SQLite query restrictions

Question

I am building a little interface where I would like users to be able to write out their entire sql statement and then see the data that is returned. However, I

Answer 1

1. Open the database as read only, to prevent any changes.
2. Many statements, such as PRAGMA or ATTACH, can be dangerous. Use an authorizer callback (C docs) to allow only SELECTs.
3. Queries can run for a long time, or generate a large amount of data. Use a progress handler to abort queries that run for too long.