SqlDataSource.UpdateParameters SqlDataSource.UpdateParameters SqlDataSource.UpdateParameters SqlDataSource.UpdateParameters Property

定义

从与 UpdateCommand 控件相关联的 SqlDataSourceView 控件获取包含 SqlDataSource 属性所使用的参数的参数集合。Gets the parameters collection that contains the parameters that are used by the UpdateCommand property from the SqlDataSourceView control that is associated with the SqlDataSource control.

public:
 property System::Web::UI::WebControls::ParameterCollection ^ UpdateParameters { System::Web::UI::WebControls::ParameterCollection ^ get(); };
[System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)]
public System.Web.UI.WebControls.ParameterCollection UpdateParameters { get; }
member this.UpdateParameters : System.Web.UI.WebControls.ParameterCollection
Public ReadOnly Property UpdateParameters As ParameterCollection

属性值

ParameterCollection,它包含 UpdateCommand 属性所使用的参数。A ParameterCollection that contains the parameters used by the UpdateCommand property.

示例

下面的代码示例演示如何使用SqlDataSource控件DropDownList在控件中显示数据, 并在单击 "提交" 按钮时更新数据。The following code example demonstrates how to use a SqlDataSource control to display data in a DropDownList control and update data when the Submit button is clicked. 使用参数化 SQL 语句设置, 并将两ControlParameterUpdateParameters参数添加到集合中。 UpdateCommandThe UpdateCommand is set with a parameterized SQL statement and two ControlParameter parameters are added to the UpdateParameters collection. 单击 "提交" 按钮时, 将OnClick Update处理该事件以显式调用方法。When the Submit button is clicked, the OnClick event is handled to call the Update method explicitly.

重要

此示例包括一个文本框, 该文本框接受用户输入 (这是一个潜在的安全威胁), 而将值插入到无验证的参数中, 这也是一个潜在的安全威胁。This example includes a text box that accepts user input, which is a potential security threat, and values are inserted into parameters without validation, which is also a potential security threat. Inserting使用事件在执行查询之前验证参数值。Use the Inserting event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

<%@Page  Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
 private void On_Click(Object source, EventArgs e) {
    try {
        SqlDataSource1.Update();
    }
    catch (Exception except) {
        // Handle the Exception.
    }

    Label2.Text="The record was updated successfully!";
 }
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">
      <asp:SqlDataSource
          id="SqlDataSource1"
          runat="server"
          ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
          SelectCommand="SELECT EmployeeID, LastName, Address FROM Employees"
          UpdateCommand="UPDATE Employees SET Address=@Address WHERE EmployeeID=@EmployeeID">
          <UpdateParameters>
              <asp:ControlParameter Name="Address" ControlId="TextBox1" PropertyName="Text"/>
              <asp:ControlParameter Name="EmployeeID" ControlId="DropDownList1" PropertyName="SelectedValue"/>
          </UpdateParameters>
      </asp:SqlDataSource>

      <asp:DropDownList
          id="DropDownList1"
          runat="server"
          DataTextField="LastName"
          DataValueField="EmployeeID"
          DataSourceID="SqlDataSource1">
      </asp:DropDownList>

      <br />
      <asp:Label id="Label1" runat="server" Text="Enter a new address for the selected user."
        AssociatedControlID="TextBox1" />
      <asp:TextBox id="TextBox1" runat="server" />
      <asp:Button id="Submit" runat="server" Text="Submit" OnClick="On_Click" />

      <br /><asp:Label id="Label2" runat="server" Text="" />

    </form>
  </body>
</html>
<%@Page  Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

 Sub On_Click(ByVal source As Object, ByVal e As EventArgs)
    Try
        SqlDataSource1.Update()
    Catch except As Exception
        ' Handle the Exception.
    End Try

    Label2.Text="The record was updated successfully!"

 End Sub 'On_Click
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">
      <asp:SqlDataSource
          id="SqlDataSource1"
          runat="server"
          ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
          SelectCommand="SELECT EmployeeID, LastName, Address FROM Employees"
          UpdateCommand="UPDATE Employees SET Address=@Address WHERE EmployeeID=@EmployeeID">
          <UpdateParameters>
              <asp:ControlParameter Name="Address" ControlId="TextBox1" PropertyName="Text"/>
              <asp:ControlParameter Name="EmployeeID" ControlId="DropDownList1" PropertyName="SelectedValue"/>
          </UpdateParameters>
      </asp:SqlDataSource>

      <asp:DropDownList
          id="DropDownList1"
          runat="server"
          DataTextField="LastName"
          DataValueField="EmployeeID"
          DataSourceID="SqlDataSource1">
      </asp:DropDownList>

      <br />
      <asp:Label id="Label1" runat="server" Text="Enter a new address for the selected user."
        AssociatedControlID="TextBox1" />
      <asp:TextBox id="TextBox1" runat="server" />
      <asp:Button id="Submit" runat="server" Text="Submit" OnClick="On_Click" />

      <br /><asp:Label id="Label2" runat="server" Text="" />
    </form>
  </body>
</html>

注解

如果属性包含参数化 sql 查询, 则UpdateParameters集合包含与 SQL Parameter字符串中的参数占位符对应的任何对象。 UpdateCommandIf the UpdateCommand property contains a parameterized SQL query, the UpdateParameters collection contains any Parameter objects that correspond to the parameter placeholders in the SQL string.

参数名称可能会受OldValuesParameterFormatString属性的影响, 尤其是在名称标识主键 (如DataKeyNames使用数据绑定控件的属性指定的键, 或在ConflictDetection将属性设置为CompareAllValues值, 并将一oldValues组传递给相应的数据方法。Parameter names might be affected by the OldValuesParameterFormatString property, specifically if the name identifies a primary key, such as a key specified using the DataKeyNames property of the data-bound control, or in delete and update scenarios where the ConflictDetection property is set to the CompareAllValues value and a set of oldValues are passed to the corresponding data method. 在这种情况下, 格式字符串将应用于oldValues集合中的每个参数名称。In this case, the format string is applied to each parameter name in the oldValues collection.

UpdateParameters集合中参数的顺序可能很重要, 具体取决于 ADO.NET 提供程序。The order of the parameters in the UpdateParameters collection might be important, depending on the ADO.NET provider. System.Data.OleDbSystem.Data.Odbc提供程序根据参数在参数化 SQL 查询中出现的顺序来关联集合中的参数。The System.Data.OleDb and System.Data.Odbc providers associate the parameters in the collection according to the order that the parameters appear in the parameterized SQL query. 提供程序是SqlDataSource控件的默认 ADO.NET 提供程序, 它通过在 SQL 查询中将参数的名称与占位符别名进行匹配来关联集合中的参数。 System.Data.SqlClientThe System.Data.SqlClient provider, which is the default ADO.NET provider for the SqlDataSource control, associates the parameters in the collection by matching the name of the parameter with a placeholder alias in the SQL query. 有关参数化 SQL 查询和命令的详细信息, 请参阅将参数与 SqlDataSource 控件一起使用For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

SqlDataSourceView属性检索与SqlDataSource控件相关联的对象所包含的属性。UpdateParameters UpdateParametersThe UpdateParameters property retrieves the UpdateParameters property that is contained by the SqlDataSourceView object that is associated with the SqlDataSource control.

重要

无需验证即可将值插入到参数中, 这是一个潜在的安全威胁。Values are inserted into parameters without validation, which is a potential security threat. Filtering使用事件在执行查询之前验证参数值。Use the Filtering event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述For more information, see Script Exploits Overview.

适用于

另请参阅