Assembly: System.Web (in System.Web.dll)
Parameter names might be affected by the OldValuesParameterFormatString property, specifically if the name identifies a primary key, such as a key specified using the DataKeyNames property of the data-bound control, or in delete and update scenarios where the ConflictDetection property is set to the CompareAllValues value and a set of oldValues are passed to the corresponding data method. In this case, the format string is applied to each parameter name in the oldValues collection.
The order of the parameters in the System.Data.OleDb and System.Data.Odbc providers associate the parameters in the collection according to the order that the parameters appear in the parameterized SQL query. The System.Data.SqlClient provider, which is the default ADO.NET provider for the SqlDataSource control, associates the parameters in the collection by matching the name of the parameter with a placeholder alias in the SQL query. For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.collection might be important, depending on the ADO.NET provider. The
The following code example demonstrates how to use a SqlDataSource control to display data in a DropDownList control and update data when the Submit button is clicked. The UpdateCommand is set with a parameterized SQL statement and two ControlParameter parameters are added to the collection. When the Submit button is clicked, the OnClick event is handled to call the Update method explicitly.
This example includes a text box that accepts user input, which is a potential security threat, and values are inserted into parameters without validation, which is also a potential security threat. Use the Inserting event to validate parameter values before executing the query. For more information, see Script Exploits Overview.
Available since 2.0