SqlDataSource.Insert SqlDataSource.Insert SqlDataSource.Insert SqlDataSource.Insert Method

定义

使用 InsertCommand SQL 字符串和 InsertParameters 集合中的所有参数执行插入操作。Performs an insert operation using the InsertCommand SQL string and any parameters that are in the InsertParameters collection.

public:
 int Insert();
public int Insert ();
member this.Insert : unit -> int
Public Function Insert () As Integer

返回

一个值,该值表示插入到基础数据库中的行数。A value that represents the number of rows inserted into the underlying database.

异常

SqlDataSource 无法与基础数据源建立连接。The SqlDataSource cannot establish a connection with the underlying data source.

示例

下面的代码示例演示如何使用SqlDataSource控件和简单的 Web 窗体页将数据插入到数据库中。The following code example demonstrates how to insert data into a database using the SqlDataSource control and a simple Web Forms page. 数据表中的当前数据显示在DropDownList控件中。The current data in the Data table is displayed in the DropDownList control. 您可以通过在TextBox控件中输入值, 然后单击 "插入" 按钮来添加新记录。You can add new records by entering values in the TextBox controls, and then clicking the Insert button. 单击 "插入" 按钮时, 会将指定的值插入到数据库中, 然后DropDownList刷新。When the Insert button is clicked, the specified values are inserted into the database, and then the DropDownList is refreshed.

重要

此示例包括一个接受用户输入的文本框, 这是一个潜在的安全威胁, 并且无需验证即可将值插入到参数中, 这也是潜在的安全威胁。This example includes a text box that accepts user input, which is a potential security threat and values are inserted into parameters without validation, which is also a potential security threat. Inserting使用事件在执行查询之前验证参数值。Use the Inserting event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

备注

此示例演示如何使用声明性语法进行数据访问。This example shows how to use declarative syntax for data access. 有关如何使用代码而不是标记访问数据的信息, 请参阅在 Visual Studio 中访问数据For information about how to access data by using code instead of markup, see Accessing data in Visual Studio.

<%@Page  Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
private void InsertShipper (object source, EventArgs e) {
  SqlDataSource1.Insert();
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:dropdownlist
        id="DropDownList1"
        runat="server"
        datasourceid="SqlDataSource1"
        datatextfield="CompanyName"
        datavaluefield="ShipperID" />

<!-- Security Note: The SqlDataSource uses a FormParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the FormParameter, handle the Inserting event. -->

      <asp:sqldatasource
        id="SqlDataSource1"
        runat="server"
        connectionstring="<%$ ConnectionStrings:MyNorthwind %>"
        selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
        insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
          <insertparameters>
            <asp:formparameter name="CoName" formfield="CompanyNameBox" />
            <asp:formparameter name="Phone"  formfield="PhoneBox" />
          </insertparameters>
      </asp:sqldatasource>

      <br /><asp:textbox
           id="CompanyNameBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator1"
        runat="server"
        ControlToValidate="CompanyNameBox"
        Display="Static"
        ErrorMessage="Please enter a company name." />

      <br /><asp:textbox
           id="PhoneBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator2"
        runat="server"
        ControlToValidate="PhoneBox"
        Display="Static"
        ErrorMessage="Please enter a phone number." />

      <br /><asp:button
           id="Button1"
           runat="server"
           text="Insert New Shipper"
           onclick="InsertShipper" />

    </form>
  </body>
</html>
<%@Page  Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
Private Sub InsertShipper (ByVal Source As Object, ByVal e As EventArgs)
  SqlDataSource1.Insert()
End Sub ' InsertShipper
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:dropdownlist
        id="DropDownList1"
        runat="server"
        datasourceid="SqlDataSource1"
        datatextfield="CompanyName"
        datavaluefield="ShipperID" />

<!-- Security Note: The SqlDataSource uses a FormParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the FormParameter, handle the Inserting event. -->

      <asp:sqldatasource
        id="SqlDataSource1"
        runat="server"
        connectionstring="<%$ ConnectionStrings:MyNorthwind %>"
        selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
        insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
          <insertparameters>
            <asp:formparameter name="CoName" formfield="CompanyNameBox" />
            <asp:formparameter name="Phone"  formfield="PhoneBox" />
          </insertparameters>
      </asp:sqldatasource>

      <br /><asp:textbox
           id="CompanyNameBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator1"
        runat="server"
        ControlToValidate="CompanyNameBox"
        Display="Static"
        ErrorMessage="Please enter a company name." />

      <br /><asp:textbox
           id="PhoneBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator2"
        runat="server"
        ControlToValidate="PhoneBox"
        Display="Static"
        ErrorMessage="Please enter a phone number." />

      <br /><asp:button
           id="Button1"
           runat="server"
           text="Insert New Shipper"
           onclick="InsertShipper" />

    </form>
  </body>
</html>

注解

在执行插入操作之前, OnInserting将调用方法来Inserting引发事件。Before the insert operation is performed, the OnInserting method is called to raise the Inserting event. 可以处理此事件以检查参数的值并在Insert操作之前执行任何预处理。You can handle this event to examine the values of the parameters and to perform any preprocessing before the Insert operation. 若要执行插入操作, 对象SqlDataSourceView将使用InsertCommand文本DbCommandDbCommand任何关联InsertParameters的属性生成对象, 然后对基础数据库执行对象。To perform an insert operation, the SqlDataSourceView object builds an DbCommand object using the InsertCommand text and any associated InsertParameters properties, and then executes the DbCommand object against the underlying database.

操作完成后, OnInserted调用方法来Inserted引发事件。After the operation completes, the OnInserted method is called to raise the Inserted event. 可以处理此事件以检查任何返回值和错误代码, 并执行任何后续处理。You can handle this event to examine any return values and error codes and to perform any post-processing.

提供方法以编程方式访问Insert方法。 InsertThe Insert method is provided for programmatic access to the Insert method. 如果控件与数据绑定控件关联, 则数据绑定控件会自动Insert调用方法。 SqlDataSourceIf the SqlDataSource control is associated with a data-bound control, the data-bound control automatically calls the Insert method.

方法委托SqlDataSourceView Insert给与SqlDataSource控件相关联的对象的方法。 InsertThe Insert method delegates to the Insert method of the SqlDataSourceView object that is associated with the SqlDataSource control.

重要

无需验证即可将值插入到参数中, 这是一个潜在的安全威胁。Values are inserted into parameters without validation, which is a potential security threat. Filtering使用事件在执行查询之前验证参数值。Use the Filtering event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

适用于

另请参阅