CustomQueryValidator.Validate(DataConnectionParametersBase, String, ref String) Method
Validates a custom SQL query.
Namespace: DevExpress.DataAccess.Wizard.Services
Assembly: DevExpress.DataAccess.v24.1.dll
NuGet Packages: DevExpress.DataAccess, DevExpress.Win.PivotGrid, DevExpress.Win.TreeMap
Declaration
public virtual bool Validate(
DataConnectionParametersBase connectionParameters,
string sql,
ref string message
)
Parameters
Name | Type | Description |
---|---|---|
connectionParameters | DataConnectionParametersBase | A DataConnectionParametersBase object, providing access to settings used to establish the current data connection. |
sql | String | A String, specifying the SQL query to validate. |
message | String | A String specifying the error message to display if validation fails. |
Returns
Type | Description |
---|---|
Boolean | true, if the query is valid; otherwise, false. |
Remarks
Important
Although the default validation mechanism only allows custom queries containing SELECT statements (except for SELECT INTO clauses), it cannot be considered safe as it does not prevent execution of potentially harmful requests. For this reason, we strongly recommend that you implement your own validation logic that does not reduce the default restrictions and permits only execution of specific query kinds.