FormParameter Constructor (String, String)

 

Initializes a new named instance of the FormParameter class, using the specified string to identify which form variable field to bind to.

Namespace:   System.Web.UI.WebControls
Assembly:  System.Web (in System.Web.dll)

Public Sub New (
	name As String,
	formField As String
)

Parameters

name
Type: System.String

The name of the parameter.

formField
Type: System.String

The name of the form variable that the parameter object is bound to. The default is Empty.

A FormParameter object created with the FormParameter constructor is initialized with the specified parameter name and string that identifies the form variable that the parameter binds to. The Type and Direction properties are initialized with default values.

System_CAPS_security Security Note

The FormParameter does not validate the value passed by the form element in any way; it uses the raw value. In most cases, you can validate the value of the FormParameter before it is used by a data source control by handling an event, such as the Selecting, Updating, Inserting, or Deleting event exposed by the data source control you are using. If the value of the parameter does not pass your validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true.

<%@Page  Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">

Private Sub Page_Load(sender As Object, e As EventArgs)

  ' You can add a FormParameter to the AccessDataSource control's
  ' SelectParameters collection programmatically.
  AccessDataSource1.SelectParameters.Clear()

  ' Security Note: The AccessDataSource uses a FormParameter,
  ' Security Note: which does not perform validation of input from the client.
  ' Security Note: To validate the value of the FormParameter,
  ' Security Note: handle the Selecting event.

  Dim formParam As New FormParameter("lastname","LastNameBox")
  formParam.Type=TypeCode.String
  AccessDataSource1.SelectParameters.Add(formParam)
End Sub ' Page_Load

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:accessdatasource
          id="AccessDataSource1"
          runat="server"
          datasourcemode="DataSet"
          datafile="Northwind.mdb"
          selectcommand="SELECT OrderID,CustomerID,OrderDate,RequiredDate,ShippedDate
                         FROM Orders WHERE EmployeeID =
                         (SELECT EmployeeID FROM Employees WHERE LastName = @lastname)">
      </asp:accessdatasource>

      <br />Enter the name "Davolio" or "King" in the text box and click the button.

      <br />
      <asp:textbox
        id="LastNameBox"
        runat="server" />

      <br />
      <asp:button
        id="Button1"
        runat="server"
        text="Get Records" />

      <br />
      <asp:gridview
          id="GridView1"
          runat="server"
          allowsorting="True"
          datasourceid="AccessDataSource1">
      </asp:gridview>

    </form>
  </body>
</html>

.NET Framework
Available since 2.0
Return to top
Show: