.NET Framework Class Library
FormParameter Class
Binds the value of an HTTP request Form field to a parameter object.
Inheritance Hierarchy
System.Object
System.Web.UI.WebControls.Parameter
System.Web.UI.WebControls.FormParameter
Namespace: System.Web.UI.WebControls
Assembly: System.Web (in System.Web.dll)
Syntax
Visual Basic
Public Class FormParameter _ Inherits Parameter
C#
public class FormParameter : Parameter
Visual C++
public ref class FormParameter : public Parameter
F#
type FormParameter = class inherit Parameter end
The FormParameter type exposes the following members.
Constructors
| Name | Description | |
|---|---|---|
|
FormParameter() | Initializes a new unnamed instance of the FormParameter class. |
|
FormParameter(FormParameter) | Initializes a new instance of the FormParameter class with the values of the instance specified by the original parameter. |
|
|
FormParameter(String, String) | Initializes a new named instance of the FormParameter class, using the specified string to identify which form variable field to bind to. |
|
|
FormParameter(String, DbType, String) | Initializes a new instance of the FormParameter class, using the specified string to identify which form variable field to bind to. |
|
|
FormParameter(String, TypeCode, String) | Initializes a new named and strongly typed instance of the FormParameter class, using the specified string to identify which form variable to bind to. |
Properties
| Name | Description | |
|---|---|---|
|
ConvertEmptyStringToNull | Gets or sets a value indicating whether the value that the Parameter object is bound to should be converted to null if it is String.Empty. (Inherited from Parameter.) |
|
|
DbType | Gets or sets the database type of the parameter. (Inherited from Parameter.) |
|
|
DefaultValue | Specifies a default value for the parameter, should the value that the parameter is bound to be uninitialized when the Evaluate method is called. (Inherited from Parameter.) |
|
|
Direction | Indicates whether the Parameter object is used to bind a value to a control, or the control can be used to change the value. (Inherited from Parameter.) |
|
|
FormField | Gets or sets the name of the form variable that the parameter binds to. |
|
IsTrackingViewState | Gets a value indicating whether the Parameter object is saving changes to its view state. (Inherited from Parameter.) |
|
|
Name | Gets or sets the name of the parameter. (Inherited from Parameter.) |
|
|
Size | Gets or sets the size of the parameter. (Inherited from Parameter.) |
|
|
Type | Gets or sets the type of the parameter. (Inherited from Parameter.) |
|
|
ViewState | Gets a dictionary of state information that allows you to save and restore the view state of a Parameter object across multiple requests for the same page. (Inherited from Parameter.) |
Methods
| Name | Description | |
|---|---|---|
|
|
Clone | Returns a duplicate of the current FormParameter instance. (Overrides Parameter.Clone().) |
|
|
Equals(Object) | Determines whether the specified Object is equal to the current Object. (Inherited from Object.) |
|
|
Evaluate | Updates and returns the value of the FormParameter object. (Overrides Parameter.Evaluate(HttpContext, Control).) |
|
|
Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
|
|
GetDatabaseType | Gets the DbType value that is equivalent to the CLR type of the current Parameter instance. (Inherited from Parameter.) |
|
|
GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
|
|
GetType | Gets the Type of the current instance. (Inherited from Object.) |
|
|
LoadViewState | Restores the data source view's previously saved view state. (Inherited from Parameter.) |
|
|
MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
|
|
OnParameterChanged | Calls the OnParametersChanged method of the ParameterCollection collection that contains the Parameter object. (Inherited from Parameter.) |
|
|
SaveViewState | Saves the changes to the Parameter object's view state since the time the page was posted back to the server. (Inherited from Parameter.) |
|
|
SetDirty | Marks the Parameter object so its state will be recorded in view state. (Inherited from Parameter.) |
|
|
ToString | Converts the value of this instance to its equivalent string representation. (Inherited from Parameter.) |
|
|
TrackViewState | Causes the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page. (Inherited from Parameter.) |
Explicit Interface Implementations
| Name | Description | |
|---|---|---|
|
ICloneable.Clone | Returns a duplicate of the current Parameter instance. (Inherited from Parameter.) |
|
IStateManager.IsTrackingViewState | Infrastructure. Gets a value indicating whether the Parameter object is saving changes to its view state. (Inherited from Parameter.) |
|
|
IStateManager.LoadViewState | Infrastructure. Restores the data source view's previously saved view state. (Inherited from Parameter.) |
|
|
IStateManager.SaveViewState | Infrastructure. Saves the changes to the Parameter object's view state since the time the page was posted back to the server. (Inherited from Parameter.) |
|
|
IStateManager.TrackViewState | Infrastructure. Causes the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page. (Inherited from Parameter.) |
Remarks
You can use the FormParameter class to bind the value of a form variable in the Form collection to a parameter used in a parameterized query or command. Controls that bind data to the parameter might throw an exception if a FormParameter is specified but no corresponding form variable is passed. They might also display no data if the form variable is passed with no corresponding value. Set the DefaultValue to avoid these situations where appropriate.
The FormParameter class provides the FormField property, which identifies the name of the form variable to bind to, in addition to those inherited from the Parameter class.
Important
|
|---|
|
The FormParameter does not validate the value passed by the form element in any way; it uses the raw value. In most cases you can validate the value of the FormParameter before it is used by a data source control by handling an event, such as the Selecting, Updating, Inserting, or Deleting event exposed by the data source control you are using. If the value of the parameter does not pass your validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true. |
Examples
The following code example demonstrates how to insert data into a database using the SqlDataSource control and a simple ASP.NET Web page. The current data in the data table is displayed in the DropDownList control. You can add new records by entering values in the TextBox controls and clicking the button. When the button is clicked, the specified values are inserted into the database, and the DropDownList is refreshed.
Security Note
|
|---|
|
This example has a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview. |
Visual Basic
<%@Page Language="VB" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> Private Sub InsertShipper (ByVal Source As Object, ByVal e As EventArgs) SqlDataSource1.Insert() End Sub ' InsertShipper </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>ASP.NET Example</title> </head> <body> <form id="form1" runat="server"> <asp:dropdownlist id="DropDownList1" runat="server" datasourceid="SqlDataSource1" datatextfield="CompanyName" datavaluefield="ShipperID" /> <!-- Security Note: The SqlDataSource uses a FormParameter, Security Note: which does not perform validation of input from the client. Security Note: To validate the value of the FormParameter, handle the Inserting event. --> <asp:sqldatasource id="SqlDataSource1" runat="server" connectionstring="<%$ ConnectionStrings:MyNorthwind %>" selectcommand="SELECT CompanyName,ShipperID FROM Shippers" insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)"> <insertparameters> <asp:formparameter name="CoName" formfield="CompanyNameBox" /> <asp:formparameter name="Phone" formfield="PhoneBox" /> </insertparameters> </asp:sqldatasource> <br /><asp:textbox id="CompanyNameBox" runat="server" /> <asp:RequiredFieldValidator id="RequiredFieldValidator1" runat="server" ControlToValidate="CompanyNameBox" Display="Static" ErrorMessage="Please enter a company name." /> <br /><asp:textbox id="PhoneBox" runat="server" /> <asp:RequiredFieldValidator id="RequiredFieldValidator2" runat="server" ControlToValidate="PhoneBox" Display="Static" ErrorMessage="Please enter a phone number." /> <br /><asp:button id="Button1" runat="server" text="Insert New Shipper" onclick="InsertShipper" /> </form> </body> </html>
C#
<%@Page Language="C#" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> private void InsertShipper (object source, EventArgs e) { SqlDataSource1.Insert(); } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>ASP.NET Example</title> </head> <body> <form id="form1" runat="server"> <asp:dropdownlist id="DropDownList1" runat="server" datasourceid="SqlDataSource1" datatextfield="CompanyName" datavaluefield="ShipperID" /> <!-- Security Note: The SqlDataSource uses a FormParameter, Security Note: which does not perform validation of input from the client. Security Note: To validate the value of the FormParameter, handle the Inserting event. --> <asp:sqldatasource id="SqlDataSource1" runat="server" connectionstring="<%$ ConnectionStrings:MyNorthwind %>" selectcommand="SELECT CompanyName,ShipperID FROM Shippers" insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)"> <insertparameters> <asp:formparameter name="CoName" formfield="CompanyNameBox" /> <asp:formparameter name="Phone" formfield="PhoneBox" /> </insertparameters> </asp:sqldatasource> <br /><asp:textbox id="CompanyNameBox" runat="server" /> <asp:RequiredFieldValidator id="RequiredFieldValidator1" runat="server" ControlToValidate="CompanyNameBox" Display="Static" ErrorMessage="Please enter a company name." /> <br /><asp:textbox id="PhoneBox" runat="server" /> <asp:RequiredFieldValidator id="RequiredFieldValidator2" runat="server" ControlToValidate="PhoneBox" Display="Static" ErrorMessage="Please enter a phone number." /> <br /><asp:button id="Button1" runat="server" text="Insert New Shipper" onclick="InsertShipper" /> </form> </body> </html>
Version Information
.NET Framework
Supported in: 4, 3.5, 3.0, 2.0Platforms
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.See Also
Reference
Other Resources
Community Content