Custom SQL Editor
Users can type an SQL query in the Custom SQL Editor if you enable custom SQL queries. This editor is invoked from the Data Source Wizard.
The Custom SQL Editor highlights the SQL syntax to help users read and write queries.
Important
The use of custom SQL queries can lead to inadvertent or unauthorized modifications to your data/database structure. The default validation mechanism only allows custom queries that contain SELECT
statements (except for SELECT INTO
clauses) and blocks any SQL keywords that can potentially be used for data modification (like REPLACE
, UPDATE
, INSERT
, DELETE
, and other SQL statements). Despite this precaution, this validation is not considered safe as it does not prevent the execution of potentially harmful requests.
We strongly recommend that you implement additional custom SQL query verification. However, do not use it as the only security precaution. Ensure that you follow best practices and implement the appropriate user read/write privileges at the database level.
Refer to the following help topic for information about custom SQL query validation: Custom SQL Query Validation (Web).