 | |
| 65 | export function sanitizeIdentifier(identifier: string): string { |
| 66 | if (identifier.includes('.')) { |