If you're doing updates from the script this may not be able to happen, but its always a good idea to severly limit the privileges of the SQL user account that you are connecting to the DB with.

Basically if your script doesnt need a particular SQL privilege, dont give that privilege to the SQL user account that you're using.

I'm thinking in terms of MySQL, which has excellent user management, but your DB may be different, or if you dont get to admin that db, you may be SOL.

Also, NEVER, NEVER imbed queries in web pages, if this is a web interface, you're really asking for it there.