CustomQueryValidator.Validate(DataConnectionParametersBase, String, ref String) Method
Validates a custom SQL query.
Namespace: DevExpress.DataAccess.Wizard.Services
Assembly: DevExpress.DataAccess.v24.2.dll
NuGet Package: DevExpress.DataAccess
#Declaration
public virtual bool Validate(
DataConnectionParametersBase connectionParameters,
string sql,
ref string message
)
#Parameters
Name | Type | Description |
---|---|---|
connection |
Data |
A Data |
sql | String | A String, specifying the SQL query to validate. |
message | String | A String specifying the error message to display if validation fails. |
#Returns
Type | Description |
---|---|
Boolean | true, if the query is valid; otherwise, false. |
#Remarks
Important
Although the default validation mechanism only allows custom queries containing SELECT statements (except for SELECT INTO clauses), it cannot be considered safe as it does not prevent execution of potentially harmful requests. For this reason, we strongly recommend that you implement your own validation logic that does not reduce the default restrictions and permits only execution of specific query kinds.