QueryStringParameter Class

Definition

Binds the value of an HTTP request query-string field to a parameter object.

public ref class QueryStringParameter : System::Web::UI::WebControls::Parameter
public class QueryStringParameter : System.Web.UI.WebControls.Parameter
type QueryStringParameter = class
    inherit Parameter
Public Class QueryStringParameter
Inherits Parameter
Inheritance
QueryStringParameter

Examples

The following example shows how to create a QueryStringParameter object to use as a filter when you display data in a GridView control. You add the QueryStringParameter object to the AccessDataSource control's FilterParameters collection. The parameter object binds the value of the query-string field named country to its FilterExpression string. Because no DefaultValue property is specified for the parameter, if no field named country is passed with the query string, the AccessDataSource control throws a NullReferenceException exception. If a field named country is passed but has no value, the GridView control displays no data.

<%@ Page language="C#"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="Form1" method="post" runat="server">

      <!-- Use a Query String with country=USA -->
      <asp:gridview
        id ="GridView1"
        runat="server"
        datasourceid="MyAccessDataSource" />

<!-- Security Note: The AccessDataSource uses a QueryStringParameter,
     Security Note: which does not perform validation of input from the client. -->

      <asp:accessdatasource
        id="MyAccessDataSource"
        runat="server"
        datafile="Northwind.mdb"
        selectcommand="SELECT EmployeeID, LastName, Address, PostalCode, Country FROM Employees"
        filterexpression="Country = '{0}'">
        <filterparameters>
          <asp:querystringparameter name="country" type="String" querystringfield="country" />
        </filterparameters>
      </asp:accessdatasource>
    </form>
  </body>
</html>
<%@ Page language="VB"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="Form1" method="post" runat="server">

      <!-- Use a Query String with country=USA -->
      <asp:gridview
        id ="GridView1"
        runat="server"
        datasourceid="MyAccessDataSource" />

<!-- Security Note: The AccessDataSource uses a QueryStringParameter,
     Security Note: which does not perform validation of input from the client. -->

      <asp:accessdatasource
        id="MyAccessDataSource"
        runat="server"
        datafile="Northwind.mdb"
        selectcommand="SELECT EmployeeID, LastName, Address, PostalCode, Country FROM Employees"
        filterexpression="Country = '{0}'">
        <filterparameters>
          <asp:querystringparameter name="country" type="String" querystringfield="country" />
        </filterparameters>
      </asp:accessdatasource>

    </form>
  </body>
</html>

The following example shows how to create a QueryStringParameter object to display data from an Access database by using a parameterized SQL query. The AccessDataSource object retrieves records that are then displayed in a GridView control. The GridView control is also editable, and lets users update the status of orders in the Northwind Traders Orders table.

<%@Page  Language="C#" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.Common" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
private void UpdateRecords(Object source, EventArgs e)
{
  // This method is an example of batch updating using a
  // data source control. The method iterates through the rows
  // of the GridView, extracts each CheckBox from the row and, if
  // the CheckBox is checked, updates data by calling the Update
  // method of the data source control, adding required parameters
  // to the UpdateParameters collection.
  CheckBox cb;
  foreach(GridViewRow row in this.GridView1.Rows) {
    cb = (CheckBox) row.Cells[0].Controls[1];
    if(cb.Checked) {
      string oid = (string) row.Cells[1].Text;
      MyAccessDataSource.UpdateParameters.Add(new Parameter("date",TypeCode.DateTime,DateTime.Now.ToString()));
      MyAccessDataSource.UpdateParameters.Add(new Parameter("orderid",TypeCode.String,oid));
      MyAccessDataSource.Update();
      MyAccessDataSource.UpdateParameters.Clear();
    }
  }
}
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

<!-- Security Note: The SqlDataSource uses a QueryStringParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the QueryStringParameter, handle the Selecting event. -->

      <asp:SqlDataSource
        id="MyAccessDataSource"
        runat="server"
        ProviderName="<%$ ConnectionStrings:MyPasswordProtectedAccess.providerName%>"
        ConnectionString="<%$ ConnectionStrings:MyPasswordProtectedAccess%>"
        SelectCommand="SELECT OrderID, OrderDate, RequiredDate, ShippedDate FROM Orders WHERE EmployeeID=?"
        UpdateCommand="UPDATE Orders SET ShippedDate=? WHERE OrderID = ?">
        <SelectParameters>
          <asp:QueryStringParameter Name="empId" QueryStringField="empId" />
        </SelectParameters>
      </asp:SqlDataSource>

      <asp:GridView
        id ="GridView1"
        runat="server"
        DataSourceID="MyAccessDataSource"
        AllowPaging="True"
        PageSize="10"
        AutoGenerateColumns="False">
          <columns>
            <asp:TemplateField HeaderText="">
              <ItemTemplate>
                <asp:CheckBox runat="server" />
              </ItemTemplate>
            </asp:TemplateField>
            <asp:BoundField HeaderText="Order" DataField="OrderID" />
            <asp:BoundField HeaderText="Order Date" DataField="OrderDate" />
            <asp:BoundField HeaderText="Required Date" DataField="RequiredDate" />
            <asp:BoundField HeaderText="Shipped Date" DataField="ShippedDate" />
          </columns>
      </asp:GridView>

      <asp:Button
        id="Button1"
        runat="server"
        Text="Update the Selected Records As Shipped"
        OnClick="UpdateRecords" />

      <asp:Label id="Label1" runat="server" />

    </form>
  </body>
</html>
<%@Page  Language="VB" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.Common" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Private Sub UpdateRecords(source As Object, e As EventArgs)

  ' This method is an example of batch updating using a
  ' data source control. The method iterates through the rows
  ' of the GridView, extracts each CheckBox from the row and, if
  ' the CheckBox is checked, updates data by calling the Update
  ' method of the data source control, adding required parameters
  ' to the UpdateParameters collection.

  Dim cb As CheckBox
  Dim row As GridViewRow

  For Each row In GridView1.Rows

    cb = CType(row.Cells(0).Controls(1), CheckBox)
    If cb.Checked Then

      Dim oid As String
      oid = CType(row.Cells(1).Text, String)

      Dim param1 As New Parameter("date", TypeCode.DateTime, DateTime.Now.ToString())
      MyAccessDataSource.UpdateParameters.Add(param1)

      Dim param2 As New Parameter("orderid", TypeCode.String, oid)
      MyAccessDataSource.UpdateParameters.Add(param2)

      MyAccessDataSource.Update()
      MyAccessDataSource.UpdateParameters.Clear()
    End If
  Next
End Sub ' UpdateRecords
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

<!-- Security Note: The SqlDataSource uses a QueryStringParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the QueryStringParameter, handle the Selecting event. -->

      <asp:SqlDataSource
        id="MyAccessDataSource"
        runat="server"
        ProviderName="<%$ ConnectionStrings:MyPasswordProtectedAccess.providerName%>"
        ConnectionString="<%$ ConnectionStrings:MyPasswordProtectedAccess%>"
        SelectCommand="SELECT OrderID, OrderDate, RequiredDate, ShippedDate FROM Orders WHERE EmployeeID=?"
        UpdateCommand="UPDATE Orders SET ShippedDate=? WHERE OrderID = ?">
        <SelectParameters>
          <asp:QueryStringParameter Name="empId" QueryStringField="empId" />
        </SelectParameters>
      </asp:SqlDataSource>

      <asp:GridView
        id ="GridView1"
        runat="server"
        DataSourceID="MyAccessDataSource"
        AllowPaging="True"
        PageSize="10"
        AutoGenerateColumns="False">
          <columns>
            <asp:TemplateField HeaderText="">
              <ItemTemplate>
                <asp:CheckBox runat="server" />
              </ItemTemplate>
            </asp:TemplateField>
            <asp:BoundField HeaderText="Order" DataField="OrderID" />
            <asp:BoundField HeaderText="Order Date" DataField="OrderDate" />
            <asp:BoundField HeaderText="Required Date" DataField="RequiredDate" />
            <asp:BoundField HeaderText="Shipped Date" DataField="ShippedDate" />
          </columns>
      </asp:GridView>

      <asp:Button
        id="Button1"
        runat="server"
        Text="Update the Selected Records As Shipped"
        OnClick="UpdateRecords" />

      <asp:Label id="Label1" runat="server" />

    </form>
  </body>
</html>

Remarks

You can use the QueryStringParameter class to bind the value of a field that is passed as part of an HTTP request query string to a parameter that is used in a parameterized query or command. The field is retrieved from the QueryString collection.

Controls that bind data to the parameter might throw an exception if a QueryStringParameter object is referenced, but no corresponding query-string name/value pair is passed. Similarly, they might display no data if the query-string field name is passed without a corresponding value. To avoid these situations, set the DefaultValue property where appropriate.

The QueryStringParameter class provides the QueryStringField property, which identifies the name of the query string value to bind to. It also provides the properties that are inherited from the Parameter class.

Important

The QueryStringParameter class does not validate the value that is passed; it provides the raw value. However, you can validate the value of a QueryStringParameter object in a data source control. To do so, handle the Selecting, Updating, Inserting, or Deleting event of the data source control and check the parameter value in the event handler. If the value of the parameter does not pass the validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true.

Constructors

QueryStringParameter()

Initializes a new unnamed instance of the QueryStringParameter class.

QueryStringParameter(QueryStringParameter)

Initializes a new instance of the QueryStringParameter class, using the values of the instance that is specified by the original parameter.

QueryStringParameter(String, DbType, String)

Initializes a new named instance of the QueryStringParameter class, using the specified query-string field and the data type of the parameter.

QueryStringParameter(String, String)

Initializes a new named instance of the QueryStringParameter class, using the specified string to identify which query-string field to bind to.

QueryStringParameter(String, TypeCode, String)

Initializes a new named and strongly typed instance of the QueryStringParameter class, using the specified string to identify which query-string field to bind to.

Properties

ConvertEmptyStringToNull

Gets or sets a value indicating whether the value that the Parameter object is bound to should be converted to null if it is Empty.

(Inherited from Parameter)
DbType

Gets or sets the database type of the parameter.

(Inherited from Parameter)
DefaultValue

Specifies a default value for the parameter, should the value that the parameter is bound to be uninitialized when the Evaluate(HttpContext, Control) method is called.

(Inherited from Parameter)
Direction

Indicates whether the Parameter object is used to bind a value to a control, or the control can be used to change the value.

(Inherited from Parameter)
IsTrackingViewState

Gets a value indicating whether the Parameter object is saving changes to its view state.

(Inherited from Parameter)
Name

Gets or sets the name of the parameter.

(Inherited from Parameter)
QueryStringField

Gets or sets the name of the query-string field that the parameter binds to.

Size

Gets or sets the size of the parameter.

(Inherited from Parameter)
Type

Gets or sets the type of the parameter.

(Inherited from Parameter)
ValidateInput

Gets or sets whether the value of the query string parameter is being validated or not.

ViewState

Gets a dictionary of state information that allows you to save and restore the view state of a Parameter object across multiple requests for the same page.

(Inherited from Parameter)

Methods

Clone()

Returns a duplicate of the current QueryStringParameter instance.

Equals(Object)

Determines whether the specified object is equal to the current object.

(Inherited from Object)
Evaluate(HttpContext, Control)

Updates and returns the value of the QueryStringParameter object.

GetDatabaseType()

Gets the DbType value that is equivalent to the CLR type of the current Parameter instance.

(Inherited from Parameter)
GetHashCode()

Serves as the default hash function.

(Inherited from Object)
GetType()

Gets the Type of the current instance.

(Inherited from Object)
LoadViewState(Object)

Restores the data source view's previously saved view state.

(Inherited from Parameter)
MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
OnParameterChanged()

Calls the OnParametersChanged(EventArgs) method of the ParameterCollection collection that contains the Parameter object.

(Inherited from Parameter)
SaveViewState()

Saves the changes to the Parameter object's view state since the time the page was posted back to the server.

(Inherited from Parameter)
SetDirty()

Marks the Parameter object so its state will be recorded in view state.

(Inherited from Parameter)
ToString()

Converts the value of this instance to its equivalent string representation.

(Inherited from Parameter)
TrackViewState()

Causes the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page.

(Inherited from Parameter)

Explicit Interface Implementations

ICloneable.Clone()

Returns a duplicate of the current Parameter instance.

(Inherited from Parameter)
IStateManager.IsTrackingViewState

Gets a value indicating whether the Parameter object is saving changes to its view state.

(Inherited from Parameter)
IStateManager.LoadViewState(Object)

Restores the data source view's previously saved view state.

(Inherited from Parameter)
IStateManager.SaveViewState()

Saves the changes to the Parameter object's view state since the time the page was posted back to the server.

(Inherited from Parameter)
IStateManager.TrackViewState()

Causes the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page.

(Inherited from Parameter)

Applies to

See also