SqlDataSource.AllowCustomSqlQueries Property
Specifies whether or not custom SQL queries can be used to fill the SqlDataSource.
Namespace: DevExpress.DataAccess.Sql
Assembly: DevExpress.DataAccess.v24.2.dll
Declaration
Property Value
Type | Description |
---|---|
Boolean | true, to allow specifying custom SQL for the SqlDataSource; otherwise, false. The default is true. |
Remarks
When the AllowCustomSqlQueries property is set to false, the SqlDataSource cannot be filled with data using custom SQL queries. In this case, custom SQL queries will be skipped when calling the SqlDataSource.Fill or SqlDataSource.RebuildResultSchema methods.
When the AllowCustomSqlQueries property is set to true, custom queries will be validated before execution. The standard validation is enabled by default.
Important
Although the default validation mechanism only allows custom queries containing SELECT statements (except for SELECT INTO clauses), it cannot be considered safe as it does not prevent execution of potentially harmful requests. For this reason, we strongly recommend that you implement your own validation logic that permits only execution of specific query kinds.
To enable unrestricted execution of custom queries (e.g., those containing DELETE, INSERT, PROCEDURE and UPDATE statements), set the static SqlDataSource.DisableCustomQueryValidation property to true.
Some DevExpress controls also provide the EnableCustomSql property. For example:
SqlWizardSettings.EnableCustomSql - available via the following properties.
- SpreadsheetDataSourceWizardOptions.EnableCustomSql
When any of these properties is set to true (and the AllowCustomSqlQueries property is set to false), custom SQL queries can be created and executed only in a Data Source Wizard available in the control.
Note
To access custom SQL queries (CustomSqlQuery) for the specified SqlDataSource, use the SqlDataSource.Queries property.