SqlDataSourceFilteringEventArgs.ParameterValues Property
Assembly: System.Web (in system.web.dll)
The SqlDataSourceFilteringEventArgs class is used to pass data to the Filtering event handler of the SqlDataSource. The ParameterValues property provides access to the filter parameter values before the filtering operation is performed.
Security Note |
|---|
| You should validate any filter parameter values that you receive from the client and cancel the select operation if there are invalid parameters. The runtime simply substitutes the parameter value into the filter expression and applies it to the result of the select method. It is possible for compromised values to alter the filter expression in such a way as to reveal more rows than might otherwise be visible to the client. If you are using the FilterExpression property as a security measure to limit the number of items that are returned, you must validate the parameter values before the filtering occurs. |
The following code example demonstrates how to retrieve data from the Northwind database and filter it using a FilterExpression and FilterParameters. The FilterExpression of the SqlDataSource is applied anytime the Select method is executed to retrieve data. In this example, the FilterExpression contains a placeholder for a filter parameter, which is contained in the FilterParameters collection. In the Filtering event, the filter parameter is displayed in a Label control.
Windows 98, Windows 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.
Security Note