The Dashboard Data Source Wizard allows you to specify SQL queries manually by typing them in the SQL String editor. Note that this capability is disabled by default. Execution of custom SQL queries is controlled by the AllowExecutingCustomSql / AllowExecutingCustomSql properties. If you allow execution of custom SQL queries by setting these properties to true, you can use the EnableCustomSql / EnableCustomSql properties to enable a user to specify a custom SQL string in the Data Source wizard.
The use of custom SQL queries may lead to inadvertent or unauthorized modifications to your data/database structure. Therefore, make sure that you follow best practices and implement the appropriate end-user read/write privileges at the database level.
Various SQL extensions may require a special character as the variable's first character. For instance, this can be the "at" sign (@) for Transact-SQL or the colon (:) for PL/SQL. Insert the required character before the parameter name within the custom SQL query.
After you specify the SQL query, click Next. On the next page, you can add query parameters and specify its settings.
By default, the Dashboard Data Source Wizard allows you to use only SELECT statements in the query. If necessary, you can disable query validation and allow end-users to include more than SELECT statements into SQL queries. This capability is controlled by the SqlDataSource.DisableCustomQueryValidation static property exposed by the DashboardSqlDataSource class. The Web Dashboard also allows you to manage validation of custom SQL queries by handling the ASPxDashboard.ValidateDashboardCustomSqlQuery event, which allows you to specify your own query validation logic.