These issues are often as the result of a WAF (web application firewall) or Apache mod_security, which is obviously external to Moodle. This software is looking for keywords such as SELECT, UPDATE, DELETE (and many other types of attack) which can be used by attackers, and when detected will block the request reaching the destination server.
Are you able to check with your IT department or server administrators to see if they have a system such as this in place? This is the most likely explanation for the problem IMO.