ParameterCollection Class (System.Web.UI.WebControls)

Switch View

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework Class Library

ParameterCollection Class

Represents a collection of Parameter and Parameter-derived objects that are used by data source controls in advanced data-binding scenarios.

Namespace: System.Web.UI.WebControls
Assembly: System.Web (in System.Web.dll)

Syntax

Visual Basic (Declaration)

<AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level := AspNetHostingPermissionLevel.Minimal)> _
<AspNetHostingPermissionAttribute(SecurityAction.InheritanceDemand, Level := AspNetHostingPermissionLevel.Minimal)> _
Public Class ParameterCollection _
    Inherits StateManagedCollection

Visual Basic (Usage)

Dim instance As ParameterCollection

[AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
[AspNetHostingPermissionAttribute(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public class ParameterCollection : StateManagedCollection

Visual C++

[AspNetHostingPermissionAttribute(SecurityAction::LinkDemand, Level = AspNetHostingPermissionLevel::Minimal)]
[AspNetHostingPermissionAttribute(SecurityAction::InheritanceDemand, Level = AspNetHostingPermissionLevel::Minimal)]
public ref class ParameterCollection : public StateManagedCollection

JScript

public class ParameterCollection extends StateManagedCollection

Remarks

The ParameterCollection class represents a collection of Parameter objects used in advanced data-binding scenarios with data source controls. The Parameter objects are used to bind the values contained by local Page variables, HTTP cookies, session variables, and other controls' values to data source controls when retrieving, updating, deleting, and inserting data.

Use the ParameterCollection class to programmatically manage a set of Parameter objects. You can add, insert, and remove Parameter objects using the appropriate methods of the ParameterCollection class. To programmatically retrieve Parameter objects from a collection, use one of following methods:

Use the indexer to get a single Parameter object from the collection, by name or using array notation.
Use the GetEnumerator method to create a System.Collections..::.IEnumerator-implemented object, which can then be used to get items from the collection.

The Count property specifies the total number of items in the collection, and is used to determine the upper bound of the collection. You can add and remove items from the collection by using the Add, Insert, Remove, and RemoveAt methods.

Depending on the implementation and the semantics of a particular data source control, the order in which the parameters are stored in the ParameterCollection collection might be important. For example, when using the SqlDataSource control as an ODBC data source, the order of the Parameter objects in the ParameterCollection collection must be the same as the order of the parameters in the parameterized SQL queries you use. However, when using the SqlDataSource control with Microsoft SQL Server, the order of the Parameter objects are not important.

Security Note:
When you use data source controls, values are inserted into command parameters without validation, which is a potential security threat. Use an event in the data source control to validate parameter values before the command is executed. For more information, see Script Exploits Overview.

The following table lists the different parameter classes and how they are used.

Parameter Class	Description
Parameter	The base parameter class. Use it to bind to a local variable or any static string using the DefaultValue property.
ControlParameter	A parameter that can be used to bind to a control's property or method return value.
CookieParameter	A parameter that can be used to bind to the value of a cookie.
FormParameter	A parameter that can be used to bind to an attribute of the current Web Forms page.
QueryStringParameter	A parameter that can be used to bind to a value passed to a Web Forms page on a query string.
SessionParameter	A parameter that can be used to bind to the value of a session variable.
ProfileParameter	A parameter that can be used to bind to the value of an ASP.NET Profile property.

Examples

The following code example demonstrates how to use an AccessDataSource control and a FormParameter to display information from a Microsoft Access database in a GridView control. The FormParameter object is added to the SelectParameters collection using the Add method.

Security Note:
This example has a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

Visual Basic

<%@Page  Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

Private Sub Page_Load(sender As Object, e As EventArgs)

  ' You can add a FormParameter to the AccessDataSource control's
  ' SelectParameters collection programmatically.
  AccessDataSource1.SelectParameters.Clear()

  ' Security Note: The AccessDataSource uses a FormParameter,
  ' Security Note: which does not perform validation of input from the client.
  ' Security Note: To validate the value of the FormParameter,
  ' Security Note: handle the Selecting event.

  Dim formParam As New FormParameter("lastname","LastNameBox")
  formParam.Type=TypeCode.String
  AccessDataSource1.SelectParameters.Add(formParam)
End Sub ' Page_Load

</script>
<html  >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:accessdatasource
          id="AccessDataSource1"
          runat="server"
          datasourcemode="DataSet"
          datafile="Northwind.mdb"
          selectcommand="SELECT OrderID,CustomerID,OrderDate,RequiredDate,ShippedDate
                         FROM Orders WHERE EmployeeID =
                         (SELECT EmployeeID FROM Employees WHERE LastName = @lastname)">
      </asp:accessdatasource>

      <br />Enter the name "Davolio" or "King" in the text box and click the button.

      <br />
      <asp:textbox
        id="LastNameBox"
        runat="server" />

      <br />
      <asp:button
        id="Button1"
        runat="server"
        text="Get Records" />

      <br />
      <asp:gridview
          id="GridView1"
          runat="server"
          allowsorting="True"
          datasourceid="AccessDataSource1">
      </asp:gridview>

    </form>
  </body>
</html>

<%@Page  Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

void Page_Load(Object sender, EventArgs e){

  // You can add a FormParameter to the AccessDataSource control's
  // SelectParameters collection programmatically.
  AccessDataSource1.SelectParameters.Clear();

  // Security Note: The AccessDataSource uses a FormParameter,
  // Security Note: which does not perform validation of input from the client.
  // Security Note: To validate the value of the FormParameter,
  // Security Note: handle the Selecting event.

  FormParameter formParam = new FormParameter("lastname","LastNameBox");
  formParam.Type=TypeCode.String;
  AccessDataSource1.SelectParameters.Add(formParam);
}

</script>
<html  >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:accessdatasource
          id="AccessDataSource1"
          runat="server"
          datasourcemode="DataSet"
          datafile="Northwind.mdb"
          selectcommand="SELECT OrderID,CustomerID,OrderDate,RequiredDate,ShippedDate
                         FROM Orders WHERE EmployeeID =
                         (SELECT EmployeeID FROM Employees WHERE LastName = @lastname)">
      </asp:accessdatasource>

      <br />Enter the name "Davolio" or "King" in the text box and click the button.

      <br />
      <asp:textbox
        id="LastNameBox"
        runat="server" />

      <br />
      <asp:button
        id="Button1"
        runat="server"
        text="Get Records" />

      <br />
      <asp:gridview
          id="GridView1"
          runat="server"
          allowsorting="True"
          datasourceid="AccessDataSource1">
      </asp:gridview>

    </form>
  </body>
</html>

.NET Framework Security

AspNetHostingPermission
for operating in a hosted environment. Demand value: LinkDemand; Permission value: Minimal.
AspNetHostingPermission
for operating in a hosted environment. Demand value: InheritanceDemand; Permission value: Minimal.

Inheritance Hierarchy

System..::.Object
System.Web.UI..::.StateManagedCollection
System.Web.UI.WebControls..::.ParameterCollection

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0

Reference

ParameterCollection Members

System.Web.UI.WebControls Namespace