FormParameter Class

Definition

Binds the value of an HTTP request Form field to a parameter object.

public ref class FormParameter : System::Web::UI::WebControls::Parameter
public class FormParameter : System.Web.UI.WebControls.Parameter
type FormParameter = class
    inherit Parameter
Public Class FormParameter
Inherits Parameter
Inheritance
FormParameter

Examples

The following code example demonstrates how to insert data into a database using the SqlDataSource control and a simple ASP.NET Web page. The current data in the data table is displayed in the DropDownList control. You can add new records by entering values in the TextBox controls and clicking the button. When the button is clicked, the specified values are inserted into the database, and the DropDownList is refreshed.

Important

This example has a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@Page  Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
private void InsertShipper (object source, EventArgs e) {
  SqlDataSource1.Insert();
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:dropdownlist
        id="DropDownList1"
        runat="server"
        datasourceid="SqlDataSource1"
        datatextfield="CompanyName"
        datavaluefield="ShipperID" />

<!-- Security Note: The SqlDataSource uses a FormParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the FormParameter, handle the Inserting event. -->

      <asp:sqldatasource
        id="SqlDataSource1"
        runat="server"
        connectionstring="<%$ ConnectionStrings:MyNorthwind %>"
        selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
        insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
          <insertparameters>
            <asp:formparameter name="CoName" formfield="CompanyNameBox" />
            <asp:formparameter name="Phone"  formfield="PhoneBox" />
          </insertparameters>
      </asp:sqldatasource>

      <br /><asp:textbox
           id="CompanyNameBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator1"
        runat="server"
        ControlToValidate="CompanyNameBox"
        Display="Static"
        ErrorMessage="Please enter a company name." />

      <br /><asp:textbox
           id="PhoneBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator2"
        runat="server"
        ControlToValidate="PhoneBox"
        Display="Static"
        ErrorMessage="Please enter a phone number." />

      <br /><asp:button
           id="Button1"
           runat="server"
           text="Insert New Shipper"
           onclick="InsertShipper" />

    </form>
  </body>
</html>
<%@Page  Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
Private Sub InsertShipper (ByVal Source As Object, ByVal e As EventArgs)
  SqlDataSource1.Insert()
End Sub ' InsertShipper
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
  <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
    <form id="form1" runat="server">

      <asp:dropdownlist
        id="DropDownList1"
        runat="server"
        datasourceid="SqlDataSource1"
        datatextfield="CompanyName"
        datavaluefield="ShipperID" />

<!-- Security Note: The SqlDataSource uses a FormParameter,
     Security Note: which does not perform validation of input from the client.
     Security Note: To validate the value of the FormParameter, handle the Inserting event. -->

      <asp:sqldatasource
        id="SqlDataSource1"
        runat="server"
        connectionstring="<%$ ConnectionStrings:MyNorthwind %>"
        selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
        insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
          <insertparameters>
            <asp:formparameter name="CoName" formfield="CompanyNameBox" />
            <asp:formparameter name="Phone"  formfield="PhoneBox" />
          </insertparameters>
      </asp:sqldatasource>

      <br /><asp:textbox
           id="CompanyNameBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator1"
        runat="server"
        ControlToValidate="CompanyNameBox"
        Display="Static"
        ErrorMessage="Please enter a company name." />

      <br /><asp:textbox
           id="PhoneBox"
           runat="server" />

      <asp:RequiredFieldValidator
        id="RequiredFieldValidator2"
        runat="server"
        ControlToValidate="PhoneBox"
        Display="Static"
        ErrorMessage="Please enter a phone number." />

      <br /><asp:button
           id="Button1"
           runat="server"
           text="Insert New Shipper"
           onclick="InsertShipper" />

    </form>
  </body>
</html>

Remarks

You can use the FormParameter class to bind the value of a form variable in the Form collection to a parameter used in a parameterized query or command. Controls that bind data to the parameter might throw an exception if a FormParameter is specified but no corresponding form variable is passed. They might also display no data if the form variable is passed with no corresponding value. Set the DefaultValue to avoid these situations where appropriate.

The FormParameter class provides the FormField property, which identifies the name of the form variable to bind to, in addition to those inherited from the Parameter class.

Important

The FormParameter does not validate the value passed by the form element in any way; it uses the raw value. In most cases you can validate the value of the FormParameter before it is used by a data source control by handling an event, such as the Selecting, Updating, Inserting, or Deleting event exposed by the data source control you are using. If the value of the parameter does not pass your validation tests, you can cancel the data operation by setting the Cancel property of the associated CancelEventArgs class to true.

Constructors

FormParameter()

Initializes a new unnamed instance of the FormParameter class.

FormParameter(FormParameter)

Initializes a new instance of the FormParameter class with the values of the instance specified by the original parameter.

FormParameter(String, DbType, String)

Initializes a new instance of the FormParameter class, using the specified string to identify which form variable field to bind to.

FormParameter(String, String)

Initializes a new named instance of the FormParameter class, using the specified string to identify which form variable field to bind to.

FormParameter(String, TypeCode, String)

Initializes a new named and strongly typed instance of the FormParameter class, using the specified string to identify which form variable to bind to.

Properties

ConvertEmptyStringToNull

Gets or sets a value indicating whether the value that the Parameter object is bound to should be converted to null if it is Empty.

(Inherited from Parameter)
DbType

Gets or sets the database type of the parameter.

(Inherited from Parameter)
DefaultValue

Specifies a default value for the parameter, should the value that the parameter is bound to be uninitialized when the Evaluate(HttpContext, Control) method is called.

(Inherited from Parameter)
Direction

Indicates whether the Parameter object is used to bind a value to a control, or the control can be used to change the value.

(Inherited from Parameter)
FormField

Gets or sets the name of the form variable that the parameter binds to.

IsTrackingViewState

Gets a value indicating whether the Parameter object is saving changes to its view state.

(Inherited from Parameter)
Name

Gets or sets the name of the parameter.

(Inherited from Parameter)
Size

Gets or sets the size of the parameter.

(Inherited from Parameter)
Type

Gets or sets the type of the parameter.

(Inherited from Parameter)
ValidateInput

Gets or sets a value that indicates whether the client input in the parameter is validated.

ViewState

Gets a dictionary of state information that allows you to save and restore the view state of a Parameter object across multiple requests for the same page.

(Inherited from Parameter)

Methods

Clone()

Returns a duplicate of the current FormParameter instance.

Equals(Object)

Determines whether the specified object is equal to the current object.

(Inherited from Object)
Evaluate(HttpContext, Control)

Updates and returns the value of the FormParameter object.

GetDatabaseType()

Gets the DbType value that is equivalent to the CLR type of the current Parameter instance.

(Inherited from Parameter)
GetHashCode()

Serves as the default hash function.

(Inherited from Object)
GetType()

Gets the Type of the current instance.

(Inherited from Object)
LoadViewState(Object)

Restores the data source view's previously saved view state.

(Inherited from Parameter)
MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
OnParameterChanged()

Calls the OnParametersChanged(EventArgs) method of the ParameterCollection collection that contains the Parameter object.

(Inherited from Parameter)
SaveViewState()

Saves the changes to the Parameter object's view state since the time the page was posted back to the server.

(Inherited from Parameter)
SetDirty()

Marks the Parameter object so its state will be recorded in view state.

(Inherited from Parameter)
ToString()

Converts the value of this instance to its equivalent string representation.

(Inherited from Parameter)
TrackViewState()

Causes the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page.

(Inherited from Parameter)

Explicit Interface Implementations

ICloneable.Clone()

Returns a duplicate of the current Parameter instance.

(Inherited from Parameter)
IStateManager.IsTrackingViewState

Gets a value indicating whether the Parameter object is saving changes to its view state.

(Inherited from Parameter)
IStateManager.LoadViewState(Object)

Restores the data source view's previously saved view state.

(Inherited from Parameter)
IStateManager.SaveViewState()

Saves the changes to the Parameter object's view state since the time the page was posted back to the server.

(Inherited from Parameter)
IStateManager.TrackViewState()

Causes the Parameter object to track changes to its view state so they can be stored in the control's ViewState object and persisted across requests for the same page.

(Inherited from Parameter)

Applies to

See also