Hi,
I Have to get the Data from the Resultset whatever i have entered in the String edit control. I want only what i entered in the string edit . For example : If i am entering "select accountnum from custtable where name = John. It should return only Accountnum . How to achieve this.
Thanks,
Ram.
Unfortunately you've merely repeated to what you said before and you didn't address anything from my reply, therefore I have nothing new to say.
I suggest you start by explaining the business problem that you believe you can solve by your technical design. Then please read my previous reply again and think about what I said there, especially about security and the risk of destroying the database through stored procedures.
Yes, it's technically possible. It's not recommended for many reasons.
Also it's possible that Microsoft prevents you from shipping customizations where direct SQL queries are used.
There's a new tool called AppChecker, which is still in preview. This tool checks for many things and one thing is looking for direct SQL statements in your code. In the future it might be that MS will prevent you from using code that violates the AppChecker rules.
So I would not invest in a solution that includes direct SQL queries in x++ code.
General info about AppChecker: ariste.info/.../
Here's the rule that checks for direct SQL: github.com/.../DirectSQL.xq
Hi Martin,
Users will enter the sql query and the result should be displayed in another string edit control the queries doesn't contain update , insert and delete keywords if it contains this keywords it will popup error. I just want to display the result from the queries. Is that possible to do this.
This is extremely dangerous. For example, you'd allow users to completely bypass security setup and fetch any sensitive data they want. The users must also understand details of AX data model, otherwise they'll do mistakes like forgetting DataAreaId (as you did too above), struggling to query date-effective data and tables with inheritance, having to deal with surrogate keys and so on. You also don't prevent execution of stored procedures, for example, which allow many things you really don't want people to execute.
What business problem are you trying to solve by this technical design?
Hi Nikolaos,
I had done the validation on entering the query if the query contains words like Delete , update ,insert it will popup error message invalid query , If i am entering select paytermid from custtable where accountnum=00000001, this should return only that paytermid , to get that paytermid from resultset i will use resultset.getstring(),method . inside the getstring method i will give the table's column position . if i am using real field i have to change my code to resultset.getreal() method . The user may enter any queries except update , delete and insert. The return value from the resultset should be shown in info().
Ram
One more thing, using direct SQL from x++ might not be supported and might not work in the future.
You should really consider if you want to create a form where users can inject direct SQL statements. Any user of this form might cause data loss and data corruption. I recommend using the table browser to view data from the tables. That comes out of the box for free.
Anyway, back to your question, if you really want to pursue this path you have to develop some logic that extracts the colum name(s) from the statement, and uses those names to show only the same columns in the result(s). Anything between "select" and "from" are column names, so you can start by trying to extract that info.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
We are honored to recognize Mansi Soni as our August 2025 Community…
A new season of Super Users has arrived, and we are so grateful for…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
