ParameterCollection.Add Method (Parameter)
.NET Framework (current version)
Appends the specified Parameter object to the end of the collection.
Assembly: System.Web (in System.Web.dll)
Parameters
- parameter
-
Type:
System.Web.UI.WebControls.Parameter
The Parameter to append to the collection.
The following code example demonstrates how to use an AccessDataSource control and a FormParameter object to display information from a Microsoft Access database in a GridView control. The FormParameter object is added to the SelectParameters collection using the Add(Parameter) method.
Security Note
|
|---|
This example has a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview. |
<%@Page Language="C#" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> void Page_Load(Object sender, EventArgs e){ // You can add a FormParameter to the AccessDataSource control's // SelectParameters collection programmatically. AccessDataSource1.SelectParameters.Clear(); // Security Note: The AccessDataSource uses a FormParameter, // Security Note: which does not perform validation of input from the client. // Security Note: To validate the value of the FormParameter, // Security Note: handle the Selecting event. FormParameter formParam = new FormParameter("lastname","LastNameBox"); formParam.Type=TypeCode.String; AccessDataSource1.SelectParameters.Add(formParam); } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>ASP.NET Example</title> </head> <body> <form id="form1" runat="server"> <asp:accessdatasource id="AccessDataSource1" runat="server" datasourcemode="DataSet" datafile="Northwind.mdb" selectcommand="SELECT OrderID,CustomerID,OrderDate,RequiredDate,ShippedDate FROM Orders WHERE EmployeeID = (SELECT EmployeeID FROM Employees WHERE LastName = @lastname)"> </asp:accessdatasource> <br />Enter the name "Davolio" or "King" in the text box and click the button. <br /> <asp:textbox id="LastNameBox" runat="server" /> <br /> <asp:button id="Button1" runat="server" text="Get Records" /> <br /> <asp:gridview id="GridView1" runat="server" allowsorting="True" datasourceid="AccessDataSource1"> </asp:gridview> </form> </body> </html>
.NET Framework
Available since 2.0
Available since 2.0
Show:
