> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qwedai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SQL engine

> QWED's SQL Engine validates queries for injection attacks, destructive operations, schema compliance, and syntax errors before execution in production.

SQL query validation and injection detection.

## Overview

The SQL Engine validates queries for:

* SQL injection patterns
* Destructive operations
* Schema compliance
* Syntax correctness

## Usage

```python theme={null}
result = client.verify_sql(
    query="SELECT * FROM users WHERE id = 1",
    schema="CREATE TABLE users (id INT, name TEXT)"
)
print(result.verified)  # True
```

## Injection detection

```python theme={null}
# SQL injection pattern
result = client.verify_sql("SELECT * FROM users; DROP TABLE users; --")
print(result.status)  # "BLOCKED"
print(result.vulnerabilities)
# [{"type": "injection", "message": "Chained DROP statement"}]
```

## Detected patterns

| Pattern           | Risk     | Example        |
| ----------------- | -------- | -------------- |
| Comment injection | Critical | `; --`         |
| OR injection      | Critical | `' OR '1'='1`  |
| UNION injection   | Critical | `UNION SELECT` |
| Chained DROP      | Critical | `; DROP TABLE` |

## Destructive operations

```python theme={null}
# Destructive query
result = client.verify_sql("DELETE FROM users")
print(result.status)  # "FAILED"
print(result.vulnerabilities)
# [{"type": "destructive_delete", "severity": "high"}]
```

| Operation | Severity |
| --------- | -------- |
| DROP      | Critical |
| DELETE    | High     |
| TRUNCATE  | High     |
| UPDATE    | High     |
| INSERT    | High     |
| ALTER     | High     |
| CREATE    | High     |
| MERGE     | High     |

### Administrative commands

The SQL engine also blocks administrative SQL commands by default:

| Command     | Risk     |
| ----------- | -------- |
| GRANT       | Critical |
| REVOKE      | Critical |
| SET         | Medium   |
| TRANSACTION | Medium   |

## Supported dialects

* PostgreSQL
* MySQL
* SQLite
* SQL Server
* BigQuery

```python theme={null}
result = client.verify_sql(query, schema, dialect="postgresql")
```