You can create two diferent users on the database. One with only read rights and another with delete and add records. Use a connection with the user for read only and use this connection to execute from the textbox entered for user. Of course it's a good idea also to parse the text and check if it starts with "SELECT " as I pointed before.
Regards.