SqlDataSource.SelectParameters SqlDataSource.SelectParameters SqlDataSource.SelectParameters SqlDataSource.SelectParameters Property

定义

从与 SelectCommand 控件相关联的 SqlDataSourceView 对象获取包含 SqlDataSource 属性所使用的参数的参数集合。Gets the parameters collection that contains the parameters that are used by the SelectCommand property from the SqlDataSourceView object that is associated with the SqlDataSource control.

public:
 property System::Web::UI::WebControls::ParameterCollection ^ SelectParameters { System::Web::UI::WebControls::ParameterCollection ^ get(); };
[System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)]
public System.Web.UI.WebControls.ParameterCollection SelectParameters { get; }
member this.SelectParameters : System.Web.UI.WebControls.ParameterCollection
Public ReadOnly Property SelectParameters As ParameterCollection

属性值

ParameterCollection,它包含 SelectCommand 属性所使用的参数。A ParameterCollection that contains the parameters used by the SelectCommand property.

示例

下面的代码示例演示如何通过将SelectCommand属性设置为 SQL 查询, 在 Microsoft SQL Server 中检索 Northwind 数据库中的数据。The following code example demonstrates how to retrieve data from the Northwind database in Microsoft SQL Server by setting the SelectCommand property to an SQL query. SQL 查询已参数化, 并且SelectCommand属性中的占位符与添加到SelectParameters集合ControlParameter中的对象匹配。The SQL query is parameterized and the placeholder in the SelectCommand property is matched to the ControlParameter object that is added to the SelectParameters collection. 绑定到的ControlParameter ListBox控件充当控件中显示的内容的筛选器。 DropDownListThe DropDownList control, which the ControlParameter is bound to, acts as a filter for what is displayed in the ListBox control.

有关可以使用的其他类型参数的信息, 请参阅Parameter类概述。For information about other types of parameters you can use, see the Parameter class overview.

备注

由于参数在 WHERE 子句中使用, 因此, 在代码示例中SelectParameters使用属性的功能等效于FilterExpression使用和FilterParameters属性。Because the parameter is used in a WHERE clause, the use of the SelectParameters property in the code example is functionally equivalent to using the FilterExpression and FilterParameters properties.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <p><asp:dropdownlist
          id="DropDownList1"
          runat="server"
          autopostback="True">
          <asp:listitem selected="True">Sales Representative</asp:listitem>
          <asp:listitem>Sales Manager</asp:listitem>
          <asp:listitem>Vice President, Sales</asp:listitem>
      </asp:dropdownlist></p>

      <asp:sqldatasource
          id="SqlDataSource1"
          runat="server"
          connectionstring="<%$ ConnectionStrings:MyNorthwind%>"
          selectcommand="SELECT LastName FROM Employees WHERE Title = @Title">
          <selectparameters>
              <asp:controlparameter name="Title" controlid="DropDownList1" propertyname="SelectedValue"/>
          </selectparameters>
      </asp:sqldatasource>

      <p><asp:listbox
          id="ListBox1"
          runat="server"
          datasourceid="SqlDataSource1"
          datatextfield="LastName">
      </asp:listbox></p>

    </form>
  </body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <p><asp:dropdownlist
          id="DropDownList1"
          runat="server"
          autopostback="True">
          <asp:listitem selected="True">Sales Representative</asp:listitem>
          <asp:listitem>Sales Manager</asp:listitem>
          <asp:listitem>Vice President, Sales</asp:listitem>
      </asp:dropdownlist></p>

      <asp:sqldatasource
          id="SqlDataSource1"
          runat="server"
          connectionstring="<%$ ConnectionStrings:MyNorthwind%>"
          selectcommand="SELECT LastName FROM Employees WHERE Title = @Title">
          <selectparameters>
              <asp:controlparameter name="Title" controlid="DropDownList1" propertyname="SelectedValue"/>
          </selectparameters>
      </asp:sqldatasource>

      <p><asp:listbox
          id="ListBox1"
          runat="server"
          datasourceid="SqlDataSource1"
          datatextfield="LastName">
      </asp:listbox></p>

    </form>
  </body>
</html>

注解

如果属性包含参数化 sql 查询, 则SelectParameters集合包含与 SQL Parameter字符串中的参数占位符对应的任何对象。 SelectCommandIf the SelectCommand property contains a parameterized SQL query, the SelectParameters collection contains any Parameter objects that correspond to the parameter placeholders in the SQL string.

根据 ADO.NET 提供程序, SelectParameters集合中参数的顺序可能很重要。Depending on the ADO.NET provider, the order of the parameters in the SelectParameters collection might be important. System.Data.OleDbSystem.Data.Odbc提供程序根据参数在参数化 SQL 查询中出现的顺序来关联集合中的参数。The System.Data.OleDb and System.Data.Odbc providers associate the parameters in the collection according to the order that the parameters appear in the parameterized SQL query. 提供程序是SqlDataSource控件的默认 ADO.NET 提供程序, 它通过在 SQL 查询中将参数的名称与占位符别名进行匹配来关联集合中的参数。 System.Data.SqlClientThe System.Data.SqlClient provider, which is the default ADO.NET provider for the SqlDataSource control, associates the parameters in the collection by matching the name of the parameter with a placeholder alias in the SQL query. 有关参数化 SQL 查询和命令的详细信息, 请参阅将参数与 SqlDataSource 控件一起使用For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

SqlDataSourceView属性检索与SqlDataSource控件相关联的对象所包含的属性。SelectParameters SelectParametersThe SelectParameters property retrieves the SelectParameters property that is contained by the SqlDataSourceView object that is associated with the SqlDataSource control.

重要

无需验证即可将值插入到参数中, 这是一个潜在的安全威胁。Values are inserted into parameters without validation, which is a potential security threat. Selecting使用事件在执行查询之前验证参数值。Use the Selecting event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

适用于

另请参阅