SqlDataSource.Update Method
Assembly: System.Web (in system.web.dll)
| Exception type | Condition |
|---|---|
| The SqlDataSource cannot establish a connection with the underlying data source. |
Before the Update operation is performed, the OnUpdating method is called to raise the Updating event. You can handle this event to examine the values of the parameters and to perform any preprocessing before an Update operation.
After the Update operation completes, the OnUpdated method is called to raise the Updated event. You can handle this event to examine any return values and error codes and to perform any post-processing.
The Update method delegates to the Update method of the SqlDataSourceView object that is associated with the SqlDataSource control. To perform an update operation, the SqlDataSourceView builds a DbCommand object using the UpdateCommand text and any associated UpdateParameters properties, and then executes the DbCommand object against the underlying database.
Security Note: |
|---|
| Values are inserted into parameters without validation, which is a potential security threat. Use the Filtering event to validate parameter values before executing the query. For more information, see Script Exploits Overview (Visual Studio). |
This section contains two code examples. The first code example demonstrates how to use a SqlDataSource control to display data in a DropDownList control and update data when the Submit button is clicked. The second code example demonstrates how to display data that is retrieved from a Microsoft SQL Server database in a DropDownList control and update the record using a TextBox control.
The following code example demonstrates how to use a SqlDataSource control to display data in a DropDownList control and update data when the Submit button is clicked. The UpdateCommand property is set with a parameterized SQL statement, and two ControlParameter parameters are added to the UpdateParameters collection. When the Submit button is clicked, the OnClick event is handled to call the Update method explicitly.
<%@Page Language="VJ#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private void On_Click(Object source, System.EventArgs e)
{
try {
SqlDataSource1.Update();
}
catch (Exception except) {
// Handle the Exception.
}
Label2.set_Text("The record was updated successfully!");
} //On_Click
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="form1" runat="server">
<asp:SqlDataSource
id="SqlDataSource1"
runat="server"
ConnectionString="Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;"
SelectCommand="SELECT EmployeeID, LastName, Address FROM Employees"
UpdateCommand="UPDATE Employees SET Address=@Address WHERE EmployeeID=@EmployeeID">
<UpdateParameters>
<asp:ControlParameter Name="Address" ControlId="TextBox1" PropertyName="Text"/>
<asp:ControlParameter Name="EmployeeID" ControlId="DropDownList1" PropertyName="SelectedValue"/>
</UpdateParameters>
</asp:SqlDataSource>
<asp:DropDownList
id="DropDownList1"
runat="server"
DataTextField="LastName"
DataValueField="EmployeeID"
DataSourceID="SqlDataSource1">
</asp:DropDownList>
<br />
<asp:Label id="Label1" runat="server" Text="Enter a new address for the selected user."
AssociatedControlID="TextBox1" />
<asp:TextBox id="TextBox1" runat="server" />
<asp:Button id="Submit" runat="server" Text="Submit" OnClick="On_Click" />
<br /><asp:Label id="Label2" runat="server" Text="" />
</form>
</body>
</html>
The following code example demonstrates how to display data that is retrieved from a SQL Server database in a DropDownList control and update the record using a TextBox control. The example shows how you can use a DbTransaction object to add transaction context when using the SqlDataSource control to update data.
<%@Page Language="VJ#" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.Common" %>
<%@Import Namespace="System.Diagnostics" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private void On_Click(Object source, System.EventArgs e)
{
try {
SqlDataSource1.Update();
}
catch (System.Exception except) {
// Handle Exception
}
Label2.set_Text("The record was updated successfully!");
} //On_Click
private void OnSqlUpdate(Object source, SqlDataSourceCommandEventArgs e)
{
// Log the command in the Event Log on the Web server.
String logInfo = e.get_Command().get_CommandText()
+ " is being submitted to the database.";
IEnumerator ie = e.get_Command().get_Parameters().GetEnumerator();
while (ie.MoveNext()) {
DbParameter param = ((DbParameter)(ie.get_Current()));
logInfo = logInfo + " " + param.get_ParameterName()+ "="
+ param.get_Value();
}
EventLog log = new EventLog();
log.set_Log("Application");
log.set_Source("ASP.NET Example");
log.WriteEntry(logInfo);
} //OnSqlUpdate
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="form1" runat="server">
<asp:SqlDataSource
id="SqlDataSource1"
runat="server"
ConnectionString="Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;"
SelectCommand="SELECT EmployeeID, LastName, Address FROM Employees"
UpdateCommand="UPDATE Employees SET Address=@Address WHERE EmployeeID=@EmployeeID"
OnUpdating="OnSqlUpdate">
<UpdateParameters>
<asp:ControlParameter Name="Address" ControlId="TextBox1" PropertyName="Text"/>
<asp:ControlParameter Name="EmployeeID" ControlId="DropDownList1" PropertyName="SelectedValue"/>
</UpdateParameters>
</asp:SqlDataSource>
<asp:DropDownList
id="DropDownList1"
runat="server"
DataTextField="LastName"
DataValueField="EmployeeID"
DataSourceID="SqlDataSource1">
</asp:DropDownList>
<br />
<asp:Label id="Label1" runat="server" Text="Enter a new address for the selected user."
AssociatedControlID="TextBox1" />
<asp:TextBox id="TextBox1" runat="server" />
<asp:Button id="Submit" runat="server" Text="Submit" OnClick="On_Click" />
<br /><asp:Label id="Label2" runat="server" Text="" />
</form>
</body>
</html>
Security Note: