SqlDataSource.UpdateParameters 属性
定义
从与 UpdateCommand 控件相关联的 SqlDataSourceView 控件获取包含 SqlDataSource 属性所使用的参数的参数集合。Gets the parameters collection that contains the parameters that are used by the UpdateCommand property from the SqlDataSourceView control that is associated with the SqlDataSource control.
public:
property System::Web::UI::WebControls::ParameterCollection ^ UpdateParameters { System::Web::UI::WebControls::ParameterCollection ^ get(); };
[System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)]
public System.Web.UI.WebControls.ParameterCollection UpdateParameters { get; }
[<System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)>]
member this.UpdateParameters : System.Web.UI.WebControls.ParameterCollection
Public ReadOnly Property UpdateParameters As ParameterCollection
属性值
ParameterCollection,它包含 UpdateCommand 属性所使用的参数。A ParameterCollection that contains the parameters used by the UpdateCommand property.
- 属性
示例
下面的代码示例演示如何使用 SqlDataSource 控件在控件中显示数据 DropDownList ,并在单击 " 提交 " 按钮时更新数据。The following code example demonstrates how to use a SqlDataSource control to display data in a DropDownList control and update data when the Submit button is clicked. UpdateCommand使用参数化 SQL 语句设置,并将两个 ControlParameter 参数添加到 UpdateParameters 集合中。The UpdateCommand is set with a parameterized SQL statement and two ControlParameter parameters are added to the UpdateParameters collection. 单击 " 提交 " 按钮时,将 OnClick 处理该事件以显式调用 Update 方法。When the Submit button is clicked, the OnClick event is handled to call the Update method explicitly.
重要
此示例包括一个文本框,该文本框接受用户输入(这是一个潜在的安全威胁),而将值插入到无验证的参数中,这也是一个潜在的安全威胁。This example includes a text box that accepts user input, which is a potential security threat, and values are inserted into parameters without validation, which is also a potential security threat. 使用 Inserting 事件在执行查询之前验证参数值。Use the Inserting event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述。For more information, see Script Exploits Overview.
<%@Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private void On_Click(Object source, EventArgs e) {
try {
SqlDataSource1.Update();
}
catch (Exception except) {
// Handle the Exception.
}
Label2.Text="The record was updated successfully!";
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="form1" runat="server">
<asp:SqlDataSource
id="SqlDataSource1"
runat="server"
ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
SelectCommand="SELECT EmployeeID, LastName, Address FROM Employees"
UpdateCommand="UPDATE Employees SET Address=@Address WHERE EmployeeID=@EmployeeID">
<UpdateParameters>
<asp:ControlParameter Name="Address" ControlId="TextBox1" PropertyName="Text"/>
<asp:ControlParameter Name="EmployeeID" ControlId="DropDownList1" PropertyName="SelectedValue"/>
</UpdateParameters>
</asp:SqlDataSource>
<asp:DropDownList
id="DropDownList1"
runat="server"
DataTextField="LastName"
DataValueField="EmployeeID"
DataSourceID="SqlDataSource1">
</asp:DropDownList>
<br />
<asp:Label id="Label1" runat="server" Text="Enter a new address for the selected user."
AssociatedControlID="TextBox1" />
<asp:TextBox id="TextBox1" runat="server" />
<asp:Button id="Submit" runat="server" Text="Submit" OnClick="On_Click" />
<br /><asp:Label id="Label2" runat="server" Text="" />
</form>
</body>
</html>
<%@Page Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Sub On_Click(ByVal source As Object, ByVal e As EventArgs)
Try
SqlDataSource1.Update()
Catch except As Exception
' Handle the Exception.
End Try
Label2.Text="The record was updated successfully!"
End Sub 'On_Click
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="form1" runat="server">
<asp:SqlDataSource
id="SqlDataSource1"
runat="server"
ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
SelectCommand="SELECT EmployeeID, LastName, Address FROM Employees"
UpdateCommand="UPDATE Employees SET Address=@Address WHERE EmployeeID=@EmployeeID">
<UpdateParameters>
<asp:ControlParameter Name="Address" ControlId="TextBox1" PropertyName="Text"/>
<asp:ControlParameter Name="EmployeeID" ControlId="DropDownList1" PropertyName="SelectedValue"/>
</UpdateParameters>
</asp:SqlDataSource>
<asp:DropDownList
id="DropDownList1"
runat="server"
DataTextField="LastName"
DataValueField="EmployeeID"
DataSourceID="SqlDataSource1">
</asp:DropDownList>
<br />
<asp:Label id="Label1" runat="server" Text="Enter a new address for the selected user."
AssociatedControlID="TextBox1" />
<asp:TextBox id="TextBox1" runat="server" />
<asp:Button id="Submit" runat="server" Text="Submit" OnClick="On_Click" />
<br /><asp:Label id="Label2" runat="server" Text="" />
</form>
</body>
</html>
注解
如果 UpdateCommand 属性包含参数化 sql 查询,则 UpdateParameters 集合包含与 Parameter SQL 字符串中的参数占位符对应的任何对象。If the UpdateCommand property contains a parameterized SQL query, the UpdateParameters collection contains any Parameter objects that correspond to the parameter placeholders in the SQL string.
参数名称可能会受属性的影响 OldValuesParameterFormatString ,尤其是在名称标识主键(如使用数据绑定控件的属性指定的键)时, DataKeyNames 或在将 ConflictDetection 属性设置为 CompareAllValues 值并且将一组传递给相应的数据方法的 "删除和更新" 方案中 oldValues 。Parameter names might be affected by the OldValuesParameterFormatString property, specifically if the name identifies a primary key, such as a key specified using the DataKeyNames property of the data-bound control, or in delete and update scenarios where the ConflictDetection property is set to the CompareAllValues value and a set of oldValues are passed to the corresponding data method. 在这种情况下,格式字符串将应用于集合中的每个参数名称 oldValues 。In this case, the format string is applied to each parameter name in the oldValues collection.
集合中参数的顺序可能很 UpdateParameters 重要,具体取决于 ADO.NET 提供程序。The order of the parameters in the UpdateParameters collection might be important, depending on the ADO.NET provider. System.Data.OleDb和 System.Data.Odbc 提供程序根据参数在参数化 SQL 查询中出现的顺序来关联集合中的参数。The System.Data.OleDb and System.Data.Odbc providers associate the parameters in the collection according to the order that the parameters appear in the parameterized SQL query. System.Data.SqlClient提供程序是控件的默认 ADO.NET 提供程序,它 SqlDataSource 通过在 SQL 查询中将参数的名称与占位符别名进行匹配来关联集合中的参数。The System.Data.SqlClient provider, which is the default ADO.NET provider for the SqlDataSource control, associates the parameters in the collection by matching the name of the parameter with a placeholder alias in the SQL query. 有关参数化 SQL 查询和命令的详细信息,请参阅 将参数与 SqlDataSource 控件一起使用。For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.
UpdateParameters属性检索 UpdateParameters SqlDataSourceView 与控件相关联的对象所包含的属性 SqlDataSource 。The UpdateParameters property retrieves the UpdateParameters property that is contained by the SqlDataSourceView object that is associated with the SqlDataSource control.
重要
无需验证即可将值插入到参数中,这是一个潜在的安全威胁。Values are inserted into parameters without validation, which is a potential security threat. 使用 Filtering 事件在执行查询之前验证参数值。Use the Filtering event to validate parameter values before executing the query. 有关详细信息,请参阅脚本侵入概述。For more information, see Script Exploits Overview.