Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

QueryStringParameter Class

Binds the value of an HTTP request query string field to a parameter object.

Namespace: System.Web.UI.WebControls
Assembly: System.Web (in system.web.dll)

public class QueryStringParameter : Parameter
public class QueryStringParameter extends Parameter
public class QueryStringParameter extends Parameter
Not applicable.

You can use the QueryStringParameter class to bind the value of a field passed on an HTTP request query string to a parameter used in a parameterized query or command. The field is retrieved from the QueryString collection. Controls that bind data to the parameter might throw an exception if a QueryStringParameter is specified, but no corresponding query string name/value pair is passed. Similarly, they might display no data if the query string field name is passed with no corresponding value. Set the DefaultValue to avoid these situations where appropriate.

The QueryStringParameter class provides the QueryStringField property, which identifies the name of the query string value to bind to, in addition to those inherited from the Parameter class.

NoteImportant:

The QueryStringParameter does not validate the value passed by the query string in any way; it uses the raw value. In most cases you can validate the value of the QueryStringParameter before it is used by a data source control by handling an event, such as the Selecting, Updating, Inserting, or Deleting event exposed by the data source control you are using. If the value of the parameter does not pass your validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true.

The following code example demonstrates how to declaratively use a QueryStringParameter parameter as a filter when displaying data in a GridView control. You declare and add the QueryStringParameter to the AccessDataSource control's FilterParameters collection, and it binds the value of the query string field "country" to its FilterExpression string. Because no DefaultValue is specified for the parameter, if no field named "country" is passed on the query string, the AccessDataSource throws a NullReferenceException. If a field named "country" is passed but with no corresponding value, the GridView displays no data.

<%@ Page language="C#"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="Form1" method="post" runat="server">

      <!-- Use a Query String with country=USA -->
      <asp:gridview
        id ="GridView1"
        runat="server"
        datasourceid="MyAccessDataSource" />

<!-- Security Note: The AccessDataSource uses a QueryStringParameter,
     Security Note: which does not perform validation of input from the client. -->

      <asp:accessdatasource
        id="MyAccessDataSource"
        runat="server"
        datafile="Northwind.mdb"
        selectcommand="SELECT EmployeeID, LastName, Address, PostalCode, Country FROM Employees"
        filterexpression="Country = '{0}'">
        <filterparameters>
          <asp:querystringparameter name="country" type="String" querystringfield="country" />
        </filterparameters>
      </asp:accessdatasource>
    </form>
  </body>
</html>

<%@ Page language="VJ#"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="Form1" method="post" runat="server">

      <!-- Use a Query String with country=USA -->
      <asp:GridView
        id ="GridView1"
        runat="server"
        DataSourceID="MyAccessDataSource" />

      <asp:AccessDataSource
        id="MyAccessDataSource"
        runat="server"
        DataFile="Northwind.mdb"
        SelectCommand="SELECT EmployeeID, LastName, Address, PostalCode, Country FROM Employees"
        FilterExpression="Country = '@country'">
        <FilterParameters>
          <asp:QueryStringParameter Name="country" Type="String" QueryStringField="country" />
        </FilterParameters>
      </asp:AccessDataSource>
    </form>
  </body>
</html>

The following code example demonstrates how to declaratively use a QueryStringParameter to display data from an Access database using a parameterized SQL query. The AccessDataSource retrieves records that are displayed in a GridView control. The GridView is also editable, providing a user interface that enables users to update the status of orders in the Northwind Traders Orders table when records are selected and a button is clicked.

<%@Page  Language="C#" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.Common" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
private void UpdateRecords(Object source, EventArgs e)
{
  // This method is an example of batch updating using a
  // data source control. The method iterates through the rows
  // of the GridView, extracts each CheckBox from the row and, if
  // the CheckBox is checked, updates data by calling the Update
  // method of the data source control, adding required parameters
  // to the UpdateParameters collection.
  CheckBox cb;
  foreach(GridViewRow row in this.GridView1.Rows) {
    cb = (CheckBox) row.Cells[0].Controls[1];
    if(cb.Checked) {
      string oid = (string) row.Cells[1].Text;
      MyAccessDataSource.UpdateParameters.Add(new Parameter("date",TypeCode.DateTime,DateTime.Now.ToString()));
      MyAccessDataSource.UpdateParameters.Add(new Parameter("orderid",TypeCode.String,oid));
      MyAccessDataSource.Update();
      MyAccessDataSource.UpdateParameters.Clear();
    }
  }
}
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

<!-- Security Note: The SqlDataSource uses a QueryStringParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the QueryStringParameter, handle the Selecting event. -->

      <asp:SqlDataSource
        id="MyAccessDataSource"
        runat="server"
        ProviderName="<%$ ConnectionStrings:MyPasswordProtectedAccess.providerName%>"
        ConnectionString="<%$ ConnectionStrings:MyPasswordProtectedAccess%>"
        SelectCommand="SELECT OrderID, OrderDate, RequiredDate, ShippedDate FROM Orders WHERE EmployeeID=?"
        UpdateCommand="UPDATE Orders SET ShippedDate=? WHERE OrderID = ?">
        <SelectParameters>
          <asp:QueryStringParameter Name="empId" QueryStringField="empId" />
        </SelectParameters>
      </asp:SqlDataSource>

      <asp:GridView
        id ="GridView1"
        runat="server"
        DataSourceID="MyAccessDataSource"
        AllowPaging="True"
        PageSize="10"
        AutoGenerateColumns="False">
          <columns>
            <asp:TemplateField HeaderText="">
              <ItemTemplate>
                <asp:CheckBox runat="server" />
              </ItemTemplate>
            </asp:TemplateField>
            <asp:BoundField HeaderText="Order" DataField="OrderID" />
            <asp:BoundField HeaderText="Order Date" DataField="OrderDate" />
            <asp:BoundField HeaderText="Required Date" DataField="RequiredDate" />
            <asp:BoundField HeaderText="Shipped Date" DataField="ShippedDate" />
          </columns>
      </asp:GridView>

      <asp:Button
        id="Button1"
        runat="server"
        Text="Update the Selected Records As Shipped"
        OnClick="UpdateRecords" />

      <asp:Label id="Label1" runat="server" />

    </form>
  </body>
</html>

<%@Page  Language="VJ#" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.Common" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
    private void UpdateRecords(Object source, System.EventArgs e)
    {
        // This method is an example of batch updating using a
        // data source control. The method iterates through the rows
        // of the GridView, extracts each CheckBox from the row and, if
        // the CheckBox is checked, updates data by calling the Update
        // method of the data source control, adding required parameters
        // to the UpdateParameters collection.
        CheckBox cb;
        for (int iCtr = 0; 
                iCtr < this.GridView1.get_Rows().get_Count(); iCtr++) {
            GridViewRow row = this.GridView1.get_Rows().get_Item(iCtr);
            cb = (CheckBox)row.get_Cells().get_Item(0).get_Controls().get_Item(1);
            if (cb.get_Checked()) {
                String oid = (String)(row.get_Cells().get_Item(1).get_Text());
                MyAccessDataSource.get_UpdateParameters().Add(new Parameter(
                    "date", System.TypeCode.DateTime, System.DateTime.get_Now().ToString()));
                MyAccessDataSource.get_UpdateParameters().Add(new Parameter(
                    "orderid", System.TypeCode.String, oid));
                MyAccessDataSource.Update();
                MyAccessDataSource.get_UpdateParameters().Clear();
            }
        }
    } //UpdateRecords
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">
<!-- Security Note: The SqlDataSource uses a QueryStringParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the QueryStringParameter, handle the Selecting event. -->

      <asp:SqlDataSource
        id="MyAccessDataSource"
        runat="server"
        ProviderName="System.Data.OleDb"
        ConnectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\uncpath\Northwind_PasswordProtected.mdb;Mode=3;Jet OLEDB:Database Password=myPassword;"
        SelectCommand="SELECT OrderID, OrderDate, RequiredDate, ShippedDate FROM Orders WHERE EmployeeID=?"
        UpdateCommand="UPDATE Orders SET ShippedDate=? WHERE OrderID = ?">
        <SelectParameters>
          <asp:QueryStringParameter Name="empId" QueryStringField="empId" />
        </SelectParameters>
      </asp:SqlDataSource>
      <asp:GridView
        id ="GridView1"
        runat="server"
        DataSourceID="MyAccessDataSource"
        AllowPaging="True"
        PageSize="10"
        AutoGenerateColumns="False">
          <Columns>
            <asp:TemplateField HeaderText="">
              <ItemTemplate>
                <asp:CheckBox runat="server" />
              </ItemTemplate>
            </asp:TemplateField>
            <asp:BoundField HeaderText="Order" DataField="OrderID" />
            <asp:BoundField HeaderText="Order Date" DataField="OrderDate" />
            <asp:BoundField HeaderText="Required Date" DataField="RequiredDate" />
            <asp:BoundField HeaderText="Shipped Date" DataField="ShippedDate" />
          </Columns>
      </asp:GridView>

      <asp:Button
        id="Button1"
        runat="server"
        Text="Update the Selected Records As Shipped"
        OnClick="UpdateRecords" />

      <asp:Label id="Label1" runat="server" />

    </form>
  </body>
</html>

System.Object
   System.Web.UI.WebControls.Parameter
    System.Web.UI.WebControls.QueryStringParameter
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.