Statement.executeQuery Method

Executes an SQL statement that returns an instance of the .


public ResultSet executeQuery(str statement)

Run On



  • statement
    Type: str
    The string that contains the SQL statement that is used to retrieve the result set.

Return Value

Type: ResultSet Class
The object that contains the data returned from the query.


If users control input to the executeQuery method, an SQL injection threat can occur. Therefore, this method runs under Code Access Security. Calls to this method on the server require permission from the . The following are safer alternatives for executing SQL statements:

  • Queries

  • Views

  • X++ select statements

Record level security is not enforced on the Statement class. If data is exposed to the user, perform explicit security validation.


The following example performs an SQL query on CustTable, which runs on the server. The result of the query is stored in the resultSet object.

server static void main(Args _args) 
    DictTable  dictTable; 
    Connection connection; 
    Statement  statement; 
    str        sql; 
    ResultSet  resultSet; 
    SqlStatementExecutePermission perm; 
    dictTable = new DictTable(tableNum(CustTable)); 
    if (dictTable != null) 
           connection = new Connection(); 
           sql = strfmt( "SELECT * FROM %1", ); 
           perm = new SqlStatementExecutePermission(sql); 
           // Check for permission to use the statement. 
           statement = connection.createStatement(); 
           resultSet = statement.executeQuery(sql); 
           // End the scope of the assert call. 

See Also

Statement Class

How to: Secure an API on the AOS

Best Practices Checks