ObjectDataSource.FilterExpression 屬性
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
取得或設定呼叫 SelectMethod 屬性所指定之方法時套用的篩選條件運算式。
public:
property System::String ^ FilterExpression { System::String ^ get(); void set(System::String ^ value); };public string FilterExpression { get; set; }member this.FilterExpression : string with get, setPublic Property FilterExpression As String屬性值
表示使用 SelectMethod 屬性識別之方法或函式擷取資料時,所套用之篩選條件運算式的字串。
例外狀況
已設定 FilterExpression 屬性,但 Select() 方法沒有傳回 DataSet 或 DataTable。
範例
下列程式代碼範例示範如何使用 控件顯示篩選的數據,以從仲介層商務物件擷取數據 ObjectDataSource ,以及 GridView 顯示結果的控件。 ObjectDataSource只有當擷取數據的方法擷取數據做為 DataSet 或 DataTable 物件時,控件才能篩選數據。 基於這個理由, SelectMethod 屬性會識別將數據擷取為 DataSet的商業物件方法。
程式代碼範例包含 TextBox 控制項、 GridView 控制項、 ObjectDataSource 控制項和 [提交] 按鈕。 根據預設,會 TextBox 填入其中一個 Northwind Traders 員工的名稱。 會顯示 GridView 中 TextBox名稱所識別之員工的相關信息。 若要擷取另一位員工的數據,請在 中 TextBox輸入員工的完整名稱,然後按兩下 [ 提交 ] 按鈕。
屬性 FilterExpression 會指定表達式,用來篩選 屬性所指定方法所 SelectMethod 擷取的數據。 它會使用評估為集合中所含參數的參數 FilterParameters 佔位元。 在此範例中,參數佔位元會以單引號系結,因為參數的類型是可能包含空格的字串類型。 如果參數的類型是數值或日期類型,則不需要周框引號。
重要
這個範例有一個可接受使用者輸入的文字方塊,這可能會造成安全性威脅。 根據預設,ASP.NET Web 網頁會驗證使用者輸入未包含指令碼或 HTML 項目。 如需詳細資訊,請參閱 Script Exploits Overview (指令碼攻擊概觀)。
<%@ Register TagPrefix="aspSample" Namespace="Samples.AspNet.CS" Assembly="Samples.AspNet.CS" %>
<%@ Page language="c#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
protected void ObjectDataSource1_Filtering(object sender, ObjectDataSourceFilteringEventArgs e)
{
if (Textbox1.Text == "")
{
e.ParameterValues.Clear();
e.ParameterValues.Add("FullName", "Nancy Davolio");
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>ObjectDataSource - C# Example</title>
</head>
<body>
<form id="Form1" method="post" runat="server">
<p>Show all users with the following name.</p>
<asp:textbox id="Textbox1" runat="server" text="Nancy Davolio" />
<asp:gridview
id="GridView1"
runat="server"
datasourceid="ObjectDataSource1"
autogeneratecolumns="False">
<columns>
<asp:boundfield headertext="ID" datafield="EmpID" />
<asp:boundfield headertext="Name" datafield="FullName" />
<asp:boundfield headertext="Street Address" datafield="Address" />
</columns>
</asp:gridview>
<!-- Security Note: The ObjectDataSource uses a FormParameter,
Security Note: which does not perform validation of input from the client. -->
<asp:objectdatasource
id="ObjectDataSource1"
runat="server"
selectmethod="GetAllEmployeesAsDataSet"
typename="Samples.AspNet.CS.EmployeeLogic"
filterexpression="FullName='{0}'" OnFiltering="ObjectDataSource1_Filtering">
<filterparameters>
<asp:formparameter name="FullName" formfield="Textbox1" defaultvalue="Nancy Davolio" />
</filterparameters>
</asp:objectdatasource>
<p><asp:button id="Button1" runat="server" text="Search" /></p>
</form>
</body>
</html>
<%@ Register TagPrefix="aspSample" Namespace="Samples.AspNet.VB" Assembly="Samples.AspNet.VB" %>
<%@ Page language="vb" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Protected Sub ObjectDataSource1_Filtering(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.ObjectDataSourceFilteringEventArgs)
If Textbox1.Text = "" Then
e.ParameterValues.Clear()
e.ParameterValues.Add("FullName", "Nancy Davolio")
End If
End Sub
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>ObjectDataSource - VB Example</title>
</head>
<body>
<form id="Form1" method="post" runat="server">
<p>Show all users with the following name.</p>
<asp:textbox id="Textbox1" runat="server" text="Nancy Davolio" />
<asp:gridview
id="GridView1"
runat="server"
datasourceid="ObjectDataSource1"
autogeneratecolumns="False">
<columns>
<asp:boundfield headertext="ID" datafield="EmpID" />
<asp:boundfield headertext="Name" datafield="FullName" />
<asp:boundfield headertext="Street Address" datafield="Address" />
</columns>
</asp:gridview>
<!-- Security Note: The ObjectDataSource uses a FormParameter,
Security Note: which does not perform validation of input from the client. -->
<asp:objectdatasource
id="ObjectDataSource1"
runat="server"
selectmethod="GetAllEmployeesAsDataSet"
typename="Samples.AspNet.VB.EmployeeLogic"
filterexpression="FullName='{0}'" OnFiltering="ObjectDataSource1_Filtering">
<filterparameters>
<asp:formparameter name="FullName" formfield="Textbox1" defaultvalue="Nancy Davolio" />
</filterparameters>
</asp:objectdatasource>
<p><asp:button id="Button1" runat="server" text="Search" /></p>
</form>
</body>
</html>
下列程式代碼範例提供上述程式代碼範例所使用的仲介層商務物件範例。 程式代碼範例包含兩個基本類別:
類別
EmployeeLogic,這是封裝商業規則的類別。類別
NorthwindEmployee,這是一個模型類別,其中包含從數據層載入和保存數據所需的基本功能。
為了簡單起見,類別 EmployeeLogic 會建立靜態數據集,而不是從數據層擷取數據。 此範例也很有幫助,因為此範例依賴您提供 Northwind Traders 員工的完整名稱來示範篩選。 如需完整的工作範例,您必須編譯並使用這些類別搭配提供的 Web Forms 程式代碼範例。
namespace Samples.AspNet.CS {
using System;
using System.Collections;
using System.Data;
using System.Web.UI.WebControls;
//
// EmployeeLogic is a stateless business object that encapsulates
// the operations you can perform on a NorthwindEmployee object.
//
public class EmployeeLogic {
// Returns a collection of NorthwindEmployee objects.
public static ICollection GetAllEmployees () {
ArrayList data = new ArrayList();
data.Add(new NorthwindEmployee(1,"Nancy","Davolio","507 - 20th Ave. E. Apt. 2A"));
data.Add(new NorthwindEmployee(2,"Andrew","Fuller","908 W. Capital Way"));
data.Add(new NorthwindEmployee(3,"Janet","Leverling","722 Moss Bay Blvd."));
data.Add(new NorthwindEmployee(4,"Margaret","Peacock","4110 Old Redmond Rd."));
data.Add(new NorthwindEmployee(5,"Steven","Buchanan","14 Garrett Hill"));
data.Add(new NorthwindEmployee(6,"Michael","Suyama","Coventry House Miner Rd."));
data.Add(new NorthwindEmployee(7,"Robert","King","Edgeham Hollow Winchester Way"));
return data;
}
public static NorthwindEmployee GetEmployee(object anID) {
ArrayList data = GetAllEmployees() as ArrayList;
int empID = Int32.Parse(anID.ToString());
return data[empID] as NorthwindEmployee;
}
//
// To support basic filtering, the employees cannot
// be returned as an array of objects, rather as a
// DataSet of the raw data values.
public static DataSet GetAllEmployeesAsDataSet () {
ICollection employees = GetAllEmployees();
DataSet ds = new DataSet("Table");
// Create the schema of the DataTable.
DataTable dt = new DataTable();
DataColumn dc;
dc = new DataColumn("EmpID", typeof(int)); dt.Columns.Add(dc);
dc = new DataColumn("FullName",typeof(string)); dt.Columns.Add(dc);
dc = new DataColumn("Address", typeof(string)); dt.Columns.Add(dc);
// Add rows to the DataTable.
DataRow row;
foreach (NorthwindEmployee ne in employees) {
row = dt.NewRow();
row["EmpID"] = ne.EmpID;
row["FullName"] = ne.FullName;
row["Address"] = ne.Address;
dt.Rows.Add(row);
}
// Add the complete DataTable to the DataSet.
ds.Tables.Add(dt);
return ds;
}
}
public class NorthwindEmployee {
public NorthwindEmployee (int anID,
string aFirstName,
string aLastName,
string anAddress) {
ID = anID;
firstName = aFirstName;
lastName = aLastName;
address = anAddress;
}
private object ID;
public string EmpID {
get { return ID.ToString(); }
}
private string lastName;
public string LastName {
get { return lastName; }
set { lastName = value; }
}
private string firstName;
public string FirstName {
get { return firstName; }
set { firstName = value; }
}
public string FullName {
get { return FirstName + " " + LastName; }
}
private string address;
public string Address {
get { return address; }
set { address = value; }
}
}
}
Imports System.Collections
Imports System.Data
Imports System.Web.UI.WebControls
Namespace Samples.AspNet.VB
'
' EmployeeLogic is a stateless business object that encapsulates
' the operations you can perform on a NorthwindEmployee object.
'
Public Class EmployeeLogic
' Returns a collection of NorthwindEmployee objects.
Public Shared Function GetAllEmployees() As ICollection
Dim data As New ArrayList()
data.Add(New NorthwindEmployee(1, "Nancy", "Davolio", "507 - 20th Ave. E. Apt. 2A"))
data.Add(New NorthwindEmployee(2, "Andrew", "Fuller", "908 W. Capital Way"))
data.Add(New NorthwindEmployee(3, "Janet", "Leverling", "722 Moss Bay Blvd."))
data.Add(New NorthwindEmployee(4, "Margaret", "Peacock", "4110 Old Redmond Rd."))
data.Add(New NorthwindEmployee(5, "Steven", "Buchanan", "14 Garrett Hill"))
data.Add(New NorthwindEmployee(6, "Michael", "Suyama", "Coventry House Miner Rd."))
data.Add(New NorthwindEmployee(7, "Robert", "King", "Edgeham Hollow Winchester Way"))
Return data
End Function 'GetAllEmployees
Public Shared Function GetEmployee(anID As Object) As NorthwindEmployee
Dim data As ArrayList = CType(GetAllEmployees(), ArrayList)
Dim empID As Integer = Int32.Parse(anID.ToString())
Return CType(data(empID),NorthwindEmployee)
End Function 'GetEmployee
' To support basic filtering, the employees cannot
' be returned as an array of objects, rather as a
' DataSet of the raw data values.
Public Shared Function GetAllEmployeesAsDataSet() As DataSet
Dim employees As ICollection = GetAllEmployees()
Dim ds As New DataSet("Table")
' Create the schema of the DataTable.
Dim dt As New DataTable()
Dim dc As DataColumn
dc = New DataColumn("EmpID", GetType(Integer))
dt.Columns.Add(dc)
dc = New DataColumn("FullName", GetType(String))
dt.Columns.Add(dc)
dc = New DataColumn("Address", GetType(String))
dt.Columns.Add(dc)
' Add rows to the DataTable.
Dim row As DataRow
Dim ne As NorthwindEmployee
For Each ne In employees
row = dt.NewRow()
row("EmpID") = ne.EmpID
row("FullName") = ne.FullName
row("Address") = ne.Address
dt.Rows.Add(row)
Next
' Add the complete DataTable to the DataSet.
ds.Tables.Add(dt)
Return ds
End Function 'GetAllEmployeesAsDataSet
End Class
Public Class NorthwindEmployee
Public Sub New(anID As Integer, aFirstName As String, aLastName As String, anAddress As String)
ID = anID
Me.aFirstName = aFirstName
Me.aLastName = aLastName
Me.aAddress = anAddress
End Sub
Private ID As Object
Public ReadOnly Property EmpID() As String
Get
Return ID.ToString()
End Get
End Property
Private aLastName As String
Public Property LastName() As String
Get
Return aLastName
End Get
Set
aLastName = value
End Set
End Property
Private aFirstName As String
Public Property FirstName() As String
Get
Return aFirstName
End Get
Set
aFirstName = value
End Set
End Property
Public ReadOnly Property FullName() As String
Get
Return FirstName & " " & LastName
End Get
End Property
Private aAddress As String
Public Property Address() As String
Get
Return aAddress
End Get
Set
aAddress = value
End Set
End Property
End Class
End Namespace
備註
只有當 方法傳DataSet回 或 DataTable 物件時,Select控件ObjectDataSource才支援篩選數據。
屬性所使用的 FilterExpression 語法是格式字串樣式表示式。 篩選表達式語法與 屬性所 Expression 接受的語法相同。 如果您將參數新增至 FilterParameters 集合,您也可以包含格式字串佔位元。 例如,在 "{0}" 表達式中包含 以取代參數值。 佔位元會根據集合中 FilterParameters 參數的索引來取代。
您可以在 屬性中包含 FilterExpression 參數。 如果參數的類型是字串或字元類型,請將參數括在單引號中。 如果參數是數值類型,則不需要引號。
集合 FilterParameters 包含針對屬性中找到 FilterExpression 的佔位元評估的參數。
屬性FilterExpression會委派給FilterExpression與 ObjectDataSource 控件相關聯之 對象的屬性ObjectDataSourceView。
注意
您應該驗證您從用戶端收到的任何篩選參數值。 運行時間只會將參數值取代為篩選表達式,並將其套用至 DataSet 方法所傳回的 Select 或 DataTable 物件。 如果您使用 FilterExpression 屬性做為安全性量值來限制傳回的項目數,則必須在篩選發生之前驗證參數值。
適用於
另請參閱
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應