Enabling Custom SQL Editing in Report Designer
This tutorial demonstrates how to enable custom SQL editing in the Data Source Wizard of the End-User Report Designer for Windows Forms.
For security reasons, enabling custom SQL editing is not recommended if your reporting application can be accessed by untrusted parties. Refer to the Ensuring Data Access Security document for more information.
Do the following to enable custom SQL editing by your end-users:
Select the Report Designer's XRDesignMdiController in the component tray.
On this page, click the button for the Queries category to create a new query using the Query Builder.
The Allow Edit SQL option is now available in the Query Builder. Switching to this mode disables the visual features of the Query Builder in favor of the specified SQL string value.
If you use an older Data Source Wizard version, you can specify a custom SQL on the query customization page.
Custom SQL queries are validated before their execution.
Although the default validation mechanism only allows custom queries containing SELECT statements (except for SELECT INTO clauses), it cannot be considered safe as it does not prevent execution of potentially harmful requests.
For this reason, we strongly recommend that you implement your own validation logic that permits only execution of specific query kinds.
To learn more, see the Providing Custom Query Validation in Report Designer document.