OK, you can do this but I'm going to want you to read to the end before you do. First, how to do it: I wrote an article a while ago that dealt with how to write T-SQL. I wrote a simple application that took the SQL text you put into the box and it ran it against the database. You can get the source for the application, as well as see a working example here:
SQL for Developers: Basic Data Retrieval[
^]
Note that this isn't what the article is about, but there is a working example of what you want to do. The code will be basically the same for ASP.NET (right now it is just a WinForms app). That will get you through the "how" of doing this. Now for a short speech:
I would
HIGHLY recommend against doing this. This is a bad idea. If your users can run SQL statements, then they can do things like dropping the table or reading other information that you weren't expecting them to do or executing scripts against the database. Please, please, please don't do this. Figure out a better way to accomplish what you want to do. If you do this, I can almost guarantee you will regret it down the road. Even if you lock down the user account it is running under and only give access to certain employees to run this, at some point someone will make a mistake and someone else will exploit it (intentionally or unintentionally).