Personally, I find the query module one of the most versatile and useful ones to ship with EE. Is there a particular reason why only “SELECT” statements are processed, though? I recently had a situation where I needed an UPDATE statement, and had to resort to PHP.

We can, I think, safely assume that only moderately advanced users are using the query module anyway, so why not allow the full spectrum of SQL syntax? Because sometimes, you know, I like to be able to shoot myself in the foot

EE with its Superadmin concept is very similar to the UNIX “root” thing anyway, and assumes at least to some degree that users know what they are doing. So, unless there is some technical reason, please consider adding DELETE, INSERT and UPDATE statements to the query module.

I think the main purpose of said module is to allow developers to create their own repeatable output, which update/insert/delete etc.. do not return.  Perhaps you could write a simple module to take queries such as those you wish to execute. It would certainly be more optimised for such a task, since it needn’t worry about output.

Yes, that is probably an option, but the query module has everything I need, really. Of course I am not talking about one time queries, they would be performed every time a particular template is loaded.

I couldn’t agree more. Sometimes writing a module/plugin for something just isn’t in the cards. I really want to be able to DELETE right now actually, which is why I’m here, and now realize I must resort to PHP. Ho hum.

So yeah, one more big vote for allowing all queries! :D

This is a general security issue.  Anyone with access to editing a template can use the Query module, but you can control whether or not someone has access to a PHP enabled template.

Couldn’t someone with access to editing a template also enable PHP and run their query in that (the long way)?

wondermonkey - 07 September 2007 10:17 AM

Couldn’t someone with access to editing a template also enable PHP and run their query in that (the long way)?

Only if they also have the privilege “Can administrate template groups and templates” enabled.