FormParameter Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Binds the value of an HTTP request Form field to a parameter object.
public ref class FormParameter : System::Web::UI::WebControls::Parameterpublic class FormParameter : System.Web.UI.WebControls.Parametertype FormParameter = class
inherit ParameterPublic Class FormParameter
Inherits Parameter- Inheritance
Examples
The following code example demonstrates how to insert data into a database using the SqlDataSource control and a simple ASP.NET Web page. The current data in the data table is displayed in the DropDownList control. You can add new records by entering values in the TextBox controls and clicking the button. When the button is clicked, the specified values are inserted into the database, and the DropDownList is refreshed.
Important
This example has a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.
<%@Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private void InsertShipper (object source, EventArgs e) {
SqlDataSource1.Insert();
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="form1" runat="server">
<asp:dropdownlist
id="DropDownList1"
runat="server"
datasourceid="SqlDataSource1"
datatextfield="CompanyName"
datavaluefield="ShipperID" />
<!-- Security Note: The SqlDataSource uses a FormParameter,
Security Note: which does not perform validation of input from the client.
Security Note: To validate the value of the FormParameter, handle the Inserting event. -->
<asp:sqldatasource
id="SqlDataSource1"
runat="server"
connectionstring="<%$ ConnectionStrings:MyNorthwind %>"
selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
<insertparameters>
<asp:formparameter name="CoName" formfield="CompanyNameBox" />
<asp:formparameter name="Phone" formfield="PhoneBox" />
</insertparameters>
</asp:sqldatasource>
<br /><asp:textbox
id="CompanyNameBox"
runat="server" />
<asp:RequiredFieldValidator
id="RequiredFieldValidator1"
runat="server"
ControlToValidate="CompanyNameBox"
Display="Static"
ErrorMessage="Please enter a company name." />
<br /><asp:textbox
id="PhoneBox"
runat="server" />
<asp:RequiredFieldValidator
id="RequiredFieldValidator2"
runat="server"
ControlToValidate="PhoneBox"
Display="Static"
ErrorMessage="Please enter a phone number." />
<br /><asp:button
id="Button1"
runat="server"
text="Insert New Shipper"
onclick="InsertShipper" />
</form>
</body>
</html>
<%@Page Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Private Sub InsertShipper (ByVal Source As Object, ByVal e As EventArgs)
SqlDataSource1.Insert()
End Sub ' InsertShipper
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="form1" runat="server">
<asp:dropdownlist
id="DropDownList1"
runat="server"
datasourceid="SqlDataSource1"
datatextfield="CompanyName"
datavaluefield="ShipperID" />
<!-- Security Note: The SqlDataSource uses a FormParameter,
Security Note: which does not perform validation of input from the client.
Security Note: To validate the value of the FormParameter, handle the Inserting event. -->
<asp:sqldatasource
id="SqlDataSource1"
runat="server"
connectionstring="<%$ ConnectionStrings:MyNorthwind %>"
selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
<insertparameters>
<asp:formparameter name="CoName" formfield="CompanyNameBox" />
<asp:formparameter name="Phone" formfield="PhoneBox" />
</insertparameters>
</asp:sqldatasource>
<br /><asp:textbox
id="CompanyNameBox"
runat="server" />
<asp:RequiredFieldValidator
id="RequiredFieldValidator1"
runat="server"
ControlToValidate="CompanyNameBox"
Display="Static"
ErrorMessage="Please enter a company name." />
<br /><asp:textbox
id="PhoneBox"
runat="server" />
<asp:RequiredFieldValidator
id="RequiredFieldValidator2"
runat="server"
ControlToValidate="PhoneBox"
Display="Static"
ErrorMessage="Please enter a phone number." />
<br /><asp:button
id="Button1"
runat="server"
text="Insert New Shipper"
onclick="InsertShipper" />
</form>
</body>
</html>
Remarks
You can use the FormParameter class to bind the value of a form variable in the Form collection to a parameter used in a parameterized query or command. Controls that bind data to the parameter might throw an exception if a FormParameter is specified but no corresponding form variable is passed. They might also display no data if the form variable is passed with no corresponding value. Set the DefaultValue to avoid these situations where appropriate.
The FormParameter class provides the FormField property, which identifies the name of the form variable to bind to, in addition to those inherited from the Parameter class.
Important
The FormParameter does not validate the value passed by the form element in any way; it uses the raw value. In most cases you can validate the value of the FormParameter before it is used by a data source control by handling an event, such as the Selecting, Updating, Inserting, or Deleting event exposed by the data source control you are using. If the value of the parameter does not pass your validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true.
Constructors
| FormParameter() |
Initializes a new unnamed instance of the FormParameter class. |
| FormParameter(FormParameter) |
Initializes a new instance of the FormParameter class with the values of the instance specified by the |
| FormParameter(String, DbType, String) |
Initializes a new instance of the FormParameter class, using the specified string to identify which form variable field to bind to. |
| FormParameter(String, String) |
Initializes a new named instance of the FormParameter class, using the specified string to identify which form variable field to bind to. |
| FormParameter(String, TypeCode, String) |
Initializes a new named and strongly typed instance of the FormParameter class, using the specified string to identify which form variable to bind to. |
Properties
| ConvertEmptyStringToNull |
Gets or sets a value indicating whether the value that the Parameter object is bound to should be converted to |
| DbType |
Gets or sets the database type of the parameter. (Inherited from Parameter) |
| DefaultValue |
Specifies a default value for the parameter, should the value that the parameter is bound to be uninitialized when the Evaluate(HttpContext, Control) method is called. (Inherited from Parameter) |
| Direction |
Indicates whether the Parameter object is used to bind a value to a control, or the control can be used to change the value. (Inherited from Parameter) |
| FormField |
Gets or sets the name of the form variable that the parameter binds to. |
| IsTrackingViewState |
Gets a value indicating whether the Parameter object is saving changes to its view state. (Inherited from Parameter) |
| Name |
Gets or sets the name of the parameter. (Inherited from Parameter) |
| Size |
Gets or sets the size of the parameter. (Inherited from Parameter) |
| Type |
Gets or sets the type of the parameter. (Inherited from Parameter) |
| ValidateInput |
Gets or sets a value that indicates whether the client input in the parameter is validated. |
| ViewState |
Gets a dictionary of state information that allows you to save and restore the view state of a Parameter object across multiple requests for the same page. (Inherited from Parameter) |
Methods
| Clone() |
Returns a duplicate of the current FormParameter instance. |
| Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
| Evaluate(HttpContext, Control) |
Updates and returns the value of the FormParameter object. |
| GetDatabaseType() |
Gets the DbType value that is equivalent to the CLR type of the current Parameter instance. (Inherited from Parameter) |
| GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
| GetType() |
Gets the Type of the current instance. (Inherited from Object) |
| LoadViewState(Object) |
Restores the data source view's previously saved view state. (Inherited from Parameter) |
| MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
| OnParameterChanged() |
Calls the OnParametersChanged(EventArgs) method of the ParameterCollection collection that contains the Parameter object. (Inherited from Parameter) |
| SaveViewState() |
Saves the changes to the Parameter object's view state since the time the page was posted back to the server. (Inherited from Parameter) |
| SetDirty() |
Marks the Parameter object so its state will be recorded in view state. (Inherited from Parameter) |
| ToString() |
Converts the value of this instance to its equivalent string representation. (Inherited from Parameter) |
| TrackViewState() |
Causes the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page. (Inherited from Parameter) |
Explicit Interface Implementations
| ICloneable.Clone() |
Returns a duplicate of the current Parameter instance. (Inherited from Parameter) |
| IStateManager.IsTrackingViewState |
Gets a value indicating whether the Parameter object is saving changes to its view state. (Inherited from Parameter) |
| IStateManager.LoadViewState(Object) |
Restores the data source view's previously saved view state. (Inherited from Parameter) |
| IStateManager.SaveViewState() |
Saves the changes to the Parameter object's view state since the time the page was posted back to the server. (Inherited from Parameter) |
| IStateManager.TrackViewState() |
Causes the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page. (Inherited from Parameter) |
