# SQL Best Practices Rasgo transforms are templated SQL statements that run directly against your DataWarehouse. They should be simple SELECT statements that return data. Transforms can be chained together to build a CTE or executed as a standalone query. Here are some guidelines to help you build safe transforms and troubleshoot error messages. ### Enforced Guidelines **Transforms must start with the SQL keyword `SELECT` or `WITH`.** At the time of publishing Rasgo does not support starting transforms with comments. We encourage you to add these to the transform's metadata or further down in your SQL statement. **Transforms cannot contain a semicolon (`;`) anywhere in their SQL text.** Transforms should not be multi-statement SQL strings. If you need to run multiple queries to return data, we encourage you split your SQL into multiple transforms or use a CTE to run them in a single transform. This rule also flags semicolons in comments. **Transforms cannot contain patterns that pose a high SQL injection risk.** Basic examples: * DML or DDL keywords * premature string or comment closures * presence of EXECUTE IMMEDIATE command These patterns may include unpublished examples and will expand over time. If you run into an error message you do not understand, please contract Rasgo for better guidance on why your SQL was flagged as risky. {% hint style="warning" %} Running SQL against your DataWarehouse comes with inherent risks. Rasgo will take reasonable precautions to identify and block obviously malicious and unintentionally dangerous patterns. A critical part of any company's data security strategy should be an access control policy that prevents users and tools from performing unintended actions. **Rasgo encourages security teams to grant only the privileges and roles to Rasgo users that align with their data security policies as a first line of defense.** {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rasgoml.com/rasgo-docs/rasgo-0.1/overview/user-defined-transforms/sql-best-practices.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.