I have query builder method like this:
public function export_excel($query)
{
return DB::select(DB::raw($query));
}
I want to execute select statements not insert or update statements
You can parse the $query checking for unwanted INSERT/UPDATE/etc. with a sql parser.
Pear: http://pear.php.net/package/SQL_Parser (still fairly new)
txtSQL: http://sourceforge.net/projects/txtsql
PHP-SQL-Parse: http://code.google.com/p/php-sql-parser/ (as mentioned by the OP). This seems to be the most robust of these three (certainly the best documented)
from sql-parser-in-php.
But as pointed from @AlonEitan Transaction and Rollback could do the the jobs, but cannot avoid CREATE or DROP (on MySQL).
May be exec that query using ReadOnly account can solve the problem with no risks/overhead-executions.