I am creating a database application that provides dynamic views of any database. For

Question

0

Asked: June 10, 20262026-06-10T15:15:50+00:00 2026-06-10T15:15:50+00:00

I am creating a database application that provides dynamic views of any database. For

0

I am creating a database application that provides dynamic views of any database. For security features, I want to only allow selects. Can this simply be done by checking if the first word is select? I know that I should have another created user with limited permissions but I am trying to avoid that so that my app is easy to use.

Basically, can someone give me an example query of where SELECT is the first word but the data can actually be altered?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-10T15:15:51+00:00

Here’s an example of a SELECT statement that can modify data (it’s an obscure corner case, but it demonstrates that it IS possible to cause data to be modified with a SELECT)

SELECT udf_myfunction()

Given, e.g.:

CREATE FUNCTION udf_myfunction() RETURNS INT
READS SQL DATA
BEGIN
   DELETE FROM dummy_table1;
   UPDATE dummy_table2 SET mycol = CONCAT(mycol,SUBSTR(mycol,1,1));
   RETURN 0;
END

(Of course, the user would need to be granted EXECUTE privilege on the function, in order for the function to be executed.)

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am creating a database application that provides dynamic views of any database. For

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply