Export (0) Print
Expand All

QueryStringParameter Class

Binds the value of an HTTP request query-string field to a parameter object.

System.Object
  System.Web.UI.WebControls.Parameter
    System.Web.UI.WebControls.QueryStringParameter

Namespace:  System.Web.UI.WebControls
Assembly:  System.Web (in System.Web.dll)

public class QueryStringParameter : Parameter

The QueryStringParameter type exposes the following members.

  NameDescription
Public methodQueryStringParameter()Initializes a new unnamed instance of the QueryStringParameter class.
Protected methodQueryStringParameter(QueryStringParameter)Initializes a new instance of the QueryStringParameter class, using the values of the instance that is specified by the original parameter.
Public methodQueryStringParameter(String, String)Initializes a new named instance of the QueryStringParameter class, using the specified string to identify which query-string field to bind to.
Public methodQueryStringParameter(String, DbType, String)Initializes a new named instance of the QueryStringParameter class, using the specified query-string field and the data type of the parameter.
Public methodQueryStringParameter(String, TypeCode, String)Initializes a new named and strongly typed instance of the QueryStringParameter class, using the specified string to identify which query-string field to bind to.
Top

  NameDescription
Public propertyConvertEmptyStringToNullGets or sets a value indicating whether the value that the Parameter object is bound to should be converted to null if it is String.Empty. (Inherited from Parameter.)
Public propertyDbTypeGets or sets the database type of the parameter. (Inherited from Parameter.)
Public propertyDefaultValueSpecifies a default value for the parameter, should the value that the parameter is bound to be uninitialized when the Evaluate method is called. (Inherited from Parameter.)
Public propertyDirectionIndicates whether the Parameter object is used to bind a value to a control, or the control can be used to change the value. (Inherited from Parameter.)
Protected propertyIsTrackingViewStateGets a value indicating whether the Parameter object is saving changes to its view state. (Inherited from Parameter.)
Public propertyNameGets or sets the name of the parameter. (Inherited from Parameter.)
Public propertyQueryStringFieldGets or sets the name of the query-string field that the parameter binds to.
Public propertySizeGets or sets the size of the parameter. (Inherited from Parameter.)
Public propertyTypeGets or sets the type of the parameter. (Inherited from Parameter.)
Public propertyValidateInputGets or sets whether the value of the query string parameter is being validated or not.
Protected propertyViewStateGets a dictionary of state information that allows you to save and restore the view state of a Parameter object across multiple requests for the same page. (Inherited from Parameter.)
Top

  NameDescription
Protected methodCloneReturns a duplicate of the current QueryStringParameter instance. (Overrides Parameter.Clone().)
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodEvaluateUpdates and returns the value of the QueryStringParameter object. (Overrides Parameter.Evaluate(HttpContext, Control).)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetDatabaseTypeGets the DbType value that is equivalent to the CLR type of the current Parameter instance. (Inherited from Parameter.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodLoadViewStateRestores the data source view's previously saved view state. (Inherited from Parameter.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Protected methodOnParameterChangedCalls the OnParametersChanged method of the ParameterCollection collection that contains the Parameter object. (Inherited from Parameter.)
Protected methodSaveViewStateSaves the changes to the Parameter object's view state since the time the page was posted back to the server. (Inherited from Parameter.)
Protected methodSetDirtyMarks the Parameter object so its state will be recorded in view state. (Inherited from Parameter.)
Public methodToStringConverts the value of this instance to its equivalent string representation. (Inherited from Parameter.)
Protected methodTrackViewStateCauses the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page. (Inherited from Parameter.)
Top

  NameDescription
Explicit interface implemetationPrivate methodICloneable.CloneReturns a duplicate of the current Parameter instance. (Inherited from Parameter.)
Explicit interface implemetationPrivate propertyIStateManager.IsTrackingViewStateInfrastructure. Gets a value indicating whether the Parameter object is saving changes to its view state. (Inherited from Parameter.)
Explicit interface implemetationPrivate methodIStateManager.LoadViewStateInfrastructure. Restores the data source view's previously saved view state. (Inherited from Parameter.)
Explicit interface implemetationPrivate methodIStateManager.SaveViewStateInfrastructure. Saves the changes to the Parameter object's view state since the time the page was posted back to the server. (Inherited from Parameter.)
Explicit interface implemetationPrivate methodIStateManager.TrackViewStateInfrastructure. Causes the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page. (Inherited from Parameter.)
Top

You can use the QueryStringParameter class to bind the value of a field that is passed as part of an HTTP request query string to a parameter that is used in a parameterized query or command. The field is retrieved from the QueryString collection.

Controls that bind data to the parameter might throw an exception if a QueryStringParameter object is referenced, but no corresponding query-string name/value pair is passed. Similarly, they might display no data if the query-string field name is passed without a corresponding value. To avoid these situations, set the DefaultValue property where appropriate.

The QueryStringParameter class provides the QueryStringField property, which identifies the name of the query string value to bind to. It also provides the properties that are inherited from the Parameter class.

Important noteImportant

The QueryStringParameter class does not validate the value that is passed; it provides the raw value. However, you can validate the value of a QueryStringParameter object in a data source control. To do so, handle the Selecting, Updating, Inserting, or Deleting event of the data source control and check the parameter value in the event handler. If the value of the parameter does not pass the validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true.

The following example shows how to create a QueryStringParameter object to use as a filter when you display data in a GridView control. You add the QueryStringParameter object to the AccessDataSource control's FilterParameters collection. The parameter object binds the value of the query-string field named country to its FilterExpression string. Because no DefaultValue property is specified for the parameter, if no field named country is passed with the query string, the AccessDataSource control throws a NullReferenceException exception. If a field named country is passed but has no value, the GridView control displays no data.

<%@ Page language="C#"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="Form1" method="post" runat="server">

      <!-- Use a Query String with country=USA -->
      <asp:gridview
        id ="GridView1"
        runat="server"
        datasourceid="MyAccessDataSource" />

<!-- Security Note: The AccessDataSource uses a QueryStringParameter,
     Security Note: which does not perform validation of input from the client. -->

      <asp:accessdatasource
        id="MyAccessDataSource"
        runat="server"
        datafile="Northwind.mdb"
        selectcommand="SELECT EmployeeID, LastName, Address, PostalCode, Country FROM Employees"
        filterexpression="Country = '{0}'">
        <filterparameters>
          <asp:querystringparameter name="country" type="String" querystringfield="country" />
        </filterparameters>
      </asp:accessdatasource>
    </form>
  </body>
</html>

The following example shows how to create a QueryStringParameter object to display data from an Access database by using a parameterized SQL query. The AccessDataSource object retrieves records that are then displayed in a GridView control. The GridView control is also editable, and lets users update the status of orders in the Northwind Traders Orders table.

<%@Page  Language="C#" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.Common" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
private void UpdateRecords(Object source, EventArgs e)
{
  // This method is an example of batch updating using a
  // data source control. The method iterates through the rows
  // of the GridView, extracts each CheckBox from the row and, if
  // the CheckBox is checked, updates data by calling the Update
  // method of the data source control, adding required parameters
  // to the UpdateParameters collection.
  CheckBox cb;
  foreach(GridViewRow row in this.GridView1.Rows) {
    cb = (CheckBox) row.Cells[0].Controls[1];
    if(cb.Checked) {
      string oid = (string) row.Cells[1].Text;
      MyAccessDataSource.UpdateParameters.Add(new Parameter("date",TypeCode.DateTime,DateTime.Now.ToString()));
      MyAccessDataSource.UpdateParameters.Add(new Parameter("orderid",TypeCode.String,oid));
      MyAccessDataSource.Update();
      MyAccessDataSource.UpdateParameters.Clear();
    }
  }
}
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

<!-- Security Note: The SqlDataSource uses a QueryStringParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the QueryStringParameter, handle the Selecting event. -->

      <asp:SqlDataSource
        id="MyAccessDataSource"
        runat="server"
        ProviderName="<%$ ConnectionStrings:MyPasswordProtectedAccess.providerName%>"
        ConnectionString="<%$ ConnectionStrings:MyPasswordProtectedAccess%>"
        SelectCommand="SELECT OrderID, OrderDate, RequiredDate, ShippedDate FROM Orders WHERE EmployeeID=?"
        UpdateCommand="UPDATE Orders SET ShippedDate=? WHERE OrderID = ?">
        <SelectParameters>
          <asp:QueryStringParameter Name="empId" QueryStringField="empId" />
        </SelectParameters>
      </asp:SqlDataSource>

      <asp:GridView
        id ="GridView1"
        runat="server"
        DataSourceID="MyAccessDataSource"
        AllowPaging="True"
        PageSize="10"
        AutoGenerateColumns="False">
          <columns>
            <asp:TemplateField HeaderText="">
              <ItemTemplate>
                <asp:CheckBox runat="server" />
              </ItemTemplate>
            </asp:TemplateField>
            <asp:BoundField HeaderText="Order" DataField="OrderID" />
            <asp:BoundField HeaderText="Order Date" DataField="OrderDate" />
            <asp:BoundField HeaderText="Required Date" DataField="RequiredDate" />
            <asp:BoundField HeaderText="Shipped Date" DataField="ShippedDate" />
          </columns>
      </asp:GridView>

      <asp:Button
        id="Button1"
        runat="server"
        Text="Update the Selected Records As Shipped"
        OnClick="UpdateRecords" />

      <asp:Label id="Label1" runat="server" />

    </form>
  </body>
</html>
<connectionStrings>
  <add name="MyPasswordProtectedAccess"
       connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\uncpath\Northwind_PasswordProtected.mdb;Mode=3;Jet OLEDB:Database Password=myPassword;"
       providerName="System.Data.OleDb" />
</connectionStrings>

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft