# SQL Security

## 🔗 What is SQL Security ?

The SQL Security allows you to restrict access of the survey to a given row of an existing SQL Server table and let you reuse the data from that query for piping purposes anywhere in your survey questions or answers using the [data attributes](/form-management/security/data-attributes.md).\
\
Each query can be parametrized using entries from the respondent.  You can add new variables to build a user interface allowing the respondent to fill them up. These variable can then be used in your query as standard SQL parameters. <br>

![](/files/XfxULKhV9OUrQAfERmjC)\
\
\
If you want to fill a variable based on a querystring you can create a variable of type  "Hidden" and pipe in its default a value from the querystring as shown below where a customer id is piped from the querystring "customerid" variable.

![](/files/3LOI19aXJRGzMgcgJl2S)

{% hint style="info" %}
If your user interface is composed using only hidden variable ngSurvey will automatically call the query once the survey gets loaded and no user interface will be shown.
{% endhint %}

{% hint style="warning" %}
Respondent will only be granted access if the query returns a row or if the **Access only to SQL entries** option is disabled.
{% endhint %}

Once the respondent has finished the survey and submitted his answers ngSurvey will save the retrieved SQL data along the respondent answers.

## 🔅 SQL Security properties

* **`Available Connections`** Connection that will be used to connect to your database
* **`SQL query`** SQL query or stored procedure call that will return the row and its column.&#x20;
* **`Allow multiple submissions`** lets the same row submit multiple times on the same survey. &#x20;
* **`Introduction message`** will be shown above the fields user interface when respondents tries to access the survey.
* **`Invalid key message`** error message shown to the user if no row is returned based on the entered value.

{% hint style="success" %}
This security item can be used as a [key provider](/form-management/security/key-provider-concepts.md).&#x20;
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ngsurvey.com/form-management/security/security-items/sql-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.