I have an ASP.NET 3.5 application that I want to allow the user to select a table and allow CRUD operations on that table. The user will be restricted to a number of tables to edit however the tables and even database won't be known until after deployment; the web.config will setup the connection and tables.
So I need to build a framework that will allow a generic table in a SQL database to be updated. Most of the ORMs I've seen require the schema to be known at compile time so I cannot use these. The best answer seems to be build the SQL query strings dynamically and use reg expressions to ensure valid input and protect against SQL injections. Is there a better way?