Set the Back end TO QUERY the DB, not write to it. The SQL statement does this. Use a SELECT statement.
If the platform you are using allows for account control, set the APP to a USER that only has READ ONLY access. Never allow the APP to connect on an account that has full.
Now, if the account is set to read, all the user can do is scrape the data out, and never can alter it.
What platform are you using already?