SqlDataSourceView.FilterParameters Property

Definition

Gets a collection of parameters that are associated with any parameter placeholders in the FilterExpression string.

public:
 property System::Web::UI::WebControls::ParameterCollection ^ FilterParameters { System::Web::UI::WebControls::ParameterCollection ^ get(); };
[System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)]
public System.Web.UI.WebControls.ParameterCollection FilterParameters { get; }
[<System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)>]
member this.FilterParameters : System.Web.UI.WebControls.ParameterCollection
Public ReadOnly Property FilterParameters As ParameterCollection

Property Value

A ParameterCollection that contains a set of parameters associated with any parameter placeholders found in the FilterExpression property.

Attributes

Examples

The following code example demonstrates how to retrieve data from the Northwind database and filter it using the FilterExpression and FilterParameters properties. The FilterExpression property of the SqlDataSource control is applied any time the Select method is executed to retrieve data. In this example, the FilterExpression property contains a placeholder for a filter parameter, which is contained in the FilterParameters collection. In addition, the filter parameter is a ControlParameter object that is bound to the SelectedValue property of the DropDownList control. Because the DropDownList control has its AutoPostBack property set to true, any change in the DropDownList selection causes the page to post information back to the server and the GridView control to rebind to the data source control with the new filter.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
        <form id="form1" runat="server">

            <p>Show all employees with the following title:
            <asp:DropDownList
                id="DropDownList1"
                runat="server"
                AutoPostBack="True">
                <asp:ListItem Selected="True">Sales Representative</asp:ListItem>
                <asp:ListItem>Sales Manager</asp:ListItem>
                <asp:ListItem>Vice President, Sales</asp:ListItem>
            </asp:DropDownList></p>

            <asp:SqlDataSource
                id="SqlDataSource1"
                runat="server"
                ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
                SelectCommand="SELECT EmployeeID,FirstName,LastName,Title FROM Employees"
                FilterExpression="Title='{0}'">
                <FilterParameters>
                    <asp:ControlParameter Name="Title" ControlId="DropDownList1" PropertyName="SelectedValue"/>
                </FilterParameters>
            </asp:SqlDataSource>

            <p><asp:GridView
                id="GridView1"
                runat="server"
                DataSourceID="SqlDataSource1"
                AutoGenerateColumns="False">
                <columns>
                    <asp:BoundField Visible="False" DataField="EmployeeID" />
                    <asp:BoundField HeaderText="First Name" DataField="FirstName" />
                    <asp:BoundField HeaderText="Last Name" DataField="LastName" />
                </columns>
            </asp:GridView></p>

        </form>
    </body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
        <form id="form1" runat="server">

            <p>Show all employees with the following title:
            <asp:DropDownList
                id="DropDownList1"
                runat="server"
                AutoPostBack="True">
                <asp:ListItem Selected="True">Sales Representative</asp:ListItem>
                <asp:ListItem>Sales Manager</asp:ListItem>
                <asp:ListItem>Vice President, Sales</asp:ListItem>
            </asp:DropDownList></p>

            <asp:SqlDataSource
                id="SqlDataSource1"
                runat="server"
                ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
                SelectCommand="SELECT EmployeeID,FirstName,LastName,Title FROM Employees"
                FilterExpression="Title='{0}'">
                <FilterParameters>
                    <asp:ControlParameter Name="Title" ControlId="DropDownList1" PropertyName="SelectedValue"/>
                </FilterParameters>
            </asp:SqlDataSource>

            <p><asp:GridView
                id="GridView1"
                runat="server"
                DataSourceID="SqlDataSource1"
                AutoGenerateColumns="False">
                <columns>
                    <asp:BoundField Visible="False" DataField="EmployeeID" />
                    <asp:BoundField HeaderText="First Name" DataField="FirstName" />
                    <asp:BoundField HeaderText="Last Name" DataField="LastName" />
                </columns>
            </asp:GridView></p>

        </form>
    </body>
</html>

Remarks

The parameters in the FilterParameters collection are associated with any parameters that are specified in the FilterExpression property. The parameter placeholders that are specified in the FilterExpression are evaluated by order and matched to parameter objects in the FilterParameters collection when the Select method is called.

Important

You should validate any filter parameter value that you receive from the client. The runtime simply substitutes the parameter value into the filter expression and applies it to the DataView object that is returned by the Select method. If you are using the FilterExpression property as a security measure to limit the number of items that are returned, you must validate the parameter values before the filtering occurs.

Applies to

See also