Skip to main content
BuyLog In
Cross-Platform Class Library
Search in…
Docs > API Reference > DevExpress.DataAccess.Sql > SqlDataSource > Properties > AllowCustomSqlQueries
All docs
V25.1
    • Cross-Platform Core Libraries
    Core Library Assemblies
    AI Integration
    DevExpress Data Library
    DevExpress.Drawing Graphics Library
    DevExpress Pivot Grid Core Library
    Miscellaneous
    API Reference
    DevExpress.AIIntegration
    DevExpress.AIIntegration.Extensions
    DevExpress.AIIntegration.Localization
    DevExpress.AIIntegration.OpenAI.Services
    DevExpress.AIIntegration.Services.Assistant
    DevExpress.AIIntegration.Services.Chat
    DevExpress.Charts.Heatmap
    DevExpress.Charts.Sankey
    DevExpress.DashboardCommon
    DevExpress.DashboardCommon.Diagnostics
    DevExpress.DashboardWeb
    DevExpress.Data
    DevExpress.Data.Browsing
    DevExpress.Data.Camera
    DevExpress.Data.Controls
    DevExpress.Data.Controls.ExpressionEditor
    DevExpress.Data.Entity
    DevExpress.Data.Filtering
    DevExpress.Data.Filtering.Exceptions
    DevExpress.Data.Filtering.Helpers
    DevExpress.Data.Linq
    DevExpress.Data.Mask
    DevExpress.Data.ODataLinq
    DevExpress.Data.PivotGrid
    DevExpress.Data.PLinq
    DevExpress.Data.TreeList
    DevExpress.Data.Utils
    DevExpress.Data.Utils.Security
    DevExpress.Data.Utils.ServiceModel
    DevExpress.Data.WcfLinq
    DevExpress.Data.WizardFramework
    DevExpress.Data.XtraReports.DataProviders
    DevExpress.DataAccess
    DevExpress.DataAccess.ConnectionParameters
    DevExpress.DataAccess.DataFederation
    DevExpress.DataAccess.EntityFramework
    DevExpress.DataAccess.Excel
    DevExpress.DataAccess.ExpressionEditor
    DevExpress.DataAccess.Json
    DevExpress.DataAccess.Localization
    DevExpress.DataAccess.MongoDB
    DevExpress.DataAccess.ObjectBinding
    DevExpress.DataAccess.Sql
    AggregateQueryInvalidSortingValidationException
    AggregationType
    AggregationWithoutAliasValidationException
    AliasedBase
    AllColumns
    BeforeLoadProviderCustomAssemblyEventArgs
    BeforeLoadProviderCustomAssemblyEventHandler
    CircularRelationsValidationException
    Column
    ColumnBase
    ColumnExpression
    ColumnNotInSchemaValidationException
    ColumnNullValidationException
    ConditionType
    ConfigureDataConnectionEventArgs
    ConfigureDataConnectionEventHandler
    ConnectionErrorEventArgs
    ConnectionErrorEventHandler
    ConnectionOptions
    CustomExpression
    CustomExpressionWithAmbiguousColumnValidationException
    CustomExpressionWithColumnOfMissingTableValidationException
    CustomExpressionWithMissingInSchemaColumnValidationException
    CustomizeFilterExpressionEventArgs
    CustomizeFilterExpressionEventHandler
    CustomSqlQuery
    CustomSqlQueryValidationException
    DatabaseConnectionException
    DBSchema
    DBSchemaProviderEx
    DuplicatingColumnNamesValidationException
    DuplicatingTableNamesValidationException
    ExpressionBase
    ExpressionNullValidationException
    ExpressionStringNullValidationException
    FilterByAmbiguousColumnValidationException
    FilterByColumnOfMissingTableValidationException
    FilterByMissingInSchemaColumnValidationException
    Group
    GroupByAggregateColumnValidationException
    GroupByWithoutAggregateValidationException
    GroupNullValidationException
    HavingWithoutGroupByValidationException
    IDBCommandInterceptor
    IDBConnectionInterceptor
    IDBSchemaProviderEx
    IncompleteRelationValidationException
    InvalidExpressionStringValidationException
    IResultSchemaProvider
    Join
    MasterDetailInfo
    MasterDetailInfoCollection
    NegativeTopSkipValidationException
    NoColumnsValidationException
    NoRelationColumnsValidationException
    NoTablesValidationException
    PartialAggregationValidationException
    ProviderCustomAssemblyLoadingProhibitedException
    QueryExecutionException
    QueryParameter
    RecordsCount
    RelationColumnInfo
    RelationColumnNotInSchemaValidationException
    RelationColumnNullValidationException
    RelationException
    RelationNullValidationException
    RelationTableNotSelectedValidationException
    ResultSchemaProvider
    SelectQuery
    SelectQueryFluentBuilder
    SkipWithoutSortingValidationException
    SortByAggregateColumnValidationException
    Sorting
    SortingBySameColumnTwiceValidationException
    SortingNullValidationException
    SqlDataConnection
    SqlDataSource
    Members
    Constructors
    Fields
    Properties
    AllowCustomSqlQueries
    Connection
    ConnectionName
    ConnectionOptions
    ConnectionParameters
    DBSchema
    DisableCustomQueryValidation
    Queries
    Relations
    Result
    Methods
    Events
    SqlIsolationLevel
    SqlJoinType
    SqlQuery
    SqlQueryCollection
    SqlStringEmptyValidationException
    StoredProcNameNullValidationException
    StoredProcNotInSchemaValidationException
    StoredProcParamCountValidationException
    StoredProcParamNameValidationException
    StoredProcParamNullValidationException
    StoredProcParamTypeValidationException
    StoredProcQuery
    Table
    TableNotInSchemaValidationException
    TableNotSelectedValidationException
    TableNullValidationException
    TablesNotRelatedValidationException
    UnnamedColumnValidationException
    UnnamedTableValidationException
    ValidationException
    DevExpress.DataAccess.Sql.DataApi
    DevExpress.DataAccess.UI.Localization
    DevExpress.DataAccess.Web
    DevExpress.DataAccess.Web.QueryBuilder
    DevExpress.DataAccess.Web.QueryBuilder.DataContracts
    DevExpress.DataAccess.Wizard
    DevExpress.DataAccess.Wizard.Model
    DevExpress.DataAccess.Wizard.Presenters
    DevExpress.DataAccess.Wizard.Services
    DevExpress.DataAccess.Wizard.Views
    DevExpress.DataProcessing.Criteria
    DevExpress.Diagram.Core
    DevExpress.Diagram.Core.Layout
    DevExpress.Diagram.Core.Localization
    DevExpress.Diagram.Core.Native
    DevExpress.Diagram.Core.Serialization
    DevExpress.Diagram.Core.Shapes
    DevExpress.Diagram.Core.Themes
    DevExpress.DocumentServices.ServiceModel
    DevExpress.DocumentServices.ServiceModel.Client
    DevExpress.DocumentServices.ServiceModel.DataContracts
    DevExpress.DocumentView
    DevExpress.Drawing
    DevExpress.Drawing.Extensions
    DevExpress.Drawing.Printing
    DevExpress.Entity.Model
    DevExpress.Entity.ProjectModel
    DevExpress.Export
    DevExpress.Export.Xl
    DevExpress.Map
    DevExpress.Mvvm
    DevExpress.Mvvm.DataAnnotations
    DevExpress.Mvvm.DataModel
    DevExpress.Mvvm.Gantt
    DevExpress.Mvvm.ModuleInjection
    DevExpress.Mvvm.UI
    DevExpress.Mvvm.Utils
    DevExpress.Mvvm.ViewModel
    DevExpress.Mvvm.Xpf
    DevExpress.Office.Crypto
    DevExpress.PivotGrid.Criteria
    DevExpress.PivotGrid.DataBinding
    DevExpress.PivotGrid.Printing
    DevExpress.Printing
    DevExpress.Printing.ExportHelpers
    DevExpress.ReportServer.Printing
    DevExpress.ReportServer.Printing.Services
    DevExpress.ReportServer.ServiceModel.Client
    DevExpress.ReportServer.ServiceModel.ConnectionProviders
    DevExpress.ReportServer.ServiceModel.DataContracts
    DevExpress.Schedule
    DevExpress.Security.Resources
    DevExpress.Services
    DevExpress.Sparkline
    DevExpress.TreeMap
    DevExpress.Utils
    DevExpress.Utils.Commands
    DevExpress.Utils.Controls
    DevExpress.Utils.Filtering
    DevExpress.Utils.Filtering.Internal
    DevExpress.Utils.Html
    DevExpress.Utils.IoC
    DevExpress.Utils.Localization
    DevExpress.Utils.Serializing
    DevExpress.Utils.Serializing.Helpers
    DevExpress.Utils.Svg
    DevExpress.WebUtils
    DevExpress.Xpf.Core
    DevExpress.Xpf.Data
    DevExpress.Xpf.Printing
    DevExpress.Xpo
    DevExpress.Xpo.DB
    DevExpress.Xpo.DB.Exceptions
    DevExpress.Xpo.DB.Helpers
    DevExpress.Xpo.Helpers
    DevExpress.XtraCharts
    DevExpress.XtraCharts.Heatmap
    DevExpress.XtraCharts.Heatmap.Printing
    DevExpress.XtraCharts.Localization
    DevExpress.XtraCharts.Printing
    DevExpress.XtraCharts.Sankey
    DevExpress.XtraCharts.Sankey.Printing
    DevExpress.XtraEditors
    DevExpress.XtraEditors.DXErrorProvider
    DevExpress.XtraEditors.Filtering
    DevExpress.XtraExport.Csv
    DevExpress.XtraGauges.Base
    DevExpress.XtraGauges.Core
    DevExpress.XtraGauges.Core.Base
    DevExpress.XtraGauges.Core.Drawing
    DevExpress.XtraGauges.Core.Localization
    DevExpress.XtraGauges.Core.Model
    DevExpress.XtraGauges.Core.Primitive
    DevExpress.XtraGrid
    DevExpress.XtraPivotGrid
    DevExpress.XtraPivotGrid.Customization
    DevExpress.XtraPivotGrid.Data
    DevExpress.XtraPivotGrid.Localization
    DevExpress.XtraPivotGrid.Selection
    DevExpress.XtraPrinting
    DevExpress.XtraPrinting.BarCode
    DevExpress.XtraPrinting.BarCode.EPC
    DevExpress.XtraPrinting.Caching
    DevExpress.XtraPrinting.DataNodes
    DevExpress.XtraPrinting.Drawing
    DevExpress.XtraPrinting.Export
    DevExpress.XtraPrinting.Export.Web
    DevExpress.XtraPrinting.Localization
    DevExpress.XtraPrinting.Native
    DevExpress.XtraPrinting.Shape
    DevExpress.XtraPrinting.Shape.Native
    DevExpress.XtraPrinting.WebClientUIControl.DataContracts
    DevExpress.XtraPrintingLinks
    DevExpress.XtraReports
    DevExpress.XtraReports.Configuration
    DevExpress.XtraReports.Design
    DevExpress.XtraReports.Expressions
    DevExpress.XtraReports.Expressions.Native
    DevExpress.XtraReports.Parameters
    DevExpress.XtraReports.Parameters.ViewModels
    DevExpress.XtraReports.ReportGeneration
    DevExpress.XtraReports.UI
    DevExpress.XtraReports.Web.ReportDesigner
    DevExpress.XtraReports.Web.ReportDesigner.DataContracts
    DevExpress.XtraReports.Web.WebDocumentViewer
    DevExpress.XtraReports.Web.WebDocumentViewer.DataContracts
    DevExpress.XtraScheduler
    DevExpress.XtraScheduler.Compatibility
    DevExpress.XtraScheduler.Drawing
    DevExpress.XtraScheduler.Exchange
    DevExpress.XtraScheduler.iCalendar
    DevExpress.XtraScheduler.iCalendar.Components
    DevExpress.XtraScheduler.Localization
    DevExpress.XtraScheduler.Native
    DevExpress.XtraScheduler.Outlook
    DevExpress.XtraScheduler.Outlook.Interop
    DevExpress.XtraScheduler.Reporting
    DevExpress.XtraScheduler.Services
    DevExpress.XtraScheduler.Services.Implementation
    DevExpress.XtraScheduler.Tools
    DevExpress.XtraScheduler.UI
    DevExpress.XtraScheduler.Xml
    DevExpress.XtraSpellChecker
    DevExpress.XtraSpellChecker.Rules
    Download CHM

    SqlDataSource.AllowCustomSqlQueries Property

    Specifies whether a user can add custom SQL queries to fill the SqlDataSource.

    Namespace: DevExpress.DataAccess.Sql

    Assembly: DevExpress.DataAccess.v25.1.dll

    NuGet Package: DevExpress.DataAccess

    Declaration

    [Browsable(false)]
public static bool AllowCustomSqlQueries { get; set; }

    Property Value

    Type Description
    Boolean

    true, to allow users to specify custom SQL for the SqlDataSource; otherwise, false.

    The default is true.

    Remarks

    When the AllowCustomSqlQueries property is set to false, the SqlDataSource cannot be filled with data using custom SQL queries. In this case, custom SQL queries are skipped when calling the SqlDataSource.Fill or SqlDataSource.RebuildResultSchema methods.

    When you set the AllowCustomSqlQueries property to true, you can build and execute custom SQL queries to fill the SqlDataSource with data. In this case, the standard validation mechanism is used to validate custom SQL queries before execution.

    Important

    The use of custom SQL queries can lead to inadvertent or unauthorized modifications to your data/database structure. Although the default validation mechanism only allows custom queries containing SELECT statements (except for SELECT INTO clauses), it cannot be considered safe as it does not prevent the execution of potentially harmful requests.

    We strongly recommend that you implement additional custom SQL query verification. However, do not use it as the only security precaution. Ensure that you follow best practices and implement the appropriate user read/write privileges at the database level. By setting permissions within the database, you ensure that only authorized users and processes can access or modify data.

    To enable additional validation for custom SQL queries, you can handle one of the following events:

    Some DevExpress controls also expose the EnableCustomSql property. For example:

    When any of these properties is set to true (and the AllowCustomSqlQueries property is set to false), custom SQL queries can be created and executed only by invoking the Data Source Wizard for the corresponding control.

    Tip

    To access custom SQL queries (CustomSqlQuery) for the specified SqlDataSource, use the SqlDataSource.Queries property.

    See Also