FormParameter.FormField Property
Gets or sets the name of the form variable that the parameter binds to.
Assembly: System.Web (in System.Web.dll)
Property Value
Type: System.StringA string that identifies the form variable to which the parameter binds.
The FormField identifies a name/value pair that is passed in the Form collection. While the FormField property identifies the name of the pair, the FormParameter binds to its corresponding value at run time. If the expected form variable string name/value pair is not passed to the ASP.NET Web page in the collection, the Evaluate method binds the parameter to the value of the DefaultValue property, if it is set. If the DefaultValue is not set, the Evaluate method fails to bind the parameter to a value.
The following code example demonstrates how to display filtered data using an ObjectDataSource control and a FormParameter to retrieve data from a middle-tier business object and a GridView control to display the results.
The code example consists of a TextBox, a GridView control, the ObjectDataSource control, and a submit button. By default, the TextBox is populated with the name of one of the Northwind Traders employees. The GridView displays information about the employee identified by the name in the TextBox. To retrieve data on another employee, enter the full name of the employee in the TextBox and click the button.
The FilterExpression property specifies an expression used to filter the data retrieved by the SelectMethod. This property uses parameter placeholders that are evaluated to the parameters contained in the FilterParameters collection. In this example, the parameter placeholder is a FormParameter bound to the value of the TextBox control.
<%@ Register TagPrefix="aspSample" Namespace="Samples.AspNet.VB" Assembly="Samples.AspNet.VB" %> <%@ Page language="vb" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> Protected Sub ObjectDataSource1_Filtering(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ObjectDataSourceFilteringEventArgs) If Textbox1.Text = "" Then e.ParameterValues.Clear() e.ParameterValues.Add("FullName", "Nancy Davolio") End If End Sub </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>ObjectDataSource - VB Example</title> </head> <body> <form id="Form1" method="post" runat="server"> <p>Show all users with the following name.</p> <asp:textbox id="Textbox1" runat="server" text="Nancy Davolio" /> <asp:gridview id="GridView1" runat="server" datasourceid="ObjectDataSource1" autogeneratecolumns="False"> <columns> <asp:boundfield headertext="ID" datafield="EmpID" /> <asp:boundfield headertext="Name" datafield="FullName" /> <asp:boundfield headertext="Street Address" datafield="Address" /> </columns> </asp:gridview> <!-- Security Note: The ObjectDataSource uses a FormParameter, Security Note: which does not perform validation of input from the client. --> <asp:objectdatasource id="ObjectDataSource1" runat="server" selectmethod="GetAllEmployeesAsDataSet" typename="Samples.AspNet.VB.EmployeeLogic" filterexpression="FullName='{0}'" OnFiltering="ObjectDataSource1_Filtering"> <filterparameters> <asp:formparameter name="FullName" formfield="Textbox1" defaultvalue="Nancy Davolio" /> </filterparameters> </asp:objectdatasource> <p><asp:button id="Button1" runat="server" text="Search" /></p> </form> </body> </html>
The following code example shows the middle-tier business object that the previous code example uses. This example consists of two basic classes: The EmployeeLogic class encapsulates business logic, and the NorthwindEmployee class is a model class that contains only the basic functionality required to load and persist data from the data tier. For simplicity, the EmployeeLogic class creates a static set of data, rather than retrieving the data from a data tier. It is also helpful for this example, because the sample relies on the user to provide the full name of a Northwind Traders employee to demonstrate filtering. For a complete working example, you must compile and use these classes with the ASP.NET code examples provided.
Security Note
|
|---|
The FormParameter does not validate the value passed by the form element in any way; it uses the raw value. In most cases, you can validate the value of the FormParameter before it is used by a data source control by handling an event, such as the Selecting, Updating, Inserting, or Deleting event exposed by the data source control you are using. If the value of the parameter does not pass your validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true. |
Imports System Imports System.Collections Imports System.Data Imports System.Web.UI.WebControls Namespace Samples.AspNet.VB ' ' EmployeeLogic is a stateless business object that encapsulates ' the operations you can perform on a NorthwindEmployee object. ' Public Class EmployeeLogic ' Returns a collection of NorthwindEmployee objects. Public Shared Function GetAllEmployees() As ICollection Dim data As New ArrayList() data.Add(New NorthwindEmployee(1, "Nancy", "Davolio", "507 - 20th Ave. E. Apt. 2A")) data.Add(New NorthwindEmployee(2, "Andrew", "Fuller", "908 W. Capital Way")) data.Add(New NorthwindEmployee(3, "Janet", "Leverling", "722 Moss Bay Blvd.")) data.Add(New NorthwindEmployee(4, "Margaret", "Peacock", "4110 Old Redmond Rd.")) data.Add(New NorthwindEmployee(5, "Steven", "Buchanan", "14 Garrett Hill")) data.Add(New NorthwindEmployee(6, "Michael", "Suyama", "Coventry House Miner Rd.")) data.Add(New NorthwindEmployee(7, "Robert", "King", "Edgeham Hollow Winchester Way")) Return data End Function 'GetAllEmployees Public Shared Function GetEmployee(anID As Object) As NorthwindEmployee Dim data As ArrayList = CType(GetAllEmployees(), ArrayList) Dim empID As Integer = Int32.Parse(anID.ToString()) Return CType(data(empID),NorthwindEmployee) End Function 'GetEmployee ' To support basic filtering, the employees cannot ' be returned as an array of objects, rather as a ' DataSet of the raw data values. Public Shared Function GetAllEmployeesAsDataSet() As DataSet Dim employees As ICollection = GetAllEmployees() Dim ds As New DataSet("Table") ' Create the schema of the DataTable. Dim dt As New DataTable() Dim dc As DataColumn dc = New DataColumn("EmpID", GetType(Integer)) dt.Columns.Add(dc) dc = New DataColumn("FullName", GetType(String)) dt.Columns.Add(dc) dc = New DataColumn("Address", GetType(String)) dt.Columns.Add(dc) ' Add rows to the DataTable. Dim row As DataRow Dim ne As NorthwindEmployee For Each ne In employees row = dt.NewRow() row("EmpID") = ne.EmpID row("FullName") = ne.FullName row("Address") = ne.Address dt.Rows.Add(row) Next ' Add the complete DataTable to the DataSet. ds.Tables.Add(dt) Return ds End Function 'GetAllEmployeesAsDataSet End Class 'EmployeeLogic Public Class NorthwindEmployee Public Sub New(anID As Integer, aFirstName As String, aLastName As String, anAddress As String) ID = anID Me.aFirstName = aFirstName Me.aLastName = aLastName Me.aAddress = anAddress End Sub 'NewNew Private ID As Object Public ReadOnly Property EmpID() As String Get Return ID.ToString() End Get End Property Private aLastName As String Public Property LastName() As String Get Return aLastName End Get Set aLastName = value End Set End Property Private aFirstName As String Public Property FirstName() As String Get Return aFirstName End Get Set aFirstName = value End Set End Property Public ReadOnly Property FullName() As String Get Return FirstName & " " & LastName End Get End Property Private aAddress As String Public Property Address() As String Get Return aAddress End Get Set aAddress = value End Set End Property End Class 'NorthwindEmployee End Namespace
Available since 2.0
