The solution depends on how much flexibility you want to provide the user. If you want to allow the user to enter all of the SQL after the WHERE clause then you could use dynamic SQL in an EAB or inline code. The SELECT columns can be bound to entity action views so that you can place the returned data into your export view and you could create the SQL text from a combination of a hardcoded SELECT (columns) and FROM (tables) with a user entered WHERE clause. The EAB/inline code would then run the dynamic SQL and trap any incorrect syntax entered by the user. This option would require the user to have a good knowledge of SQL and the table structure.
An alternative would be where you provide a form that allows them to select columns, operators (=, <, >, etc) and values and then you build the sql in your logic from the choices made by the user. This would be less flexible and more effort to develop but would allow you to constrain the user to sensible choices and not require them to have the detailed knowledge of the first option.