windowsforms-devexpress-dot-dataaccess-dot-ui-dot-wizard-dot-sqlwizardsettings-c938375b.md
Do not set the EnableCustomSql property to true unless you are certain about expected results/expected outcomes and have considered all possible security-related conditions within your organization. Remember, unrestricted execution of custom queries allows end-users to modify the connected database.
Specifies whether the Data Source wizard and Query Builder allow end-users to create and execute custom SQL queries.
Namespace : DevExpress.DataAccess.UI.Wizard
Assembly : DevExpress.DataAccess.v25.2.dll
NuGet Package : DevExpress.DataAccess
[DefaultValue(false)]
public bool EnableCustomSql { get; set; }
<DefaultValue(False)>
Public Property EnableCustomSql As Boolean
| Type | Default | Description |
|---|---|---|
| Boolean | false |
true , to allow end-users to use custom SQL queries; otherwise, false.
|
You can access this nested property as listed below:
| Library | Object Type | Path to EnableCustomSql |
|---|---|---|
| WinForms Controls | DataSourceWizardSettings |
.SqlWizardSettings .EnableCustomSql
| | Dashboard | DashboardDesignerDataSourceWizardSettings |
.SqlWizardSettings .EnableCustomSql
| | .NET Reporting Tools | XRDesignMdiController |
.SqlWizardSettings .EnableCustomSql
|
If the EnableCustomSql property at the level of a particular control is set to false, end users cannot enter and execute custom SQL queries in the Data Source Wizard for that control.
If the EnableCustomSql property is set to true, the Data Source wizard allows end-users to specify a custom SQL query on the Create a Query or Select a Stored Procedure (Single-Query Version) page:
Note
The End-User Report Designer Wizard page appears differently. For information, review the following help topic: Create a Query or Select a Stored Procedure.
The Query Builder window displays a Allow Edit SQL checkbox that allows end users to specify a custom SQL query:
If the EnableCustomSql property and the static SqlDataSource.AllowCustomSqlQueries property are both set to true, the application can execute custom queries.
The default query validation rule specifies that a query can only contain SELECT statements. To enable custom queries with DELETE, INSERT, PROCEDURE and UPDATE statements, set the static SqlDataSource.DisableCustomQueryValidation property to true.
To implement your custom query validation logic, you should handle the following event:
You can also handle similar events of the relevant component. These events include the following:
See Also
Data Access Security in WinForms Applications