SqlDataSource.ValidateCustomSqlQueryGlobal Event
Provides the capability to check the validity of the custom SQL query used to supply SQL data sources with data.
Namespace: DevExpress.DataAccess.Sql
Assembly: DevExpress.DataAccess.v25.1.dll
NuGet Package: DevExpress.DataAccess
Declaration
Event Data
The ValidateCustomSqlQueryGlobal event's data class is ValidateCustomSqlQueryEventArgs. The following properties provide information specific to this event:
Property | Description |
---|---|
CustomSqlQuery | Gets a custom SQL query being validated. |
ExceptionMessage | Gets or sets the exception message returned after validation of the custom SQL query. |
Valid | Gets or sets whether or not the current SQL query is valid. |
Remarks
Important
The use of custom SQL queries can lead to inadvertent or unauthorized modifications to your data/database structure. Although the default validation mechanism only allows custom queries containing SELECT
statements (except for SELECT INTO
clauses), it cannot be considered safe as it does not prevent the execution of potentially harmful requests.
We strongly recommend that you implement additional custom SQL query verification. However, do not use it as the only security precaution. Ensure that you follow best practices and implement the appropriate user read/write privileges at the database level. By setting permissions within the database, you ensure that only authorized users and processes can access or modify data.
Handle the ValidateCustomSqlQueryGlobal
event to validate custom SQL for all queries created in your applications.
The ValidateCustomSqlQueryGlobal
event is raised before SqlDataSource.ValidateCustomSqlQuery.
This event occurs for all SQL data sources in the application:
using DevExpress.DataAccess;
using DevExpress.DataAccess.Sql;
// ...
SqlDataSource.ValidateCustomSqlQueryGlobal += SqlDataSource_ValidateCustomSqlQueryGlobal;
void SqlDataSource_ValidateCustomSqlQueryGlobal(object sender, ValidateCustomSqlQueryEventArgs e) {
CustomSqlQuery customQuery = e.CustomSqlQuery;
bool validationResult;
// Insert your custom validation logic here.
e.Valid = validationResult;
}