Skip to main content

ICustomQueryValidator.Validate(DataConnectionParametersBase, String, ref String) Method

Validates a custom SQL query.

Namespace: DevExpress.DataAccess.Wizard.Services

Assembly: DevExpress.DataAccess.v24.1.dll

NuGet Packages: DevExpress.DataAccess, DevExpress.Win.PivotGrid, DevExpress.Win.TreeMap

Declaration

bool Validate(
    DataConnectionParametersBase connectionParameters,
    string sql,
    ref string message
)

Parameters

Name Type Description
connectionParameters DataConnectionParametersBase

A DataConnectionParametersBase object, providing access to settings used to establish the current data connection.

sql String

A String value, specifying the SQL query to validate.

message String

A String specifying the error message to display if validation fails.

Returns

Type Description
Boolean

true, if the query is valid; otherwise, false.

Remarks

Important

Although the default validation mechanism only allows custom queries containing SELECT statements (except for SELECT INTO clauses), it cannot be considered safe as it does not prevent execution of potentially harmful requests. For this reason, we strongly recommend that you implement your own validation logic that does not reduce the default restrictions and permits only execution of specific query kinds.

See Also