Skip to main content

is_read_only_sql

Function is_read_only_sql 

Source
pub fn is_read_only_sql(sql: &str) -> bool
Expand description

Returns true if a SQL statement is read-only: SELECT, WITH, EXPLAIN, SHOW, or VALUES. Anything else (CREATE, INSERT, UPDATE, DELETE, DROP, ALTER, COPY, …) is considered mutating.

The check is a simple prefix match after trimming and upper-casing the first Checks whether the first SQL keyword indicates a read-only statement.

Strips leading whitespace and SQL comments (line -- and block /* */) before inspecting the first alphabetic token. This prevents comment-based bypass of the read-only guard (e.g. /* harmless */ DROP TABLE ...).

Note: data-modifying CTEs (WITH x AS (DELETE ...) SELECT ...) still slip past this check. Hyper itself rejects such CTEs, so this is defense-in-depth rather than the sole security boundary.