SqlDataSourceView.FilterExpression Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets or sets a filtering expression that is applied when the Select method is called.
public:
property System::String ^ FilterExpression { System::String ^ get(); void set(System::String ^ value); };public string FilterExpression { get; set; }member this.FilterExpression : string with get, setPublic Property FilterExpression As StringProperty Value
A string that represents a filtering expression applied when data is retrieved using the Select(DataSourceSelectArguments) method.
Exceptions
The FilterExpression property was set when the SqlDataSource is in the DataReader mode.
Examples
The following code example demonstrates how to retrieve data from the Northwind database and filter it using the FilterExpression and FilterParameters properties. The FilterExpression property of the SqlDataSource control is applied any time the Select method is executed to retrieve data. In this example, the FilterExpression property contains a placeholder for a filter parameter, which is contained in the FilterParameters collection. In this example, the filter parameter is a ControlParameter object that is bound to the SelectedValue property of the DropDownList control. Because the DropDownList control has its AutoPostBack property set to true, any change in the DropDownList selection causes the page to post to the server and the GridView control to rebind to the data source control with the new filter.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="form1" runat="server">
<p>Show all employees with the following title:
<asp:DropDownList
id="DropDownList1"
runat="server"
AutoPostBack="True">
<asp:ListItem Selected="True">Sales Representative</asp:ListItem>
<asp:ListItem>Sales Manager</asp:ListItem>
<asp:ListItem>Vice President, Sales</asp:ListItem>
</asp:DropDownList></p>
<asp:SqlDataSource
id="SqlDataSource1"
runat="server"
ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
SelectCommand="SELECT EmployeeID,FirstName,LastName,Title FROM Employees"
FilterExpression="Title='{0}'">
<FilterParameters>
<asp:ControlParameter Name="Title" ControlId="DropDownList1" PropertyName="SelectedValue"/>
</FilterParameters>
</asp:SqlDataSource>
<p><asp:GridView
id="GridView1"
runat="server"
DataSourceID="SqlDataSource1"
AutoGenerateColumns="False">
<columns>
<asp:BoundField Visible="False" DataField="EmployeeID" />
<asp:BoundField HeaderText="First Name" DataField="FirstName" />
<asp:BoundField HeaderText="Last Name" DataField="LastName" />
</columns>
</asp:GridView></p>
</form>
</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="form1" runat="server">
<p>Show all employees with the following title:
<asp:DropDownList
id="DropDownList1"
runat="server"
AutoPostBack="True">
<asp:ListItem Selected="True">Sales Representative</asp:ListItem>
<asp:ListItem>Sales Manager</asp:ListItem>
<asp:ListItem>Vice President, Sales</asp:ListItem>
</asp:DropDownList></p>
<asp:SqlDataSource
id="SqlDataSource1"
runat="server"
ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
SelectCommand="SELECT EmployeeID,FirstName,LastName,Title FROM Employees"
FilterExpression="Title='{0}'">
<FilterParameters>
<asp:ControlParameter Name="Title" ControlId="DropDownList1" PropertyName="SelectedValue"/>
</FilterParameters>
</asp:SqlDataSource>
<p><asp:GridView
id="GridView1"
runat="server"
DataSourceID="SqlDataSource1"
AutoGenerateColumns="False">
<columns>
<asp:BoundField Visible="False" DataField="EmployeeID" />
<asp:BoundField HeaderText="First Name" DataField="FirstName" />
<asp:BoundField HeaderText="Last Name" DataField="LastName" />
</columns>
</asp:GridView></p>
</form>
</body>
</html>
Remarks
The syntax that is used for the FilterExpression property is a format string-style syntax. You can include parameters in the FilterExpression property. If the type of the parameter is string or character, enclose the parameter in single quotation marks. Quotation marks are not required, if the parameter is a numeric type.
The FilterParameters collection contains the parameters that are evaluated for the placeholders that are found in the FilterExpression property.
The SqlDataSource control supports filtering data only when in DataSet mode.
The value of the FilterExpression property is stored in view state.
Important
You should validate any filter parameter value that you receive from the client. The runtime simply substitutes the parameter value into the filter expression and applies it to the DataView object that is returned by the Select method. If you are using the FilterExpression property as a security measure to limit the number of items that are returned, you must validate the parameter values before the filtering occurs.
