How to prevent Sql-Injection on User-Generated Sql Queries

Question

I have a project (private, ASP.net website, password protected with https) where one of the requirements is that the user be able to enter Sql queries that will directly query t

Answer 1

what about this stuff, just imagine the select is an EXEC

select convert(varchar(50),0x64726F70207461626C652061)