SqlDataSource.SelectCommand SqlDataSource.SelectCommand SqlDataSource.SelectCommand SqlDataSource.SelectCommand Property

定义

获取或设置 SqlDataSource 控件从基础数据库检索数据所用的 SQL 字符串。Gets or sets the SQL string that the SqlDataSource control uses to retrieve data from the underlying database.

public:
 property System::String ^ SelectCommand { System::String ^ get(); void set(System::String ^ value); };
public string SelectCommand { get; set; }
member this.SelectCommand : string with get, set
Public Property SelectCommand As String

属性值

一个 SQL 字符串或存储过程的名称,SqlDataSource 使用它检索数据。An SQL string or the name of a stored procedure that the SqlDataSource uses to retrieve data.

示例

本部分包含两个代码示例。This section contains two code examples. 第一个代码示例演示如何将SelectCommand文本设置为基本的 SQL 查询, 以从与 ODBC 兼容的数据库GridView中检索数据并在控件中显示数据。The first code example demonstrates how to set the SelectCommand text to a basic SQL query to retrieve data from an ODBC-compliant database and display it in a GridView control. 第二个代码示例演示如何SelectCommand将文本设置为存储过程的名称SelectCommandType , 并将属性设置为StoredProcedure值, 以便从 Microsoft SQL Server 数据库中检索数据并在DropDownList控件中显示数据。The second code example demonstrates how to set the SelectCommand text to the name of a stored procedure and the SelectCommandType property to the StoredProcedure value to retrieve data from a Microsoft SQL Server database and display it in a DropDownList control.

在这两个示例中, 无需显式调用Select方法, 因为DataSourceID通过Select属性附加到数据源控件的数据绑定控件将在PreRender阶段。In both examples, there is no need to explicitly call the Select method because the data-bound controls that are attached to the data source control through the DataSourceID property will automatically call the Select method during the PreRender phase.

下面的代码示例演示如何将SelectCommand文本设置为基本的 SQL 查询, 以从与 ODBC 兼容的数据库GridView中检索数据并在控件中显示数据。The following code example demonstrates how to set the SelectCommand text to a basic SQL query to retrieve data from an ODBC-compliant database and display it in a GridView control.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <!-- This example uses a Northwind database that is hosted by an ODBC-compliant
         database. To run this sample, create an ODBC DSN to any database that hosts
         the Northwind database, including Microsoft SQL Server or Microsoft Access,
         change the name of the DSN in the ConnectionString, and view the page.
    -->

    <form id="form1" runat="server">

      <asp:SqlDataSource
          id="SqlDataSource1"
          runat="server"
          ProviderName="System.Data.Odbc"
          DataSourceMode="DataSet"
          ConnectionString="dsn=myodbc3dsn;"
          SelectCommand="SELECT FirstName, LastName, Title FROM Employees">
      </asp:SqlDataSource>

      <asp:GridView
          id="GridView1"
          runat="server"
          AllowSorting="True"
          DataSourceID="SqlDataSource1">
      </asp:GridView>

    </form>
  </body>
</html>
<%@Page  Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <!-- This example uses a Northwind database that is hosted by an ODBC-compliant
         database. To run this sample, create an ODBC DSN to any database that hosts
         the Northwind database, including Microsoft SQL Server or Microsoft Access,
         change the name of the DSN in the ConnectionString, and view the page.
    -->
    <form id="form1" runat="server">

      <asp:SqlDataSource
          id="SqlDataSource1"
          runat="server"
          ProviderName="System.Data.Odbc"
          DataSourceMode="DataSet"
          ConnectionString="dsn=myodbc3dsn;"
          SelectCommand="SELECT FirstName, LastName, Title FROM Employees">
      </asp:SqlDataSource>

      <asp:GridView
          id="GridView1"
          runat="server"
          AllowSorting="True"
          DataSourceID="SqlDataSource1">
      </asp:GridView>

    </form>
  </body>
</html>

下面的代码示例演示如何SelectCommand将文本设置为存储过程的名称SelectCommandType , 并将属性设置为StoredProcedure值, 以便从 SQL Server 数据库中检索数据并将其显示在DropDownList控件中。The following code example demonstrates how to set the SelectCommand text to the name of a stored procedure and the SelectCommandType property to the StoredProcedure value to retrieve data from a SQL Server database and display it in a DropDownList control. 如果SelectCommand数据源支持存储过程, 则该属性可以是 SQL 查询或存储过程的名称。The SelectCommand property can be an SQL query or the name of a stored procedure, if the data source supports stored procedures.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
        <form id="form1" runat="server">

            <asp:DropDownList
                id="DropDownList1"
                runat="server"
                DataTextField="LastName"
                DataSourceID="SqlDataSource1" />

            <asp:SqlDataSource
                id="SqlDataSource1"
                runat="server"
                ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
                SelectCommandType="StoredProcedure"                
                SelectCommand="sp_lastnames">
            </asp:SqlDataSource>

            <!--
                The sp_lastnames stored procedure is
                CREATE PROCEDURE sp_lastnames AS
                   SELECT LastName FROM Employees
                GO
            -->

        </form>
    </body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
        <form id="form1" runat="server">

            <asp:DropDownList
                id="DropDownList1"
                runat="server"
                DataTextField="LastName"
                DataSourceID="SqlDataSource1" />

            <asp:SqlDataSource
                id="SqlDataSource1"
                runat="server"
                ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
                SelectCommandType = "StoredProcedure"
                SelectCommand="sp_lastnames">
            </asp:SqlDataSource>

            <!--
                The sp_lastnames stored procedure is
                CREATE PROCEDURE sp_lastnames AS
                   SELECT LastName FROM Employees
                GO
            -->

        </form>
    </body>
</html>

注解

属性表示 SQL 查询或存储过程的名称, Select方法使用它来检索 SQL Server 数据库中的数据。 SelectCommandThe SelectCommand property represents an SQL query or the name of a stored procedure, and is used by the Select method to retrieve data from a SQL Server database. 如果使用 Select 命令中的星号 (*) 来选择所有列, 并且如果使用自动代码生成来执行更新或删除操作, 请确保名称中没有列包含空格。If you use an asterisk (*) in the Select command to select all columns, and if you use automatic code generation to perform update or delete operations, make sure that no columns have spaces in their names.

由于不同的数据库产品使用不同类型的 SQL,因此 SQL 字符串的语法取决于当前正在使用的 ADO.NET 提供程序,该提供程序由 ProviderName 属性标识。Because different database products use different varieties of SQL, the syntax of the SQL string depends on the current ADO.NET provider being used, which is identified by the ProviderName property. 如果 SQL 字符串是一个参数化查询或命令,则参数的占位符还取决于所使用的 ADO.NET 提供程序。If the SQL string is a parameterized query or command, the placeholder of the parameter also depends on the ADO.NET provider being used. 例如, 如果提供程序是System.Data.SqlClient, 它是SqlDataSource类的默认提供程序, 则参数的占位符为'@parameterName'For example, if the provider is the System.Data.SqlClient, which is the default provider for the SqlDataSource class, the placeholder of the parameter is '@parameterName'. 但是, 如果提供程序设置为System.Data.OdbcSystem.Data.OleDb, 则参数的占位符为'?'However, if the provider is set to the System.Data.Odbc or System.Data.OleDb, the placeholder of the parameter is '?'. 有关参数化 SQL 查询和命令的详细信息, 请参阅将参数与 SqlDataSource 控件一起使用For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

如果SelectCommand数据源支持存储过程, 则属性可以是 SQL 字符串或存储过程的名称。The SelectCommand property can be an SQL string or the name of a stored procedure, if the data source supports stored procedures.

属性委托SqlDataSourceView SelectCommand给与SqlDataSource控件相关联的对象的属性。 SelectCommandThe SelectCommand property delegates to the SelectCommand property of the SqlDataSourceView object that is associated with the SqlDataSource control.

重要

出于安全目的, SelectCommand未存储属性是视图状态。For security purposes, the SelectCommand property is not stored is view state. 由于可以对客户端上的视图状态的内容进行解码, 因此在视图状态中存储有关数据库结构的敏感信息可能会导致信息泄露漏洞。Because it is possible to decode the contents of view state on the client, storing sensitive information about the database structure in view state could result in an information disclosure vulnerability.

重要

无需验证即可将值插入到参数中, 这是一个潜在的安全威胁。Values are inserted into parameters without validation, which is a potential security threat. Filtering使用事件在执行查询之前验证参数值。Use the Filtering event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

适用于

另请参阅