Custom SQL Query in the Report Designer for WPF
- 2 minutes to read
This document describes how to allow users to edit SQL query text in the End-User Report Designer‘s Data Source Wizard.
Important
For security reasons, do not allow users to edit SQL queries if there is a chance that untrusted parties can access your reporting application. Refer to the following topic for more information: Data Access Security in WPF Applications.
How to Enable Custom SQL
Specify the ReportDesigner component’s EnableCustomSql property to allow users to edit SQL queries:
<dxrud:ReportDesigner Name="reportDesigner">
<dxrud:ReportDesigner.DataSourceWizardSettings>
<dxda:DataSourceWizardSettings SqlWizardSettings="{dxda:SqlWizardSettings EnableCustomSql=True}" />
</dxrud:ReportDesigner.DataSourceWizardSettings>
</dxrud:ReportDesigner>
Edit SQL in the Data Source Wizard
Load a report in the Report Designer or create a new report bound to an SQL data source. In the Report Explorer window, select Manage Queries:
In the Manage Queries window, click the ellipsis button to edit the selected query:
You can edit the query in the invoked Query Editor window:
If you enter a query other than
SELECT
, the following error is displayed when you click Next:
Edit SQL in the Query Builder
Invoke the Data Source Wizard and navigate to the query creation page. On this page, click the Queries category’s plus button to create a new query in the Query Builder.
The Allow Edit SQL option is now available in the Query Builder. If a user switches to this mode, the visual features of the Query Builder are disabled in favor of the specified SQL string value.
Validate Custom SQL Queries
Custom SQL queries are validated before their execution.
Although the default validation mechanism only allows custom queries that contain SELECT
statements (except for SELECT INTO
clauses), it is not considered safe as it does not prevent execution of potentially harmful requests.
For this reason, we strongly recommend that you take the following actions:
- Implement validation logic that allows users to execute only queries that meet certain criteria.
- Implement the appropriate user read/write privileges at the database level.
See the following topic for details: Custom SQL Query Validation (WPF).