SqlDataSource.UpdateCommand SqlDataSource.UpdateCommand SqlDataSource.UpdateCommand SqlDataSource.UpdateCommand Property

定义

获取或设置 SqlDataSource 控件更新基础数据库中的数据所用的 SQL 字符串。Gets or sets the SQL string that the SqlDataSource control uses to update data in the underlying database.

public:
 property System::String ^ UpdateCommand { System::String ^ get(); void set(System::String ^ value); };
public string UpdateCommand { get; set; }
member this.UpdateCommand : string with get, set
Public Property UpdateCommand As String

属性值

SqlDataSource 更新数据所用的 SQL 字符串。An SQL string that the SqlDataSource uses to update data.

示例

本部分包含两个代码示例。This section contains two code examples. 第一个代码示例演示如何使用UpdateCommand GridView控件设置SqlDataSource控件的属性和更新 Microsoft SQL Server 数据库中的数据。The first code example demonstrates how to set the UpdateCommand property of the SqlDataSource control and update data in a Microsoft SQL Server database using the GridView control. 第二个代码示例演示如何使用GridView控件更新 ODBC 数据库中的数据。The second code example demonstrates how to update data in an ODBC database using the GridView control.

下面的代码示例演示如何使用UpdateCommand GridView控件设置SqlDataSource控件的属性和更新 SQL Server 数据库中的数据。The following code example demonstrates how to set the UpdateCommand property of the SqlDataSource control and update data in a SQL Server database using the GridView control. BoundField GridView自动填充集合, 从对象推断参数, 并在选择可编辑的更新Update链接时调用方法。 UpdateParameters GridViewThe GridView automatically populates the UpdateParameters collection, inferring the parameters from the BoundField objects, and calls the Update method when the Update link on the editable GridView is selected. 此示例还包括一些后期处理: 更新记录后, 将发送一封通知电子邮件。This example also includes some post-processing: after a record is updated, a notification email message is sent.

<%@Page  Language="C#" %>
<%@Import Namespace="System.Web.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
 private void OnDSUpdatedHandler(Object source, SqlDataSourceStatusEventArgs e) {
    if (e.AffectedRows > 0) {
        // Perform any additional processing, 
        // such as setting a status label after the operation.
        Label1.Text = Request.LogonUserIdentity.Name +
            " changed user information successfully!";    
    }
    else {
        Label1.Text = "No data updated!";
    }
 }
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:SqlDataSource
          id="SqlDataSource1"
          runat="server"
          DataSourceMode="DataSet"
          ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
          SelectCommand="SELECT EmployeeID,FirstName,LastName,Title FROM Employees"
          UpdateCommand="Update Employees SET FirstName=@FirstName,LastName=@LastName,Title=@Title WHERE EmployeeID=@EmployeeID"
          OnUpdated="OnDSUpdatedHandler">
      </asp:SqlDataSource>

      <asp:GridView
          id="GridView1"
          runat="server"
          AutoGenerateColumns="False"
          DataKeyNames="EmployeeID"
          AutoGenerateEditButton="True"
          DataSourceID="SqlDataSource1">
          <columns>
              <asp:BoundField HeaderText="First Name" DataField="FirstName" />
              <asp:BoundField HeaderText="Last Name" DataField="LastName" />
              <asp:BoundField HeaderText="Title" DataField="Title" />
          </columns>
      </asp:GridView>

      <asp:Label
          id="Label1"
          runat="server">
      </asp:Label>

    </form>
  </body>
</html>
<%@Page  Language="VB" %>
<%@Import Namespace="System.Web.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

 Sub OnDSUpdatedHandler(ByVal source As Object, ByVal e As SqlDataSourceStatusEventArgs)
    If e.AffectedRows > 0 Then
        ' Perform any additional processing, 
        ' such as setting a status label after the operation.        
        Label1.Text = Request.LogonUserIdentity.Name & _
            " changed user information successfully!"
    Else 
        Label1.Text = "No data updated!"
    End If
 End Sub 'OnDSUpdatedHandler
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:SqlDataSource
          id="SqlDataSource1"
          runat="server"
          DataSourceMode="DataSet"
          ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
          SelectCommand="SELECT EmployeeID,FirstName,LastName,Title FROM Employees"
          UpdateCommand="Update Employees SET FirstName=@FirstName,LastName=@LastName,Title=@Title WHERE EmployeeID=@EmployeeID"
          OnUpdated="OnDSUpdatedHandler">
      </asp:SqlDataSource>

      <asp:GridView
          id="GridView1"
          runat="server"
          AutoGenerateColumns="False"
          DataKeyNames="EmployeeID"
          AutoGenerateEditButton="True"
          DataSourceID="SqlDataSource1">
          <columns>
              <asp:BoundField HeaderText="First Name" DataField="FirstName" />
              <asp:BoundField HeaderText="Last Name" DataField="LastName" />
              <asp:BoundField HeaderText="Title" DataField="Title" />
          </columns>
      </asp:GridView>

      <asp:Label
          id="Label1"
          runat="server">
      </asp:Label>

    </form>
  </body>
</html>

下面的代码示例在功能上与前面的代码示例相同, 演示了如何使用GridView控件更新 ODBC 数据库中的数据。The following code example, which is functionally identical to the preceding code example, demonstrates how to update data in an ODBC database using the GridView control. 设置为 odbc 的 ADO.NET 提供程序System.Data.Odbc, 并且ConnectionString属性设置为 odbc 数据源名称 (DSN) 的名称。 ProviderNameThe ProviderName is set to the ADO.NET provider for ODBC, the System.Data.Odbc, and the ConnectionString property is set to the name of an ODBC data source name (DSN).

<%@Page  Language="C#" %>
<%@Import Namespace="System.Web.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

 private void OnDSUpdatedHandler(Object source, SqlDataSourceStatusEventArgs e) {
    if (e.AffectedRows > 0) {
        // Perform any additional processing, such as sending an email notification.
        Label1.Text = Request.LogonUserIdentity.Name +
            " changed user information sucessfully!";
    }
    else {
        Label1.Text = "No data updated!";
    }
 }
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <!-- This example uses a Northwind database that is hosted by an ODBC-compliant
         database. To run this sample, create an ODBC DSN to any database that hosts
         the Northwind database, including Microsoft SQL Server or Microsoft Access,
         change the name of the DSN in the ConnectionString, and view the page.
    -->
    <form id="form1" runat="server">

      <asp:SqlDataSource
          id="SqlDataSource1"
          runat="server"
          ProviderName="System.Data.Odbc"
          DataSourceMode="DataSet"
          ConnectionString="dsn=myodbc3dsn;"
          SelectCommand="SELECT EmployeeID,FirstName,LastName,Title FROM Employees"
          UpdateCommand="Update Employees SET FirstName=?,LastName=?,Title=? WHERE EmployeeID=?"
          OnUpdated="OnDSUpdatedHandler">
      </asp:SqlDataSource>

      <asp:GridView
          id="GridView1"
          runat="server"
          AutoGenerateColumns="False"
          DataKeyNames="EmployeeID"
          AutoGenerateEditButton="True"
          DataSourceID="SqlDataSource1">
          <columns>
              <asp:BoundField HeaderText="First Name" DataField="FirstName" />
              <asp:BoundField HeaderText="Last Name" DataField="LastName" />
              <asp:BoundField HeaderText="Title" DataField="Title" />
          </columns>
      </asp:GridView>

      <asp:Label
          id="Label1"
          runat="server">
      </asp:Label>

    </form>
  </body>
</html>
<%@Page  Language="VB" %>
<%@Import Namespace="System.Web.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

 Sub OnDSUpdatedHandler(ByVal source As Object, ByVal e As SqlDataSourceStatusEventArgs)
    If e.AffectedRows > 0 Then
        ' Perform any additional processing, such as setting a status label.
        Label1.Text = Request.LogonUserIdentity.Name & _
            " changed user information sucessfully!"
    Else
        Label1.Text = "No data updated!"
    End If
 End Sub 'OnDSUpdatedHandler

</script>


<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <!-- This example uses a Northwind database that is hosted by an ODBC-compliant
         database. To run this sample, create an ODBC DSN to any database that hosts
         the Northwind database, including Microsoft SQL Server or Microsoft Access,
         change the name of the DSN in the ConnectionString, and view the page.
    -->
    <form id="form1" runat="server">

      <asp:SqlDataSource
          id="SqlDataSource1"
          runat="server"
          ProviderName="System.Data.Odbc"
          DataSourceMode="DataSet"
          ConnectionString="dsn=myodbc3dsn;"
          SelectCommand="SELECT EmployeeID,FirstName,LastName,Title FROM Employees"
          UpdateCommand="Update Employees SET FirstName=?,LastName=?,Title=? WHERE EmployeeID=?"
          OnUpdated="OnDSUpdatedHandler">
      </asp:SqlDataSource>

      <asp:GridView
          id="GridView1"
          runat="server"
          AutoGenerateColumns="False"
          DataKeyNames="EmployeeID"
          AutoGenerateEditButton="True"
          DataSourceID="SqlDataSource1">
          <columns>
              <asp:BoundField HeaderText="First Name" DataField="FirstName" />
              <asp:BoundField HeaderText="Last Name" DataField="LastName" />
              <asp:BoundField HeaderText="Title" DataField="Title" />
          </columns>
      </asp:GridView>

      <asp:Label
          id="Label1"
          runat="server">
      </asp:Label>

    </form>
  </body>
</html>

注解

表示 SQL 查询或存储过程的名称, Update由方法使用。 UpdateCommandThe UpdateCommand represents an SQL query or the name of a stored procedure, and is used by the Update method.

由于不同的数据库产品使用不同类型的 SQL,因此 SQL 字符串的语法取决于当前正在使用的 ADO.NET 提供程序,该提供程序由 ProviderName 属性标识。Because different database products use different varieties of SQL, the syntax of the SQL string depends on the current ADO.NET provider being used, which is identified by the ProviderName property. 如果 SQL 字符串是一个参数化查询或命令,则参数的占位符还取决于所使用的 ADO.NET 提供程序。If the SQL string is a parameterized query or command, the placeholder of the parameter also depends on the ADO.NET provider being used. 例如, 如果提供程序是System.Data.SqlClient, 它是SqlDataSource类的默认提供程序, 则参数的占位符为'@parameterName'For example, if the provider is the System.Data.SqlClient, which is the default provider for the SqlDataSource class, the placeholder of the parameter is '@parameterName'. 但是, 如果提供程序设置为System.Data.OdbcSystem.Data.OleDb, 则参数的占位符为'?'However, if the provider is set to the System.Data.Odbc or System.Data.OleDb, the placeholder of the parameter is '?'. 有关参数化 SQL 查询和命令的详细信息, 请参阅将参数与 SqlDataSource 控件一起使用For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

如果UpdateCommand数据源支持存储过程, 则属性可以是 SQL 字符串或存储过程的名称。The UpdateCommand property can be an SQL string or the name of a stored procedure, if the data source supports stored procedures.

属性委托SqlDataSourceView UpdateCommand给与SqlDataSource控件相关联的对象的属性。 UpdateCommandThe UpdateCommand property delegates to the UpdateCommand property of the SqlDataSourceView object that is associated with the SqlDataSource control.

重要

出于安全目的, UpdateCommand未存储属性是视图状态。For security purposes, the UpdateCommand property is not stored is view state. 由于可以对客户端上的视图状态的内容进行解码, 因此在视图状态中存储有关数据库结构的敏感信息可能会导致信息泄露漏洞。Because it is possible to decode the contents of view state on the client, storing sensitive information about the database structure in view state could result in an information disclosure vulnerability.

重要

无需验证即可将值插入到参数中, 这是一个潜在的安全威胁。Values are inserted into parameters without validation, which is a potential security threat. Filtering使用事件在执行查询之前验证参数值。Use the Filtering event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

适用于

另请参阅