SqlDataSource.InsertParameters SqlDataSource.InsertParameters SqlDataSource.InsertParameters SqlDataSource.InsertParameters Property

定义

从与 InsertCommand 控件相关联的 SqlDataSourceView 对象获取包含 SqlDataSource 属性所使用的参数的参数集合。Gets the parameters collection that contains the parameters that are used by the InsertCommand property from the SqlDataSourceView object that is associated with the SqlDataSource control.

public:
 property System::Web::UI::WebControls::ParameterCollection ^ InsertParameters { System::Web::UI::WebControls::ParameterCollection ^ get(); };
[System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)]
public System.Web.UI.WebControls.ParameterCollection InsertParameters { get; }
member this.InsertParameters : System.Web.UI.WebControls.ParameterCollection
Public ReadOnly Property InsertParameters As ParameterCollection

属性值

ParameterCollection,它包含 InsertCommand 属性所使用的参数。A ParameterCollection that contains the parameters used by the InsertCommand property.

示例

下面的代码示例演示如何使用SqlDataSource控件和简单的 Web 窗体页将数据插入到数据库中。The following code example demonstrates how to insert data into a database using the SqlDataSource control and a simple Web Forms page. 数据表中的当前数据显示在DropDownList控件中。The current data in the Data table is displayed in the DropDownList control. 您可以通过在TextBox控件中输入值, 然后单击 "插入" 按钮来添加新记录。You can add new records by entering values in the TextBox controls, and then clicking the Insert button. 单击 "插入" 按钮时, 会将指定的值插入到数据库中, 并DropDownList刷新控件。When the Insert button is clicked, the specified values are inserted into the database, and the DropDownList control is refreshed.

重要

此示例包括一个文本框, 该文本框接受用户输入 (这是一个潜在的安全威胁), 而将值插入到无验证的参数中, 这也是一个潜在的安全威胁。This example includes a text box that accepts user input, which is a potential security threat, and values are inserted into parameters without validation, which is also a potential security threat. Inserting使用事件在执行查询之前验证参数值。Use the Inserting event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

备注

此示例演示如何使用声明性语法进行数据访问。This example shows how to use declarative syntax for data access. 有关如何使用代码而不是标记访问数据的信息, 请参阅在 Visual Studio 中访问数据For information about how to access data by using code instead of markup, see Accessing data in Visual Studio.

<%@Page  Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
private void InsertShipper (object source, EventArgs e) {
  SqlDataSource1.Insert();
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:dropdownlist
        id="DropDownList1"
        runat="server"
        datasourceid="SqlDataSource1"
        datatextfield="CompanyName"
        datavaluefield="ShipperID" />

<!-- Security Note: The SqlDataSource uses a FormParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the FormParameter, handle the Inserting event. -->

      <asp:sqldatasource
        id="SqlDataSource1"
        runat="server"
        connectionstring="<%$ ConnectionStrings:MyNorthwind %>"
        selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
        insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
          <insertparameters>
            <asp:formparameter name="CoName" formfield="CompanyNameBox" />
            <asp:formparameter name="Phone"  formfield="PhoneBox" />
          </insertparameters>
      </asp:sqldatasource>

      <br /><asp:textbox
           id="CompanyNameBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator1"
        runat="server"
        ControlToValidate="CompanyNameBox"
        Display="Static"
        ErrorMessage="Please enter a company name." />

      <br /><asp:textbox
           id="PhoneBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator2"
        runat="server"
        ControlToValidate="PhoneBox"
        Display="Static"
        ErrorMessage="Please enter a phone number." />

      <br /><asp:button
           id="Button1"
           runat="server"
           text="Insert New Shipper"
           onclick="InsertShipper" />

    </form>
  </body>
</html>
<%@Page  Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
Private Sub InsertShipper (ByVal Source As Object, ByVal e As EventArgs)
  SqlDataSource1.Insert()
End Sub ' InsertShipper
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:dropdownlist
        id="DropDownList1"
        runat="server"
        datasourceid="SqlDataSource1"
        datatextfield="CompanyName"
        datavaluefield="ShipperID" />

<!-- Security Note: The SqlDataSource uses a FormParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the FormParameter, handle the Inserting event. -->

      <asp:sqldatasource
        id="SqlDataSource1"
        runat="server"
        connectionstring="<%$ ConnectionStrings:MyNorthwind %>"
        selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
        insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
          <insertparameters>
            <asp:formparameter name="CoName" formfield="CompanyNameBox" />
            <asp:formparameter name="Phone"  formfield="PhoneBox" />
          </insertparameters>
      </asp:sqldatasource>

      <br /><asp:textbox
           id="CompanyNameBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator1"
        runat="server"
        ControlToValidate="CompanyNameBox"
        Display="Static"
        ErrorMessage="Please enter a company name." />

      <br /><asp:textbox
           id="PhoneBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator2"
        runat="server"
        ControlToValidate="PhoneBox"
        Display="Static"
        ErrorMessage="Please enter a phone number." />

      <br /><asp:button
           id="Button1"
           runat="server"
           text="Insert New Shipper"
           onclick="InsertShipper" />

    </form>
  </body>
</html>

注解

SqlDataSourceView属性检索与SqlDataSource控件相关联的对象所包含的属性。InsertParameters InsertParametersThe InsertParameters property retrieves the InsertParameters property that is contained by the SqlDataSourceView object that is associated with the SqlDataSource control.

如果属性包含参数化 sql 查询, 则InsertParameters集合包含与 SQL Parameter字符串中的参数占位符对应的任何对象。 InsertCommandIf the InsertCommand property contains a parameterized SQL query, the InsertParameters collection contains any Parameter objects that correspond to the parameter placeholders in the SQL string.

根据 ADO.NET 提供程序, InsertParameters集合中参数的顺序可能很重要。Depending on the ADO.NET provider, the order of the parameters in the InsertParameters collection might be important. System.Data.OleDbSystem.Data.Odbc提供程序根据参数在参数化 SQL 查询中出现的顺序来关联集合中的参数。The System.Data.OleDb and System.Data.Odbc providers associate the parameters in the collection according to the order that the parameters appear in the parameterized SQL query. 提供程序是SqlDataSource控件的默认 ADO.NET 提供程序, 它通过在 SQL 查询中将参数的名称与占位符别名进行匹配来关联集合中的参数。 System.Data.SqlClientThe System.Data.SqlClient provider, which is the default ADO.NET provider for the SqlDataSource control, associates the parameters in the collection by matching the name of the parameter with a placeholder alias in the SQL query. 有关参数化 SQL 查询和命令的详细信息, 请参阅将参数与 SqlDataSource 控件一起使用For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

重要

无需验证即可将值插入到参数中, 这是一个潜在的安全威胁。Values are inserted into parameters without validation, which is a potential security threat. Filtering使用事件在执行查询之前验证参数值。Use the Filtering event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

适用于

另请参阅