SqlWizardSettings.EnableCustomSql Property
SECURITY NOTE
Do not set the EnableCustomSql property to true
unless you are certain about expected results/expected outcomes and have considered all possible security-related conditions within your organization. Remember, unrestricted execution of custom queries allows end-users to modify the connected database.
Specifies whether the Data Source wizard and Query Builder allow end-users to create and execute custom SQL queries.
Namespace: DevExpress.DataAccess.UI.Wizard
Assembly: DevExpress.DataAccess.v24.2.dll
Declaration
Property Value
Type | Default | Description |
---|---|---|
Boolean | false | true, to allow end-users to use custom SQL queries; otherwise, false. |
Property Paths
You can access this nested property as listed below:
Library | Object Type | Path to EnableCustomSql |
---|---|---|
WinForms Controls | DataSourceWizardSettings |
|
Dashboard | DashboardDesignerDataSourceWizardSettings |
|
.NET Reporting Tools | XRDesignMdiController |
|
Remarks
If the EnableCustomSql
property at the level of a particular control is set to false
, end users cannot enter and execute custom SQL queries in the Data Source Wizard for that control.
If the EnableCustomSql
property is set to true
, the Data Source wizard allows end-users to specify a custom SQL query on the Create a Query or Select a Stored Procedure (Single-Query Version) page:
Note
The End-User Report Designer Wizard page appears differently. For information, review the following help topic: Create a Query or Select a Stored Procedure.
The Query Builder window displays a Allow Edit SQL checkbox that allows end users to specify a custom SQL query:
If the EnableCustomSql
property and the static SqlDataSource.AllowCustomSqlQueries property are both set to true
, the application can execute custom queries.
The default query validation rule specifies that a query can only contain SELECT
statements. To enable custom queries with DELETE
, INSERT
, PROCEDURE
and UPDATE
statements, set the static SqlDataSource.DisableCustomQueryValidation property to true
.
To implement your custom query validation logic, you should handle the following event:
You can also handle similar events of the relevant component. These events include the following:
- XRDesignMdiController.ValidateCustomSql
- Dashboard.ValidateCustomSqlQuery
- SpreadsheetControl.ValidateCustomSqlQuery