FormParameter Constructor (String, String)
Initializes a new named instance of the FormParameter class, using the specified string to identify which form variable field to bind to.
Assembly: System.Web (in System.Web.dll)
Parameters
- name
-
Type:
System.String
The name of the parameter.
- formField
-
Type:
System.String
The name of the form variable that the parameter object is bound to. The default is Empty.
A FormParameter object created with the FormParameter constructor is initialized with the specified parameter name and string that identifies the form variable that the parameter binds to. The Type and Direction properties are initialized with default values.
Security Note
|
|---|
The FormParameter does not validate the value passed by the form element in any way; it uses the raw value. In most cases, you can validate the value of the FormParameter before it is used by a data source control by handling an event, such as the Selecting, Updating, Inserting, or Deleting event exposed by the data source control you are using. If the value of the parameter does not pass your validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true. |
<%@Page Language="VB" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> Private Sub Page_Load(sender As Object, e As EventArgs) ' You can add a FormParameter to the AccessDataSource control's ' SelectParameters collection programmatically. AccessDataSource1.SelectParameters.Clear() ' Security Note: The AccessDataSource uses a FormParameter, ' Security Note: which does not perform validation of input from the client. ' Security Note: To validate the value of the FormParameter, ' Security Note: handle the Selecting event. Dim formParam As New FormParameter("lastname","LastNameBox") formParam.Type=TypeCode.String AccessDataSource1.SelectParameters.Add(formParam) End Sub ' Page_Load </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>ASP.NET Example</title> </head> <body> <form id="form1" runat="server"> <asp:accessdatasource id="AccessDataSource1" runat="server" datasourcemode="DataSet" datafile="Northwind.mdb" selectcommand="SELECT OrderID,CustomerID,OrderDate,RequiredDate,ShippedDate FROM Orders WHERE EmployeeID = (SELECT EmployeeID FROM Employees WHERE LastName = @lastname)"> </asp:accessdatasource> <br />Enter the name "Davolio" or "King" in the text box and click the button. <br /> <asp:textbox id="LastNameBox" runat="server" /> <br /> <asp:button id="Button1" runat="server" text="Get Records" /> <br /> <asp:gridview id="GridView1" runat="server" allowsorting="True" datasourceid="AccessDataSource1"> </asp:gridview> </form> </body> </html>
Available since 2.0
