It's always a good idea to give your application's database login only the permissions it needs. If it doesn't need to do inserts or updates, don't give it insert or update permission.
However, attackers may still be able to exploit SQL injection vulnerabilities to read unauthorized data using select statements, so you still need to protect your queries against that.