Gets or sets the SQL string that the SqlDataSource control uses to update data in the underlying database.
Assembly: System.Web (in System.Web.dll)
The represents an SQL query or the name of a stored procedure, and is used by the Update method.
Because different database products use different varieties of SQL, the syntax of the SQL string depends on the current ADO.NET provider being used, which is identified by the ProviderName property. If the SQL string is a parameterized query or command, the placeholder of the parameter also depends on the ADO.NET provider being used. For example, if the provider is the System.Data.SqlClient, which is the default provider for the SqlDataSource class, the placeholder of the parameter is '@parameterName'. However, if the provider is set to the System.Data.Odbc or System.Data.OleDb, the placeholder of the parameter is '?'. For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.
The property can be an SQL string or the name of a stored procedure, if the data source supports stored procedures.
For security purposes, the property is not stored is view state. Because it is possible to decode the contents of view state on the client, storing sensitive information about the database structure in view state could result in an information disclosure vulnerability.
Values are inserted into parameters without validation, which is a potential security threat. Use the Filtering event to validate parameter values before executing the query. For more information, see Script Exploits Overview.
|How to: Customize Controls for Editing in the GridView Web Server Control||Building ASP .NET Web Applications in Visual Studio|
This section contains two code examples. The first code example demonstrates how to set the property of the SqlDataSource control and update data in a Microsoft SQL Server database using the GridView control. The second code example demonstrates how to update data in an ODBC database using the GridView control.
The following code example demonstrates how to set the property of the SqlDataSource control and update data in a SQL Server database using the GridView control. The GridView automatically populates the UpdateParameters collection, inferring the parameters from the BoundField objects, and calls the Update method when the Update link on the editable GridView is selected. This example also includes some post-processing: after a record is updated, a notification e-mail message is sent.
The following code example, which is functionally identical to the preceding code example, demonstrates how to update data in an ODBC database using the GridView control. The ProviderName is set to the ADO.NET provider for ODBC, the System.Data.Odbc, and the ConnectionString property is set to the name of an ODBC data source name (DSN).