DetailsView.ItemUpdating 事件

定义

在单击 DetailsView 控件中的“更新”按钮时,但在更新操作之前发生。Occurs when an Update button within a DetailsView control is clicked, but before the update operation.

public:
 event System::Web::UI::WebControls::DetailsViewUpdateEventHandler ^ ItemUpdating;
public event System.Web.UI.WebControls.DetailsViewUpdateEventHandler ItemUpdating;
member this.ItemUpdating : System.Web.UI.WebControls.DetailsViewUpdateEventHandler 
Public Custom Event ItemUpdating As DetailsViewUpdateEventHandler 

示例

下面的代码示例演示如何使用ItemUpdating事件对用户输入的值进行 HTML 编码, 然后在数据源中更新记录。The following code example demonstrates how to use the ItemUpdating event to HTML-encode the values entered by the user before a record is updated in the data source.


<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
  void CustomerDetail_ItemInserted(object sender, 
    DetailsViewInsertedEventArgs e)
  {
    // Refresh the GridView control after a new record is inserted 
    // in the DetailsView control.
    CustomersView.DataBind();
  }

  void CustomerDetail_ItemInserting(object sender, 
    DetailsViewInsertEventArgs e)
  {
    // Iterate though the values entered by the user and HTML encode 
    // the values. This helps prevent malicious values from being 
    // stored in the data source.
    for (int i = 0; i < e.Values.Count; i++)
    {
      if (e.Values[i] != null)
      {
        e.Values[i] = Server.HtmlEncode(e.Values[i].ToString());
      }
    }
  }

  void CustomerDetail_ItemUpdated(object sender, 
    DetailsViewUpdatedEventArgs e)
  {
    // Refresh the GridView control after a new record is updated 
    // in the DetailsView control.
    CustomersView.DataBind();
  }

  void CustomerDetail_ItemUpdating(object sender, 
    DetailsViewUpdateEventArgs e)
  {
    // Iterate though the values entered by the user and HTML encode 
    // the values. This helps prevent malicious values from being 
    // stored in the data source.
    for (int i = 0; i < e.NewValues.Count; i++)
    {
      if (e.NewValues[i] != null)
      {
        e.NewValues[i] = Server.HtmlEncode(e.NewValues[i].ToString());
      }
    }
  }

  void CustomerDetail_ItemDeleted(object sender, 
    DetailsViewDeletedEventArgs e)
  {
    // Refresh the GridView control after a new record is updated 
    // in the DetailsView control.
    CustomersView.DataBind();
  }
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>
      DetailsView Example</title>
</head>
<body>
  <form id="Form1" runat="server">
    <h3>
      DetailsView Example</h3>
    <table cellspacing="10">
      <tr>
        <td>
          <!-- Use a GridView control in combination with      -->
          <!-- a DetailsView control to display master-detail  -->
          <!-- information. When the user selects a store from -->
          <!-- GridView control, the customers//s detailed     -->
          <!-- information is displayed in the DetailsView     -->
          <!-- control.                                        -->
          <asp:GridView ID="CustomersView" DataSourceID="Customers" 
            AutoGenerateColumns="False"
            DataKeyNames="CustomerID" runat="server">
            <HeaderStyle BackColor="Blue" ForeColor="White" />
            <Columns>
              <asp:CommandField ShowSelectButton="True" />
              <asp:BoundField DataField="ContactName" 
                HeaderText="ContactName" />
              <asp:BoundField DataField="CompanyName" 
                HeaderText="CompanyName" />
            </Columns>
          </asp:GridView>
        </td>
        <td valign="top">
          <asp:DetailsView ID="CustomerDetail" 
            DataSourceID="Details" AutoGenerateRows="false"
            AutoGenerateInsertButton="true" 
            AutoGenerateEditButton="true" 
            AutoGenerateDeleteButton="true"
            EmptyDataText="No records." 
            DataKeyNames="CustomerID" GridLines="Both" 
            OnItemInserted="CustomerDetail_ItemInserted"
            OnItemInserting="CustomerDetail_ItemInserting" 
            OnItemUpdated="CustomerDetail_ItemUpdated"
            OnItemUpdating="CustomerDetail_ItemUpdating" 
            OnItemDeleted="CustomerDetail_ItemDeleted"
            runat="server">
            <HeaderStyle BackColor="Navy" ForeColor="White" />
            <RowStyle BackColor="White" />
            <AlternatingRowStyle BackColor="LightGray" />
            <EditRowStyle BackColor="LightCyan" />
            <Fields>
              <asp:BoundField DataField="CustomerID" HeaderText="CustomerID" ReadOnly="True" />
              <asp:BoundField DataField="ContactName" HeaderText="ContactName" />
              <asp:BoundField DataField="ContactTitle" HeaderText="ContactTitle" />
              <asp:BoundField DataField="CompanyName" HeaderText="CompanyName" />
              <asp:BoundField DataField="Address" HeaderText="Address" />
              <asp:BoundField DataField="City" HeaderText="City" />
              <asp:BoundField DataField="Region" HeaderText="Region" />
              <asp:BoundField DataField="PostalCode" HeaderText="PostalCode" />
              <asp:BoundField DataField="Country" HeaderText="Country" />
              <asp:BoundField DataField="Phone" HeaderText="Phone" />
              <asp:BoundField DataField="Fax" HeaderText="Fax" />
            </Fields>
          </asp:DetailsView>
        </td>
      </tr>
    </table>
    <!-- This example uses Microsoft SQL Server and connects -->
    <!-- to the Northwind sample database.                   -->
    <!-- It is strongly recommended that each data-bound     -->
    <!-- control uses a separate data source control.        -->
    <asp:SqlDataSource ID="Customers" runat="server" 
      ConnectionString=
        "<%$ ConnectionStrings:NorthwindConnectionString %>"
      SelectCommand="SELECT [CompanyName], [ContactName], [CustomerID] 
        FROM [Customers]">
    </asp:SqlDataSource>
    <!-- Add a filter to the data source control for the     -->
    <!-- DetailsView control to display the details of the   -->
    <!-- store selected in the GridView control.             -->
    <asp:SqlDataSource ID="Details" 
      ConnectionString=
        "<%$ ConnectionStrings:NorthwindConnectionString %>"
      runat="server" 
      SelectCommand="SELECT * FROM [Customers] 
        WHERE ([CustomerID] = @CustomerID)"
      DeleteCommand="DELETE FROM [Customers] 
        WHERE [CustomerID] = @CustomerID"
      InsertCommand="INSERT INTO [Customers] ([CustomerID], 
        [CompanyName], [ContactName], [ContactTitle], [Address], 
        [City], [Region], [PostalCode], [Country], [Phone], [Fax]) 
        VALUES (@CustomerID, @CompanyName, @ContactName, @ContactTitle, 
        @Address, @City, @Region, @PostalCode, @Country, @Phone, @Fax)"
      UpdateCommand="UPDATE [Customers] SET [CompanyName] = @CompanyName, 
        [ContactName] = @ContactName, [ContactTitle] = @ContactTitle, 
        [Address] = @Address, [City] = @City, [Region] = @Region, 
        [PostalCode] = @PostalCode, [Country] = @Country, 
        [Phone] = @Phone, [Fax] = @Fax 
        WHERE [CustomerID] = @CustomerID">
      <SelectParameters>
        <asp:ControlParameter ControlID="CustomersView" 
          Name="CustomerID" PropertyName="SelectedValue"
          Type="String" />
      </SelectParameters>
      <DeleteParameters>
        <asp:Parameter Name="CustomerID" Type="String" />
      </DeleteParameters>
      <UpdateParameters>
        <asp:Parameter Name="CompanyName" Type="String" />
        <asp:Parameter Name="ContactName" Type="String" />
        <asp:Parameter Name="ContactTitle" Type="String" />
        <asp:Parameter Name="Address" Type="String" />
        <asp:Parameter Name="City" Type="String" />
        <asp:Parameter Name="Region" Type="String" />
        <asp:Parameter Name="PostalCode" Type="String" />
        <asp:Parameter Name="Country" Type="String" />
        <asp:Parameter Name="Phone" Type="String" />
        <asp:Parameter Name="Fax" Type="String" />
        <asp:Parameter Name="CustomerID" Type="String" />
      </UpdateParameters>
      <InsertParameters>
        <asp:Parameter Name="CustomerID" Type="String" />
        <asp:Parameter Name="CompanyName" Type="String" />
        <asp:Parameter Name="ContactName" Type="String" />
        <asp:Parameter Name="ContactTitle" Type="String" />
        <asp:Parameter Name="Address" Type="String" />
        <asp:Parameter Name="City" Type="String" />
        <asp:Parameter Name="Region" Type="String" />
        <asp:Parameter Name="PostalCode" Type="String" />
        <asp:Parameter Name="Country" Type="String" />
        <asp:Parameter Name="Phone" Type="String" />
        <asp:Parameter Name="Fax" Type="String" />
      </InsertParameters>
    </asp:SqlDataSource>
  </form>
</body>
</html>
<%@ Page Language="VB" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
  Sub CustomerDetail_ItemInserted(ByVal sender As Object, _
    ByVal e As DetailsViewInsertedEventArgs)
    ' Refresh the GridView control after a new record is inserted in 
    ' the DetailsView control.
    CustomersView.DataBind()
  End Sub
  
  Sub CustomerDetail_ItemInserting(ByVal sender As Object, _
    ByVal e As DetailsViewInsertEventArgs)
    ' Iterate though the values entered by the user and HTML encode 
    ' the values. This helps prevent malicious values from being 
    ' stored in the data source.
    For i As Integer = 0 To e.Values.Count - 1
      If e.Values(i) IsNot Nothing Then
        e.Values(i) = Server.HtmlEncode(e.Values(i).ToString())
      End If
    Next
  End Sub
  
  Sub CustomerDetail_ItemUpdated(ByVal sender As Object, _
    ByVal e As DetailsViewUpdatedEventArgs)
    ' Refresh the GridView control after a new record is updated 
    ' in the DetailsView control.
    CustomersView.DataBind()
  End Sub
  
  Sub CustomerDetail_ItemUpdating(ByVal sender As Object, _
    ByVal e As DetailsViewUpdateEventArgs)
    ' Iterate though the values entered by the user and HTML encode 
    ' the values. This helps prevent malicious values from being 
    ' stored in the data source.
    For i As Integer = 0 To e.NewValues.Count - 1
      If e.NewValues(i) IsNot Nothing Then
        e.NewValues(i) = Server.HtmlEncode(e.NewValues(i).ToString())
      End If
    Next
  End Sub
  
  Sub CustomerDetail_ItemDeleted(ByVal sender As Object, _
    ByVal e As DetailsViewDeletedEventArgs)
    ' Refresh the GridView control after a new record is updated 
    ' in the DetailsView control.
    CustomersView.DataBind()
  End Sub
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>DetailsView Example</title>
</head>
<body>
  <form id="Form1" runat="server">
    <h3>DetailsView Example</h3>
    <table cellspacing="10">
      <tr>
        <td>
          <!-- Use a GridView control in combination with      -->
          <!-- a DetailsView control to display master-detail  -->
          <!-- information. When the user selects a store from -->
          <!-- GridView control, the customers's detailed      -->
          <!-- information is displayed in the DetailsView     -->
          <!-- control.                                        -->
          <asp:GridView ID="CustomersView" DataSourceID="Customers" 
            AutoGenerateColumns="False"
            DataKeyNames="CustomerID" runat="server">
            <HeaderStyle BackColor="Blue" ForeColor="White" />
            <Columns>
              <asp:CommandField ShowSelectButton="True" />
              <asp:BoundField DataField="ContactName" 
                HeaderText="ContactName" />
              <asp:BoundField DataField="CompanyName" 
                HeaderText="CompanyName" />
            </Columns>
          </asp:GridView>
        </td>
        <td valign="top">
          <asp:DetailsView ID="CustomerDetail" DataSourceID="Details" 
            AutoGenerateRows="false"
            AutoGenerateInsertButton="true" 
            AutoGenerateEditButton="true" 
            AutoGenerateDeleteButton="true"
            EmptyDataText="No records." 
            DataKeyNames="CustomerID" GridLines="Both" 
            OnItemInserted="CustomerDetail_ItemInserted"
            OnItemInserting="CustomerDetail_ItemInserting" 
            OnItemUpdated="CustomerDetail_ItemUpdated"
            OnItemUpdating="CustomerDetail_ItemUpdating" 
            OnItemDeleted="CustomerDetail_ItemDeleted"
            runat="server">
            <HeaderStyle BackColor="Navy" ForeColor="White" />
            <RowStyle BackColor="White" />
            <AlternatingRowStyle BackColor="LightGray" />
            <EditRowStyle BackColor="LightCyan" />
            <Fields>
              <asp:BoundField DataField="CustomerID" HeaderText="CustomerID" 
                ReadOnly="True" />
              <asp:BoundField DataField="ContactName" HeaderText="ContactName" />
              <asp:BoundField DataField="ContactTitle" HeaderText="ContactTitle" />
              <asp:BoundField DataField="CompanyName" HeaderText="CompanyName" />
              <asp:BoundField DataField="Address" HeaderText="Address" />
              <asp:BoundField DataField="City" HeaderText="City" />
              <asp:BoundField DataField="Region" HeaderText="Region" />
              <asp:BoundField DataField="PostalCode" HeaderText="PostalCode" />
              <asp:BoundField DataField="Country" HeaderText="Country" />
              <asp:BoundField DataField="Phone" HeaderText="Phone" />
              <asp:BoundField DataField="Fax" HeaderText="Fax" />
            </Fields>
          </asp:DetailsView>
        </td>
      </tr>
    </table>
    <!-- This example uses Microsoft SQL Server and connects -->
    <!-- to the Northwind sample database.                   -->
    <!-- It is strongly recommended that each data-bound     -->
    <!-- control uses a separate data source control.        -->
    <asp:SqlDataSource ID="Customers" runat="server" 
      ConnectionString=
        "<%$ ConnectionStrings:NorthwindConnectionString %>"
      SelectCommand="SELECT [CompanyName], [ContactName], [CustomerID] 
        FROM [Customers]">
    </asp:SqlDataSource>
    <!-- Add a filter to the data source control for the     -->
    <!-- DetailsView control to display the details of the   -->
    <!-- store selected in the GridView control.             -->
    <asp:SqlDataSource ID="Details" 
      ConnectionString=
        "<%$ ConnectionStrings:NorthwindConnectionString %>"
      runat="server" 
      SelectCommand="SELECT * FROM [Customers] 
        WHERE ([CustomerID] = @CustomerID)"
      DeleteCommand="DELETE FROM [Customers] 
        WHERE [CustomerID] = @CustomerID"
      InsertCommand="INSERT INTO [Customers] ([CustomerID], 
        [CompanyName], [ContactName], [ContactTitle], [Address], 
        [City], [Region], [PostalCode], [Country], [Phone], [Fax]) 
        VALUES (@CustomerID, @CompanyName, @ContactName, 
        @ContactTitle, @Address, @City, @Region, @PostalCode, 
        @Country, @Phone, @Fax)"
      UpdateCommand="UPDATE [Customers] SET 
        [CompanyName] = @CompanyName, 
        [ContactName] = @ContactName, [ContactTitle] = @ContactTitle, 
        [Address] = @Address, [City] = @City, [Region] = @Region, 
        [PostalCode] = @PostalCode, [Country] = @Country, 
        [Phone] = @Phone, [Fax] = @Fax 
        WHERE [CustomerID] = @CustomerID">
      <SelectParameters>
        <asp:ControlParameter ControlID="CustomersView" 
          Name="CustomerID" PropertyName="SelectedValue"
          Type="String" />
      </SelectParameters>
      <DeleteParameters>
        <asp:Parameter Name="CustomerID" Type="String" />
      </DeleteParameters>
      <UpdateParameters>
        <asp:Parameter Name="CompanyName" Type="String" />
        <asp:Parameter Name="ContactName" Type="String" />
        <asp:Parameter Name="ContactTitle" Type="String" />
        <asp:Parameter Name="Address" Type="String" />
        <asp:Parameter Name="City" Type="String" />
        <asp:Parameter Name="Region" Type="String" />
        <asp:Parameter Name="PostalCode" Type="String" />
        <asp:Parameter Name="Country" Type="String" />
        <asp:Parameter Name="Phone" Type="String" />
        <asp:Parameter Name="Fax" Type="String" />
        <asp:Parameter Name="CustomerID" Type="String" />
      </UpdateParameters>
      <InsertParameters>
        <asp:Parameter Name="CustomerID" Type="String" />
        <asp:Parameter Name="CompanyName" Type="String" />
        <asp:Parameter Name="ContactName" Type="String" />
        <asp:Parameter Name="ContactTitle" Type="String" />
        <asp:Parameter Name="Address" Type="String" />
        <asp:Parameter Name="City" Type="String" />
        <asp:Parameter Name="Region" Type="String" />
        <asp:Parameter Name="PostalCode" Type="String" />
        <asp:Parameter Name="Country" Type="String" />
        <asp:Parameter Name="Phone" Type="String" />
        <asp:Parameter Name="Fax" Type="String" />
      </InsertParameters>
    </asp:SqlDataSource>
  </form>
</body>
</html>

注解

当单击DetailsView控件中的 "更新" 按钮时, 但在更新操作之前引发事件。ItemUpdatingThe ItemUpdating event is raised when an Update button within a DetailsView control is clicked, but before the update operation. 这使您可以提供一个事件处理程序, 以便在此事件发生时执行自定义例程 (如取消更新操作)。This allows you to provide an event handler that performs a custom routine, such as canceling the update operation, whenever this event occurs.

DetailsViewUpdateEventArgs对象传递到事件处理程序, 该处理程序允许您确定要更新的记录的索引, 并指示应取消更新操作。A DetailsViewUpdateEventArgs object is passed to the event handler, which allows you to determine the index of the record being updated and to indicate that the update operation should be canceled. 若要取消更新操作, 请将Cancel属性设置true为。To cancel the update operation, set the Cancel property to true. 如果需要, 还可以KeysOldValues将值NewValues传递给数据源之前操作、和集合。You can also manipulate the Keys, OldValues, and NewValues collections, if necessary, before the values are passed to the data source. 使用这些集合的常见方法是在将用户提供的值存储到数据源之前对这些值进行 HTML 编码。A common way to use these collections is to HTML-encode the values supplied by the user before they are stored in the data source. 这有助于防止脚本注入攻击。This helps to prevent script injection attacks.

有关如何处理事件的详细信息, 请参阅处理和引发事件For more information about how to handle events, see Handling and Raising Events.

适用于

另请参阅