We are using friendly URLs. For example (from our logs):
52.167.144.231 - - [01/Oct/2023:17:37:41 -0400] "GET /ubbthreads/ubbthreads.php/topics/1517985/what-the-heck-do-i-have-canada.html HTTP/1.1" 200 10777 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/103.0.5060.134 Safari/537.36"
I prefer not to block IPs because attackers will change IPs when blocked.
My question was is there ever a legitimate reason to have a select in a query string? I would think not. But I wanted to verify with the developers. AFAIK you will only find select statements in the php files that do the processing of queries sent from a browser.