Right now, the direct db query is not that direct - one has to craft the SQL by hand, and variables are allowed in a constrained way. I get requests routinely to run a custom, code-generated SQL query on the Xano database (because it's SQL and they know SQL) only to discover that the only way to run such a query involves running code outside Xano to make use of the database connector.
So let's allow the SQL to be set from a variable, where the var would contain text like "SELEC T * from x_19 WHERE...." etc.
Because this would create an opportunity for a SQL injection vulnerability, an "Are you sure" would be appropriate for gating use. But it's a key way to unlock a lot more power from the Xano back-end!