It's probably possible if you give users direct access to the SQL CLI prompt, but that's a very bad idea. What are you trying to accomplish, specifically? You should always take in input, make sure to sanitize it, and only then incorporate it into the SQL command and run that.
<a href="http://xkcd.com/327/">xkcd</a> has a humorous but real example of the huge security problems you introduce by not properly sanitizing input.
Last Wiki Answer Submitted: March 25, 2009 3:21 pm by YuvalShavit905 pts.