The easiest way would be to create an upload directory, read the file contents and follow the instructions.
.sql files contain a query on a single line of instruction. file() is a good option to use if you create a temporary file for it. Otherwise, you would need to create an array out of your temporary data by exploding it on each newline.
From that point, running a query would be a cinch. The trickier part will be to impliment some sort of security and control to it.
Will this be enough to help, or would you like a quick example?
Sorry, I lied. It appears not all queries are stored on newlines, create table for instance is on multiple lines.
I'll look into it a little more for the best route. Worse come to worse, use xml.