Statement.executeQuery Method [AX 2012]
Executes an SQL statement that returns an instance of the .
public ResultSet executeQuery(str statement)
Run On
CalledParameters
- statement
- Type: str
The string that contains the SQL statement that is used to retrieve the result set.
If users control input to the executeQuery method, an SQL injection threat can occur. Therefore, this method runs under Code Access Security. Calls to this method on the server require permission from the . The following are safer alternatives for executing SQL statements:
-
Queries
-
Views
-
X++ select statements
Record level security is not enforced on the Statement class. If data is exposed to the user, perform explicit security validation.
The following example performs an SQL query on CustTable, which runs on the server. The result of the query is stored in the resultSet object.
server static void main(Args _args)
{
DictTable dictTable;
Connection connection;
Statement statement;
str sql;
ResultSet resultSet;
SqlStatementExecutePermission perm;
dictTable = new DictTable(tableNum(CustTable));
if (dictTable != null)
{
connection = new Connection();
sql = strfmt( "SELECT * FROM %1", dictTable.name(DbBackend::Sql) );
perm = new SqlStatementExecutePermission(sql);
// Check for permission to use the statement.
perm.assert();
statement = connection.createStatement();
resultSet = statement.executeQuery(sql);
// End the scope of the assert call.
CodeAccessPermission::revertAssert();
}
}
Community Additions
ADD
Show: