I just got hand over with hundreds of SQL views, stored procedures and functions
I like to see data visually to better understand what the object does.
Can I assume if I run a select statement and execute the query - there is no chance that it modifies record/data?
I am just worry that there are some SQL tricks that can updates data via select statement.
Anything to watch out for inside the select? Any tips or keyword that I have to look out for?
A normal, basic
SELECT does not modify data. However, there are a few things you should keep an eye out for.
If the code uses dynamic SQL to build a SELECT statement, you must worry about a SQL injection attack. Unless you are careful about parameterizing dynamic SQL, an attacker can do pretty much anything that the current login can do. For example,
DROP DATABASE, etc. See the linked article on Wikipedia.