SqlDataSource.UpdateParameters Property


The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Gets the parameters collection that contains the parameters that are used by the UpdateCommand property from the SqlDataSourceView control that is associated with the SqlDataSource control.

Namespace:   System.Web.UI.WebControls
Assembly:  System.Web (in System.Web.dll)

public ParameterCollection UpdateParameters { get; }

Property Value

Type: System.Web.UI.WebControls.ParameterCollection

A ParameterCollection that contains the parameters used by the UpdateCommand property.

If the UpdateCommand property contains a parameterized SQL query, the UpdateParameters collection contains any Parameter objects that correspond to the parameter placeholders in the SQL string.

Parameter names might be affected by the OldValuesParameterFormatString property, specifically if the name identifies a primary key, such as a key specified using the DataKeyNames property of the data-bound control, or in delete and update scenarios where the ConflictDetection property is set to the CompareAllValues value and a set of oldValues are passed to the corresponding data method. In this case, the format string is applied to each parameter name in the oldValues collection.

The order of the parameters in the UpdateParameters collection might be important, depending on the ADO.NET provider. The System.Data.OleDb and System.Data.Odbc providers associate the parameters in the collection according to the order that the parameters appear in the parameterized SQL query. The System.Data.SqlClient provider, which is the default ADO.NET provider for the SqlDataSource control, associates the parameters in the collection by matching the name of the parameter with a placeholder alias in the SQL query. For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

The UpdateParameters property retrieves the UpdateParameters property that is contained by the SqlDataSourceView object that is associated with the SqlDataSource control.

System_CAPS_security Security Note

Values are inserted into parameters without validation, which is a potential security threat. Use the Filtering event to validate parameter values before executing the query. For more information, see Script Exploits Overview.

The following code example demonstrates how to use a SqlDataSource control to display data in a DropDownList control and update data when the Submit button is clicked. The UpdateCommand is set with a parameterized SQL statement and two ControlParameter parameters are added to the UpdateParameters collection. When the Submit button is clicked, the OnClick event is handled to call the Update method explicitly.

System_CAPS_security Security Note

This example includes a text box that accepts user input, which is a potential security threat, and values are inserted into parameters without validation, which is also a potential security threat. Use the Inserting event to validate parameter values before executing the query. For more information, see Script Exploits Overview.

<%@Page  Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
 private void On_Click(Object source, EventArgs e) {
    try {
    catch (Exception except) {
        // Handle the Exception.

    Label2.Text="The record was updated successfully!";

<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
    <form id="form1" runat="server">
          ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
          SelectCommand="SELECT EmployeeID, LastName, Address FROM Employees"
          UpdateCommand="UPDATE Employees SET Address=@Address WHERE EmployeeID=@EmployeeID">
              <asp:ControlParameter Name="Address" ControlId="TextBox1" PropertyName="Text"/>
              <asp:ControlParameter Name="EmployeeID" ControlId="DropDownList1" PropertyName="SelectedValue"/>


      <br />
      <asp:Label id="Label1" runat="server" Text="Enter a new address for the selected user."
        AssociatedControlID="TextBox1" />
      <asp:TextBox id="TextBox1" runat="server" />
      <asp:Button id="Submit" runat="server" Text="Submit" OnClick="On_Click" />

      <br /><asp:Label id="Label2" runat="server" Text="" />


.NET Framework
Available since 2.0
Return to top