Skip to main content
BuyLog In
Cross-Platform Class Library
Search in…
Docs > API Reference > DevExpress.DataAccess.Sql > SqlDataSource > Events > ValidateCustomSqlQuery
All docs
V25.1
    • Cross-Platform Core Libraries
    Core Library Assemblies
    AI Integration
    DevExpress Data Library
    DevExpress.Drawing Graphics Library
    DevExpress Pivot Grid Core Library
    Miscellaneous
    API Reference
    DevExpress.AIIntegration
    DevExpress.AIIntegration.Extensions
    DevExpress.AIIntegration.Localization
    DevExpress.AIIntegration.OpenAI.Services
    DevExpress.AIIntegration.Services.Assistant
    DevExpress.AIIntegration.Services.Chat
    DevExpress.Charts.Heatmap
    DevExpress.Charts.Sankey
    DevExpress.DashboardCommon
    DevExpress.DashboardCommon.Diagnostics
    DevExpress.DashboardWeb
    DevExpress.Data
    DevExpress.Data.Browsing
    DevExpress.Data.Camera
    DevExpress.Data.Controls
    DevExpress.Data.Controls.ExpressionEditor
    DevExpress.Data.Entity
    DevExpress.Data.Filtering
    DevExpress.Data.Filtering.Exceptions
    DevExpress.Data.Filtering.Helpers
    DevExpress.Data.Linq
    DevExpress.Data.Mask
    DevExpress.Data.ODataLinq
    DevExpress.Data.PivotGrid
    DevExpress.Data.PLinq
    DevExpress.Data.TreeList
    DevExpress.Data.Utils
    DevExpress.Data.Utils.Security
    DevExpress.Data.Utils.ServiceModel
    DevExpress.Data.WcfLinq
    DevExpress.Data.WizardFramework
    DevExpress.Data.XtraReports.DataProviders
    DevExpress.DataAccess
    DevExpress.DataAccess.ConnectionParameters
    DevExpress.DataAccess.DataFederation
    DevExpress.DataAccess.EntityFramework
    DevExpress.DataAccess.Excel
    DevExpress.DataAccess.ExpressionEditor
    DevExpress.DataAccess.Json
    DevExpress.DataAccess.Localization
    DevExpress.DataAccess.MongoDB
    DevExpress.DataAccess.ObjectBinding
    DevExpress.DataAccess.Sql
    AggregateQueryInvalidSortingValidationException
    AggregationType
    AggregationWithoutAliasValidationException
    AliasedBase
    AllColumns
    BeforeLoadProviderCustomAssemblyEventArgs
    BeforeLoadProviderCustomAssemblyEventHandler
    CircularRelationsValidationException
    Column
    ColumnBase
    ColumnExpression
    ColumnNotInSchemaValidationException
    ColumnNullValidationException
    ConditionType
    ConfigureDataConnectionEventArgs
    ConfigureDataConnectionEventHandler
    ConnectionErrorEventArgs
    ConnectionErrorEventHandler
    ConnectionOptions
    CustomExpression
    CustomExpressionWithAmbiguousColumnValidationException
    CustomExpressionWithColumnOfMissingTableValidationException
    CustomExpressionWithMissingInSchemaColumnValidationException
    CustomizeFilterExpressionEventArgs
    CustomizeFilterExpressionEventHandler
    CustomSqlQuery
    CustomSqlQueryValidationException
    DatabaseConnectionException
    DBSchema
    DBSchemaProviderEx
    DuplicatingColumnNamesValidationException
    DuplicatingTableNamesValidationException
    ExpressionBase
    ExpressionNullValidationException
    ExpressionStringNullValidationException
    FilterByAmbiguousColumnValidationException
    FilterByColumnOfMissingTableValidationException
    FilterByMissingInSchemaColumnValidationException
    Group
    GroupByAggregateColumnValidationException
    GroupByWithoutAggregateValidationException
    GroupNullValidationException
    HavingWithoutGroupByValidationException
    IDBCommandInterceptor
    IDBConnectionInterceptor
    IDBSchemaProviderEx
    IncompleteRelationValidationException
    InvalidExpressionStringValidationException
    IResultSchemaProvider
    Join
    MasterDetailInfo
    MasterDetailInfoCollection
    NegativeTopSkipValidationException
    NoColumnsValidationException
    NoRelationColumnsValidationException
    NoTablesValidationException
    PartialAggregationValidationException
    ProviderCustomAssemblyLoadingProhibitedException
    QueryExecutionException
    QueryParameter
    RecordsCount
    RelationColumnInfo
    RelationColumnNotInSchemaValidationException
    RelationColumnNullValidationException
    RelationException
    RelationNullValidationException
    RelationTableNotSelectedValidationException
    ResultSchemaProvider
    SelectQuery
    SelectQueryFluentBuilder
    SkipWithoutSortingValidationException
    SortByAggregateColumnValidationException
    Sorting
    SortingBySameColumnTwiceValidationException
    SortingNullValidationException
    SqlDataConnection
    SqlDataSource
    Members
    Constructors
    Fields
    Properties
    Methods
    Events
    BeforeLoadProviderCustomAssembly
    BeforeLoadProviderCustomAssemblyGlobal
    ConfigureDataConnection
    ConnectionError
    CustomizeFilterExpression
    ValidateCustomSqlQuery
    ValidateCustomSqlQueryGlobal
    SqlIsolationLevel
    SqlJoinType
    SqlQuery
    SqlQueryCollection
    SqlStringEmptyValidationException
    StoredProcNameNullValidationException
    StoredProcNotInSchemaValidationException
    StoredProcParamCountValidationException
    StoredProcParamNameValidationException
    StoredProcParamNullValidationException
    StoredProcParamTypeValidationException
    StoredProcQuery
    Table
    TableNotInSchemaValidationException
    TableNotSelectedValidationException
    TableNullValidationException
    TablesNotRelatedValidationException
    UnnamedColumnValidationException
    UnnamedTableValidationException
    ValidationException
    DevExpress.DataAccess.Sql.DataApi
    DevExpress.DataAccess.UI.Localization
    DevExpress.DataAccess.Web
    DevExpress.DataAccess.Web.QueryBuilder
    DevExpress.DataAccess.Web.QueryBuilder.DataContracts
    DevExpress.DataAccess.Wizard
    DevExpress.DataAccess.Wizard.Model
    DevExpress.DataAccess.Wizard.Presenters
    DevExpress.DataAccess.Wizard.Services
    DevExpress.DataAccess.Wizard.Views
    DevExpress.DataProcessing.Criteria
    DevExpress.Diagram.Core
    DevExpress.Diagram.Core.Layout
    DevExpress.Diagram.Core.Localization
    DevExpress.Diagram.Core.Native
    DevExpress.Diagram.Core.Serialization
    DevExpress.Diagram.Core.Shapes
    DevExpress.Diagram.Core.Themes
    DevExpress.DocumentServices.ServiceModel
    DevExpress.DocumentServices.ServiceModel.Client
    DevExpress.DocumentServices.ServiceModel.DataContracts
    DevExpress.DocumentView
    DevExpress.Drawing
    DevExpress.Drawing.Extensions
    DevExpress.Drawing.Printing
    DevExpress.Entity.Model
    DevExpress.Entity.ProjectModel
    DevExpress.Export
    DevExpress.Export.Xl
    DevExpress.Map
    DevExpress.Mvvm
    DevExpress.Mvvm.DataAnnotations
    DevExpress.Mvvm.DataModel
    DevExpress.Mvvm.Gantt
    DevExpress.Mvvm.ModuleInjection
    DevExpress.Mvvm.UI
    DevExpress.Mvvm.Utils
    DevExpress.Mvvm.ViewModel
    DevExpress.Mvvm.Xpf
    DevExpress.Office.Crypto
    DevExpress.PivotGrid.Criteria
    DevExpress.PivotGrid.DataBinding
    DevExpress.PivotGrid.Printing
    DevExpress.Printing
    DevExpress.Printing.ExportHelpers
    DevExpress.ReportServer.Printing
    DevExpress.ReportServer.Printing.Services
    DevExpress.ReportServer.ServiceModel.Client
    DevExpress.ReportServer.ServiceModel.ConnectionProviders
    DevExpress.ReportServer.ServiceModel.DataContracts
    DevExpress.Schedule
    DevExpress.Security.Resources
    DevExpress.Services
    DevExpress.Sparkline
    DevExpress.TreeMap
    DevExpress.Utils
    DevExpress.Utils.Commands
    DevExpress.Utils.Controls
    DevExpress.Utils.Filtering
    DevExpress.Utils.Filtering.Internal
    DevExpress.Utils.Html
    DevExpress.Utils.IoC
    DevExpress.Utils.Localization
    DevExpress.Utils.Serializing
    DevExpress.Utils.Serializing.Helpers
    DevExpress.Utils.Svg
    DevExpress.WebUtils
    DevExpress.Xpf.Core
    DevExpress.Xpf.Data
    DevExpress.Xpf.Printing
    DevExpress.Xpo
    DevExpress.Xpo.DB
    DevExpress.Xpo.DB.Exceptions
    DevExpress.Xpo.DB.Helpers
    DevExpress.Xpo.Helpers
    DevExpress.XtraCharts
    DevExpress.XtraCharts.Heatmap
    DevExpress.XtraCharts.Heatmap.Printing
    DevExpress.XtraCharts.Localization
    DevExpress.XtraCharts.Printing
    DevExpress.XtraCharts.Sankey
    DevExpress.XtraCharts.Sankey.Printing
    DevExpress.XtraEditors
    DevExpress.XtraEditors.DXErrorProvider
    DevExpress.XtraEditors.Filtering
    DevExpress.XtraExport.Csv
    DevExpress.XtraGauges.Base
    DevExpress.XtraGauges.Core
    DevExpress.XtraGauges.Core.Base
    DevExpress.XtraGauges.Core.Drawing
    DevExpress.XtraGauges.Core.Localization
    DevExpress.XtraGauges.Core.Model
    DevExpress.XtraGauges.Core.Primitive
    DevExpress.XtraGrid
    DevExpress.XtraPivotGrid
    DevExpress.XtraPivotGrid.Customization
    DevExpress.XtraPivotGrid.Data
    DevExpress.XtraPivotGrid.Localization
    DevExpress.XtraPivotGrid.Selection
    DevExpress.XtraPrinting
    DevExpress.XtraPrinting.BarCode
    DevExpress.XtraPrinting.BarCode.EPC
    DevExpress.XtraPrinting.Caching
    DevExpress.XtraPrinting.DataNodes
    DevExpress.XtraPrinting.Drawing
    DevExpress.XtraPrinting.Export
    DevExpress.XtraPrinting.Export.Web
    DevExpress.XtraPrinting.Localization
    DevExpress.XtraPrinting.Native
    DevExpress.XtraPrinting.Security
    DevExpress.XtraPrinting.Shape
    DevExpress.XtraPrinting.Shape.Native
    DevExpress.XtraPrinting.WebClientUIControl.DataContracts
    DevExpress.XtraPrintingLinks
    DevExpress.XtraReports
    DevExpress.XtraReports.Configuration
    DevExpress.XtraReports.Design
    DevExpress.XtraReports.Expressions
    DevExpress.XtraReports.Expressions.Native
    DevExpress.XtraReports.Parameters
    DevExpress.XtraReports.Parameters.ViewModels
    DevExpress.XtraReports.ReportGeneration
    DevExpress.XtraReports.UI
    DevExpress.XtraReports.Web.ReportDesigner
    DevExpress.XtraReports.Web.ReportDesigner.DataContracts
    DevExpress.XtraReports.Web.WebDocumentViewer
    DevExpress.XtraReports.Web.WebDocumentViewer.DataContracts
    DevExpress.XtraScheduler
    DevExpress.XtraScheduler.Compatibility
    DevExpress.XtraScheduler.Drawing
    DevExpress.XtraScheduler.Exchange
    DevExpress.XtraScheduler.iCalendar
    DevExpress.XtraScheduler.iCalendar.Components
    DevExpress.XtraScheduler.Localization
    DevExpress.XtraScheduler.Native
    DevExpress.XtraScheduler.Outlook
    DevExpress.XtraScheduler.Outlook.Interop
    DevExpress.XtraScheduler.Reporting
    DevExpress.XtraScheduler.Services
    DevExpress.XtraScheduler.Services.Implementation
    DevExpress.XtraScheduler.Tools
    DevExpress.XtraScheduler.UI
    DevExpress.XtraScheduler.Xml
    DevExpress.XtraSpellChecker
    DevExpress.XtraSpellChecker.Rules
    Download CHM

    SqlDataSource.ValidateCustomSqlQuery Event

    Checks the validity of the custom SQL query used to supply the data source with data.

    Namespace: DevExpress.DataAccess.Sql

    Assembly: DevExpress.DataAccess.v25.1.dll

    NuGet Package: DevExpress.DataAccess

    Declaration

    public event ValidateCustomSqlQueryEventHandler ValidateCustomSqlQuery

    Event Data

    The ValidateCustomSqlQuery event's data class is ValidateCustomSqlQueryEventArgs. The following properties provide information specific to this event:

    Property Description
    CustomSqlQuery Gets a custom SQL query being validated.
    ExceptionMessage Gets or sets the exception message returned after validation of the custom SQL query.
    Valid Gets or sets whether or not the current SQL query is valid.

    Remarks

    Important

    The use of custom SQL queries can lead to inadvertent or unauthorized modifications to your data/database structure. Although the default validation mechanism only allows custom queries containing SELECT statements (except for SELECT INTO clauses), it cannot be considered safe as it does not prevent the execution of potentially harmful requests.

    We strongly recommend that you implement additional custom SQL query verification. However, do not use it as the only security precaution. Ensure that you follow best practices and implement the appropriate user read/write privileges at the database level. By setting permissions within the database, you ensure that only authorized users and processes can access or modify data.

    The ValidateCustomSqlQuery event is raised each time the custom SQL query (CustomSqlQuery), which is used to select data, needs to be validated. The ValidateCustomSqlQuery event is raised in the following cases.

    The e.CustomSqlQuery property returns the SQL query being validated. Initially, a custom query can contain only SELECT statements. If the custom query contains statements other than SELECT statements or the query is specified incorrectly, the e.Valid property is set to false. The e.ExceptionMessage property returns the corresponding exception message.

    If necessary, you can check the validity of the custom SQL query manually and override the value of the e.Valid flag and corresponding e.ExceptionMessage.

    Important

    The default validation is performed if the SqlDataSource.DisableCustomQueryValidation property is set to false.

    To validate custom SQL for all queries created in an End-User Report Designer for WinForms, handle the SqlDataSource.ValidateCustomSqlQueryGlobal event.

    See Also