ParameterCollection Class
Collapse the table of content
Expand the table of content

ParameterCollection Class

Represents a collection of Parameter and Parameter-derived objects that are used by data source controls in advanced data-binding scenarios.

Namespace:  System.Web.UI.WebControls
Assembly:  System.Web (in System.Web.dll)

[AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
[AspNetHostingPermissionAttribute(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public class ParameterCollection : StateManagedCollection

The ParameterCollection class represents a collection of Parameter objects used in advanced data-binding scenarios with data source controls. The Parameter objects are used to bind the values contained by local Page variables, HTTP cookies, session variables, and other controls' values to data source controls when retrieving, updating, deleting, and inserting data.

Use the ParameterCollection class to programmatically manage a set of Parameter objects. You can add, insert, and remove Parameter objects using the appropriate methods of the ParameterCollection class. To programmatically retrieve Parameter objects from a collection, use one of following methods:

The Count property specifies the total number of items in the collection, and is used to determine the upper bound of the collection. You can add and remove items from the collection by using the Add, Insert, Remove, and RemoveAt methods.

Depending on the implementation and the semantics of a particular data source control, the order in which the parameters are stored in the ParameterCollection collection might be important. For example, when using the SqlDataSource control as an ODBC data source, the order of the Parameter objects in the ParameterCollection collection must be the same as the order of the parameters in the parameterized SQL queries you use. However, when using the SqlDataSource control with Microsoft SQL Server, the order of the Parameter objects are not important.

Security noteSecurity Note:

When you use data source controls, values are inserted into command parameters without validation, which is a potential security threat. Use an event in the data source control to validate parameter values before the command is executed. For more information, see Script Exploits Overview.

The following table lists the different parameter classes and how they are used.

Parameter Class



The base parameter class. Use it to bind to a local variable or any static string using the DefaultValue property.


A parameter that can be used to bind to a control's property or method return value.


A parameter that can be used to bind to the value of a cookie.


A parameter that can be used to bind to an attribute of the current Web Forms page.


A parameter that can be used to bind to a value passed to a Web Forms page on a query string.


A parameter that can be used to bind to the value of a session variable.


A parameter that can be used to bind to the value of an ASP.NET Profile property.

The following code example demonstrates how to use an AccessDataSource control and a FormParameter to display information from a Microsoft Access database in a GridView control. The FormParameter object is added to the SelectParameters collection using the Add method.

Security noteSecurity Note:

This example has a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@Page  Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">

<script runat="server">

void Page_Load(Object sender, EventArgs e){

  // You can add a FormParameter to the AccessDataSource control's 
  // SelectParameters collection programmatically.

  // Security Note: The AccessDataSource uses a FormParameter, 
  // Security Note: which does not perform validation of input from the client. 
  // Security Note: To validate the value of the FormParameter, 
  // Security Note: handle the Selecting event.

  FormParameter formParam = new FormParameter("lastname","LastNameBox");

<html xmlns="" >
  <head runat="server">
    <title>ASP.NET Example</title>
    <form id="form1" runat="server">

          selectcommand="SELECT OrderID,CustomerID,OrderDate,RequiredDate,ShippedDate
                         FROM Orders WHERE EmployeeID =
                         (SELECT EmployeeID FROM Employees WHERE LastName = @lastname)">

      <br />Enter the name "Davolio" or "King" in the text box and click the button.

      <br />
        runat="server" />

      <br />
        text="Get Records" />

      <br />



Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0

Community Additions

© 2016 Microsoft