Session.ExecuteQuery(String, QueryParameterCollection) Method

SECURITY-RELATED CONSIDERATIONS

This method executes a raw SQL query string. Always validate, sanitize, or parameterize externally supplied SQL query strings to prevent unauthorized access to sensitive information.

Executes the specified SQL query and returns a result set.

Namespace : DevExpress.Xpo

Assembly : DevExpress.Xpo.v25.2.dll

NuGet Package : DevExpress.Xpo

csharp

public SelectedData ExecuteQuery(
    string sql,
    QueryParameterCollection parameters
)

Public Function ExecuteQuery(
    sql As String,
    parameters As QueryParameterCollection
) As SelectedData

Parameters

Name	Type	Description
sql	String

Specifies an SQL statement.

| | parameters | QueryParameterCollection |

Specifies query parameter values.

Returns

Type	Description
SelectedData

A result set compatible with XPDataView

Remarks

Use the ExecuteQuery method to query data stores for resulting sets. You can visualize resulting sets using the XPDataView. Refer to this article for additional information: How to: Access Data in SQL Query Results.

Use QueryParameterCollection to pass strongly-typed parameters. See examples here: Always Encrypted (SQL Server only).

The connection provider automatically generates sequential parameter names (p0, p1, p2 …). To specify custom parameter names, use the overloaded ExecuteQuery(String, String[], QueryParameterCollection) method.

To learn more about executing SQL statements in XPO, refer to Direct SQL Queries.

Note

The ExecuteQuery method sends statements directly, so the correct statement syntax and parameter names format depends on a particular database server.