Skip to main content
All docs
V24.2

Custom SQL Query in the Report Designer for WPF

  • 2 minutes to read

This document describes how to allow users to edit SQL query text in the End-User Report Designer‘s Data Source Wizard.

Important

For security reasons, do not allow users to edit SQL queries if there is a chance that untrusted parties can access your reporting application. Refer to the following topic for more information: Data Access Security in WPF Applications.

How to Enable Custom SQL

Specify the ReportDesigner component’s EnableCustomSql property to allow users to edit SQL queries:

<dxrud:ReportDesigner Name="reportDesigner">  
    <dxrud:ReportDesigner.DataSourceWizardSettings>  
        <dxda:DataSourceWizardSettings SqlWizardSettings="{dxda:SqlWizardSettings EnableCustomSql=True}" />  
    </dxrud:ReportDesigner.DataSourceWizardSettings>  
</dxrud:ReportDesigner>

Edit SQL in the Data Source Wizard

  1. Load a report in the Report Designer or create a new report bound to an SQL data source. In the Report Explorer window, select Manage Queries:

    wpf-report-designer-manage-queries

  2. In the Manage Queries window, click the ellipsis button to edit the selected query:

    wpf-report-designer-edit-query

  3. You can edit the query in the invoked Query Editor window:

    wpf-report-designer-edit-query-manually

  4. If you enter a query other than SELECT, the following error is displayed when you click Next:

    wpf-report-designer-edit-query-warning

Edit SQL in the Query Builder

Invoke the Data Source Wizard and navigate to the query creation page. On this page, click the Queries category’s plus button to create a new query in the Query Builder.

wpf-report-wizard-invoke-query-builder

The Allow Edit SQL option is now available in the Query Builder. If a user switches to this mode, the visual features of the Query Builder are disabled in favor of the specified SQL string value.

wpf-report-designer-allow-edit-sql

Validate Custom SQL Queries

Custom SQL queries are validated before their execution.

Although the default validation mechanism only allows custom queries that contain SELECT statements (except for SELECT INTO clauses), it is not considered safe as it does not prevent execution of potentially harmful requests.

For this reason, we strongly recommend that you take the following actions:

  • Implement validation logic that allows users to execute only queries that meet certain criteria.
  • Implement the appropriate user read/write privileges at the database level.

See the following topic for details: Custom SQL Query Validation (WPF).