Gets or sets a filtering expression that is applied when the Select method is called.
Assembly: System.Web (in System.Web.dll)
The syntax that is used for the property is a format string–style syntax. You can include parameters in the property. If the type of the parameter is string or character, enclose the parameter in single quotation marks. Quotation marks are not required, if the parameter is a numeric type.
The SqlDataSource control supports filtering data only when in DataSet mode.
The value of the property is stored in view state.
You should validate any filter parameter value that you receive from the client. The runtime simply substitutes the parameter value into the filter expression and applies it to the DataView object that is returned by the Select method. If you are using the FilterExpression property as a security measure to limit the number of items that are returned, you must validate the parameter values before the filtering occurs.
The following code example demonstrates how to retrieve data from the Northwind database and filter it using the FilterExpression and FilterParameters properties. The FilterExpression property of the SqlDataSource control is applied any time the Select method is executed to retrieve data. In this example, the FilterExpression property contains a placeholder for a filter parameter, which is contained in the FilterParameters collection. In this example, the filter parameter is a ControlParameter object that is bound to the SelectedValue property of the DropDownList control. Because the DropDownList control has its AutoPostBack property set to true, any change in the DropDownList selection causes the page to post to the server and the GridView control to rebind to the data source control with the new filter.