IDEA: TryQB Similar to TryCF, But for QB

I feel like it would be pretty sweet if there was a website similar to TryCF, but exclusive for QB. Often times when I’m writing queries with QB, I find I have to dump out the SQL to get things just right.

Would a QB sandbox like this be valuable? Assuming the answer is “yes”, how would one go about ensuring that the code generated by users in the sandbox is safe and limited to QB executions? Obviously running evaluate() on the user input isn’t enough. I am guessing some type of parsing/filtering would be mandatory for this use case.

Here’s how I would imagine the flow of the app:

1. User visits site (e,g. www.tryqb.io)
2. User types in their qb statement in an editor similar to tryCF:
   
   Note: The site would predefine a variable qb to be an instance of QueryBuilder
3. User submits form.
4. Server-side: Parses user qb statement
5. Server returns the result of qb.toSql()

I love it! The issue is how to populate and create the database and which vendor?

I don’t think we would need an actual database for TryQB because we only need to generate the SQL and spit it out on the screen through the preQBExecute interception method. Theoretically, it could be done in real-time while the user is typing. Here’s a rough mockup:

image828×268 14 KB

Users could switch between db vendors via a dropdown where they could select from a list of QB supported engines.

One thing I haven’t figured out is how to enforce security to ensure people aren’t executing malicious CFML in a sandbox like this. Do you know know how TryCF handles security?