Skip to main content

SqlWizardSettings.EnableCustomSql Property

SECURITY NOTE

Do not set the EnableCustomSql property to true unless you are certain about expected results/expected outcomes and have considered all possible security-related conditions within your organization. Remember, unrestricted execution of custom queries allows end-users to modify the connected database.

Specifies whether the Data Source wizard and Query Builder allow end-users to create and execute custom SQL queries.

Namespace: DevExpress.DataAccess.UI.Wizard

Assembly: DevExpress.DataAccess.v24.2.dll

Declaration

[DefaultValue(false)]
public bool EnableCustomSql { get; set; }

Property Value

Type Default Description
Boolean false

true, to allow end-users to use custom SQL queries; otherwise, false.

Property Paths

You can access this nested property as listed below:

Library Object Type Path to EnableCustomSql
WinForms Controls DataSourceWizardSettings
.SqlWizardSettings .EnableCustomSql
Dashboard DashboardDesignerDataSourceWizardSettings
.SqlWizardSettings .EnableCustomSql
.NET Reporting Tools XRDesignMdiController
.SqlWizardSettings .EnableCustomSql

Remarks

If the EnableCustomSql property at the level of a particular control is set to false, end users cannot enter and execute custom SQL queries in the Data Source Wizard for that control.

If the EnableCustomSql property is set to true, the Data Source wizard allows end-users to specify a custom SQL query on the Create a Query or Select a Stored Procedure (Single-Query Version) page:

Data Source Wizard Custom SQL

Note

The End-User Report Designer Wizard page appears differently. For information, review the following help topic: Create a Query or Select a Stored Procedure.

The Query Builder window displays a Allow Edit SQL checkbox that allows end users to specify a custom SQL query:

Query Builder Custom SQL Check Box

If the EnableCustomSql property and the static SqlDataSource.AllowCustomSqlQueries property are both set to true, the application can execute custom queries.

The default query validation rule specifies that a query can only contain SELECT statements. To enable custom queries with DELETE, INSERT, PROCEDURE and UPDATE statements, set the static SqlDataSource.DisableCustomQueryValidation property to true.

To implement your custom query validation logic, you should handle the following event:

You can also handle similar events of the relevant component. These events include the following:

See Also