SqlDataSource.SelectParameters 屬性

定義

取得參數集合,包含與 SelectCommand 控制項相關聯之 SqlDataSourceView 物件 SqlDataSource 屬性所使用的參數。Gets the parameters collection that contains the parameters that are used by the SelectCommand property from the SqlDataSourceView object that is associated with the SqlDataSource control.

public:
 property System::Web::UI::WebControls::ParameterCollection ^ SelectParameters { System::Web::UI::WebControls::ParameterCollection ^ get(); };
[System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)]
public System.Web.UI.WebControls.ParameterCollection SelectParameters { get; }
[<System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)>]
member this.SelectParameters : System.Web.UI.WebControls.ParameterCollection
Public ReadOnly Property SelectParameters As ParameterCollection

屬性值

ParameterCollection

ParameterCollection,包含 SelectCommand 屬性所使用的參數。A ParameterCollection that contains the parameters used by the SelectCommand property.

屬性

範例

下列程式碼範例示範如何藉由將 SelectCommand 屬性設定為 SQL 查詢,從 Microsoft SQL Server 的 Northwind 資料庫中取出資料。The following code example demonstrates how to retrieve data from the Northwind database in Microsoft SQL Server by setting the SelectCommand property to an SQL query. SQL 查詢已參數化,而且屬性中的預留位置 SelectCommand 會與 ControlParameter 加入至集合的物件相符 SelectParametersThe SQL query is parameterized and the placeholder in the SelectCommand property is matched to the ControlParameter object that is added to the SelectParameters collection. 系結 DropDownList 至的控制項 ControlParameter 可作為控制項中所顯示內容的篩選 ListBoxThe DropDownList control, which the ControlParameter is bound to, acts as a filter for what is displayed in the ListBox control.

如需您可以使用之其他類型參數的詳細資訊,請參閱 Parameter 類別總覽。For information about other types of parameters you can use, see the Parameter class overview.

注意

因為參數用於 WHERE 子句中,所以在 SelectParameters 程式碼範例中使用屬性的功能相當於使用 FilterExpressionFilterParameters 屬性。Because the parameter is used in a WHERE clause, the use of the SelectParameters property in the code example is functionally equivalent to using the FilterExpression and FilterParameters properties.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <p><asp:dropdownlist
          id="DropDownList1"
          runat="server"
          autopostback="True">
          <asp:listitem selected="True">Sales Representative</asp:listitem>
          <asp:listitem>Sales Manager</asp:listitem>
          <asp:listitem>Vice President, Sales</asp:listitem>
      </asp:dropdownlist></p>

      <asp:sqldatasource
          id="SqlDataSource1"
          runat="server"
          connectionstring="<%$ ConnectionStrings:MyNorthwind%>"
          selectcommand="SELECT LastName FROM Employees WHERE Title = @Title">
          <selectparameters>
              <asp:controlparameter name="Title" controlid="DropDownList1" propertyname="SelectedValue"/>
          </selectparameters>
      </asp:sqldatasource>

      <p><asp:listbox
          id="ListBox1"
          runat="server"
          datasourceid="SqlDataSource1"
          datatextfield="LastName">
      </asp:listbox></p>

    </form>
  </body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <p><asp:dropdownlist
          id="DropDownList1"
          runat="server"
          autopostback="True">
          <asp:listitem selected="True">Sales Representative</asp:listitem>
          <asp:listitem>Sales Manager</asp:listitem>
          <asp:listitem>Vice President, Sales</asp:listitem>
      </asp:dropdownlist></p>

      <asp:sqldatasource
          id="SqlDataSource1"
          runat="server"
          connectionstring="<%$ ConnectionStrings:MyNorthwind%>"
          selectcommand="SELECT LastName FROM Employees WHERE Title = @Title">
          <selectparameters>
              <asp:controlparameter name="Title" controlid="DropDownList1" propertyname="SelectedValue"/>
          </selectparameters>
      </asp:sqldatasource>

      <p><asp:listbox
          id="ListBox1"
          runat="server"
          datasourceid="SqlDataSource1"
          datatextfield="LastName">
      </asp:listbox></p>

    </form>
  </body>
</html>

備註

如果 SelectCommand 屬性包含參數化 SQL 查詢,則 SelectParameters 集合會包含任何 Parameter 對應到 SQL 字串中參數預留位置的物件。If the SelectCommand property contains a parameterized SQL query, the SelectParameters collection contains any Parameter objects that correspond to the parameter placeholders in the SQL string.

根據 ADO.NET 提供者而定,集合中的參數順序 SelectParameters 可能很重要。Depending on the ADO.NET provider, the order of the parameters in the SelectParameters collection might be important. System.Data.OleDbSystem.Data.Odbc 提供者會根據參數出現在參數化 SQL 查詢中的順序,將集合中的參數產生關聯。The System.Data.OleDb and System.Data.Odbc providers associate the parameters in the collection according to the order that the parameters appear in the parameterized SQL query. System.Data.SqlClient提供者(也就是控制項的預設 ADO.NET 提供者)會將 SqlDataSource 集合中的參數與 SQL 查詢中的預留位置別名比對,藉此建立關聯。The System.Data.SqlClient provider, which is the default ADO.NET provider for the SqlDataSource control, associates the parameters in the collection by matching the name of the parameter with a placeholder alias in the SQL query. 如需參數化 SQL 查詢和命令的詳細資訊,請參閱搭配 SqlDataSource 控制項使用參數For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

屬性會抓取 SelectParameters SelectParameters SqlDataSourceView 與控制項相關聯的物件所包含的屬性 SqlDataSourceThe SelectParameters property retrieves the SelectParameters property that is contained by the SqlDataSourceView object that is associated with the SqlDataSource control.

重要

值會插入至參數,而不需要驗證,這是潛在的安全性威脅。Values are inserted into parameters without validation, which is a potential security threat. Selecting 執行查詢之前,請使用事件來驗證參數值。Use the Selecting event to validate parameter values before executing the query. 如需詳細資訊,請參閱 Script Exploits Overview (指令碼攻擊概觀)。For more information, see Script Exploits Overview.

適用於

另請參閱