FormParameter.FormParameter() Constructor
Assembly: System.Web (in system.web.dll)
A FormParameter object created with the FormParameter constructor is initialized with default values for all its properties. The FormField is initialized to String.Empty. Additionally, the Name property is initialized to String.Empty, the Type property is initialized to TypeCode.Object, the Direction property is initialized to Input, and the DefaultValue property is initialized to null (Nothing in Visual Basic).
Security Note: |
|---|
| The FormParameter does not validate the value passed by the form element in any way; it uses the raw value. In most cases, you can validate the value of the FormParameter before it is used by a data source control by handling an event, such as the Selecting, Updating, Inserting, or Deleting event exposed by the data source control you are using. If the value of the parameter does not pass your validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true. |
<%@Page Language="VJ#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
void Page_Load(Object sender, System.EventArgs e)
{
// You can add a FormParameter to the AccessDataSource control's
// SelectParameters collection programmatically.
accessDataSource1.get_SelectParameters().Clear();
FormParameter formParam = new FormParameter();
formParam.set_Name("lastname");
formParam.set_Type(System.TypeCode.String);
formParam.set_FormField("LastNameBox");
accessDataSource1.get_SelectParameters().Add(formParam);
}//Page_Load
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="Form1" runat="server">
<asp:accessdatasource
id="accessDataSource1"
runat="server"
datasourcemode="DataSet"
datafile="Northwind.mdb"
selectcommand="SELECT OrderID,CustomerID,OrderDate,RequiredDate,ShippedDate
FROM Orders WHERE EmployeeID = (SELECT EmployeeID FROM Employees WHERE LastName = @lastname)">
</asp:accessdatasource>
<br />Enter the name "Davolio" or "King" in the text box and click the button.
<br />
<asp:textbox
id="LastNameBox"
runat="server" />
<br />
<asp:button
id="Button1"
runat="server"
text="Get Records" />
<br />
<asp:gridview
id="GridView1"
runat="server"
allowsorting="True"
datasourceid="accessDataSource1">
</asp:gridview>
</form>
</body>
</html>
Security Note: