1. You should know what kind of query is being run, you should not ever be arbitrarily running whatever kind of query is being passed.
2. even if you explode on SQL keywords, that does not guarantee that you'll correctly identify the intent of the query. SQL allows sub queries, unions, etc that all allow the writer of a query to pass multiple directives within the same query. (see #1)