Yes I believe that is the case aswell however I cannot pass the parameter within the SQL query box as it will convert it to a string prior to running the query.
I'm trying to escape the string with something like below but without being able to view the pre compiled code around the SQL query I'm doing it all by feel.
Select [PrimaryEmail],[ADLoginName] from [User]
WHERE PrimaryEmail = '" & <%= User.Identity.Name %> & "';"
The query validation isn't helping either as it trys to prevent code it feels isn't part of a valid sql query and I'm trying to escape the query and tack my code on the end of it, SQL injection styles.