Custom SQL Queries
- 2 minutes to read
The Dashboard Data Source Wizard allows you to type SQL queries in the SQL String editor. Note that this capability is disabled by default.
The following properties control custom SQL queries execution on the server:
Platform | Property |
---|---|
ASP.NET MVC, ASP.NET Core | |
ASP.NET Web Forms |
If you enable these properties to allow custom SQL queries execution, you can allow end users to edit a custom SQL string in the Data Source wizard with the following properties:
Platform | Property |
---|---|
Client Control | |
ASP.NET Core | |
ASP.NET MVC | |
ASP.NET Web Forms |
Warning
The use of custom SQL queries can lead to inadvertent or unauthorized modifications to your data/database structure. Ensure that you follow best practices and implement the appropriate user read/write privileges at database level.
Note
Various SQL extensions can require a special character as the variable’s first character. For instance, this can be the “at” sign (@) for Transact-SQL or the colon (:) for PL/SQL. Insert the required character before the parameter name within the custom SQL query.
After you specify the SQL query, click Next. On the next page, you can add query parameters and specify its settings.
Validation of Custom SQL Queries
The Dashboard Data Source Wizard allows you to use only SELECT statements in the query. If necessary, you can disable query validation and allow users to include other statements in addition to SELECT statements in SQL queries. To accomplish this, set the static DisableCustomQueryValidation property to true. The DashboardSqlDataSource class exposes the DisableCustomQueryValidation
property.
The Web Dashboard allows you to manage validation of custom SQL queries. Handle the ASPxDashboard.ValidateDashboardCustomSqlQuery / DashboardConfigurator.ValidateCustomSqlQuery event to specify your own query validation logic.