Enable Custom SQL in Report Designer
- 2 minutes to read
This document describes how to allow users to specify custom SQL queries.
On the SQL Data Source Wizard’s Settings page.
When custom SQL queries are enabled, the plus button invokes a context menu. Users can choose whether to run the Query Builder or write a custom SQL.
In the Create a Query or Select a Stored Procedure dialog that is invoked when users click the button next to a data source’s name in the Field List.
When custom SQL queries are enabled, users can type a custom query.
Important
Do not enable custom SQL if any untrusted parties have access to your application. Refer to the General Security Considerations document for more information.
To enable users to specify custom SQL queries in an ASP.NET WebForms or ASP.NET MVC application, call the static DefaultReportDesignerContainer.EnableCustomSql method on application start as shown in the code sample below.
using DevExpress.XtraReports.Web.ReportDesigner;
// ...
protected void Application_Start(object sender, EventArgs e) {
DefaultReportDesignerContainer.EnableCustomSql();
// ...
}
In an ASP.NET Core application, call the ReportDesignerConfigurationBuilder.EnableCustomSql method on application start as shown in the code sample below.
using DevExpress.AspNetCore;
using DevExpress.AspNetCore.Reporting;
//...
public class Startup {
//...
public void ConfigureServices(IServiceCollection services) {
services.AddDevExpressControls();
services.AddMvc();
services.ConfigureReportingServices(configurator => {
configurator.ConfigureReportDesigner(designerConfigurator => {
designerConfigurator.EnableCustomSql();
});
});
}
//...
}
Important
Custom SQL queries are validated before their execution. The default validation mechanism only allows custom queries that contain SELECT statements (except for SELECT INTO clauses) but does not prevent the execution of potentially harmful requests. For this reason, we recommend that you implement your own validation logic that allows users to execute only specific queries. See the Provide Custom Query Validation in Report Designer document for more information.