FormParameter Class
Assembly: System.Web (in system.web.dll)
You can use the FormParameter class to bind the value of a form variable in the Form collection to a parameter used in a parameterized query or command. Controls that bind data to the parameter might throw an exception if a FormParameter is specified but no corresponding form variable is passed. They might also display no data if the form variable is passed with no corresponding value. Set the DefaultValue to avoid these situations where appropriate.
The FormParameter class provides the FormField property, which identifies the name of the form variable to bind to, in addition to those inherited from the Parameter class.
Important: |
|---|
| The FormParameter does not validate the value passed by the form element in any way; it uses the raw value. In most cases you can validate the value of the FormParameter before it is used by a data source control by handling an event, such as the Selecting, Updating, Inserting, or Deleting event exposed by the data source control you are using. If the value of the parameter does not pass your validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true. |
The following code example demonstrates how to insert data into a database using the SqlDataSource control and a simple ASP.NET Web page. The current data in the data table is displayed in the DropDownList control. You can add new records by entering values in the TextBox controls and clicking the button. When the button is clicked, the specified values are inserted into the database, and the DropDownList is refreshed.
Security Note: |
|---|
| This example has a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview (Visual Studio). |
<%@Page Language="VJ#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private void InsertShipper(Object source, System.EventArgs e)
{
SqlDataSource1.Insert();
} //InsertShipper
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="form1" runat="server">
<asp:dropdownlist
id="DropDownList1"
runat="server"
datasourceid="SqlDataSource1"
datatextfield="CompanyName"
datavaluefield="ShipperID" />
<asp:sqldatasource
id="SqlDataSource1"
runat="server"
connectionstring="Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;Connect Timeout=15"
selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
<insertparameters>
<asp:formparameter name="CoName" formfield="CompanyNameBox" />
<asp:formparameter name="Phone" formfield="PhoneBox" />
</insertparameters>
</asp:sqldatasource>
<br /><asp:textbox
id="CompanyNameBox"
runat="server" />
<asp:RequiredFieldValidator
id="RequiredFieldValidator1"
runat="server"
ControlToValidate="CompanyNameBox"
Display="Static"
ErrorMessage="Please enter a company name." />
<br /><asp:textbox
id="PhoneBox"
runat="server" />
<asp:RequiredFieldValidator
id="RequiredFieldValidator2"
runat="server"
ControlToValidate="PhoneBox"
Display="Static"
ErrorMessage="Please enter a phone number." />
<br /><asp:button
id="Button1"
runat="server"
text="Insert New Shipper"
onclick="InsertShipper" />
</form>
</body>
</html>
- AspNetHostingPermission for operating in a hosted environment. Demand value: LinkDemand; Permission value: Minimal.
- AspNetHostingPermission for operating in a hosted environment. Demand value: InheritanceDemand; Permission value: Minimal.
Important:
Security Note: