Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

SqlDataSource.SelectCommand Property

Gets or sets the SQL string that the SqlDataSource control uses to retrieve data from the underlying database.

Namespace:  System.Web.UI.WebControls
Assembly:  System.Web (in System.Web.dll)
public string SelectCommand { get; set; }
<asp:SqlDataSource SelectCommand="String" />

Property Value

Type: System.String
An SQL string or the name of a stored procedure that the SqlDataSource uses to retrieve data.

The SelectCommand property represents an SQL query or the name of a stored procedure, and is used by the Select method to retrieve data from a SQL Server database. If you use an asterisk (*) in the Select command to select all columns, and if you use automatic code generation to perform update or delete operations, make sure that no columns have spaces in their names.

Because different database products use different varieties of SQL, the syntax of the SQL string depends on the current ADO.NET provider being used, which is identified by the ProviderName property. If the SQL string is a parameterized query or command, the placeholder of the parameter also depends on the ADO.NET provider being used. For example, if the provider is the System.Data.SqlClient, which is the default provider for the SqlDataSource class, the placeholder of the parameter is '@parameterName'. However, if the provider is set to the System.Data.Odbc or System.Data.OleDb, the placeholder of the parameter is '?'. For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

The SelectCommand property can be an SQL string or the name of a stored procedure, if the data source supports stored procedures.

The SelectCommand property delegates to the SelectCommand property of the SqlDataSourceView object that is associated with the SqlDataSource control.

Security noteSecurity Note

For security purposes, the SelectCommand property is not stored is view state. Because it is possible to decode the contents of view state on the client, storing sensitive information about the database structure in view state could result in an information disclosure vulnerability.

Security noteSecurity Note

Values are inserted into parameters without validation, which is a potential security threat. Use the Filtering event to validate parameter values before executing the query. For more information, see Script Exploits Overview.

This section contains two code examples. The first code example demonstrates how to set the SelectCommand text to a basic SQL query to retrieve data from an ODBC-compliant database and display it in a GridView control. The second code example demonstrates how to set the SelectCommand text to the name of a stored procedure and the SelectCommandType property to the StoredProcedure value to retrieve data from a Microsoft SQL Server database and display it in a DropDownList control.

In both examples, there is no need to explicitly call the Select method because the data-bound controls that are attached to the data source control through the DataSourceID property will automatically call the Select method during the PreRender phase.

The following code example demonstrates how to set the SelectCommand text to a basic SQL query to retrieve data from an ODBC-compliant database and display it in a GridView control.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <!-- This example uses a Northwind database that is hosted by an ODBC-compliant
         database. To run this sample, create an ODBC DSN to any database that hosts
         the Northwind database, including Microsoft SQL Server or Microsoft Access,
         change the name of the DSN in the ConnectionString, and view the page.
    -->

    <form id="form1" runat="server">

      <asp:SqlDataSource
          id="SqlDataSource1"
          runat="server"
          ProviderName="System.Data.Odbc"
          DataSourceMode="DataSet"
          ConnectionString="dsn=myodbc3dsn;"
          SelectCommand="SELECT FirstName, LastName, Title FROM Employees">
      </asp:SqlDataSource>

      <asp:GridView
          id="GridView1"
          runat="server"
          AllowSorting="True"
          DataSourceID="SqlDataSource1">
      </asp:GridView>

    </form>
  </body>
</html>

The following code example demonstrates how to set the SelectCommand text to the name of a stored procedure and the SelectCommandType property to the StoredProcedure value to retrieve data from a SQL Server database and display it in a DropDownList control. The SelectCommand property can be an SQL query or the name of a stored procedure, if the data source supports stored procedures.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
        <form id="form1" runat="server">

            <asp:DropDownList
                id="DropDownList1"
                runat="server"
                DataTextField="LastName"
                DataSourceID="SqlDataSource1" />

            <asp:SqlDataSource
                id="SqlDataSource1"
                runat="server"
                ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
                SelectCommandType="StoredProcedure"                
                SelectCommand="sp_lastnames">
            </asp:SqlDataSource>

            <!--
                The sp_lastnames stored procedure is
                CREATE PROCEDURE sp_lastnames AS
                   SELECT LastName FROM Employees
                GO
            -->

        </form>
    </body>
</html>

.NET Framework

Supported in: 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.