Handle the SqlDataSource.Updating event to perform additional initialization operations that are specific to your application, to validate the values of parameters, or to change the parameter values before the System.Web.UI.WebControls.SqlDataSource control performs the update operation. The connection to the underlying data source is not yet open when the event handler delegate is called. Therefore, you cannot directly cancel the SqlDataSource.Update database operation by calling the System.Data.Common.DbCommand.Cancel method on the System.Data.Common.DbCommand object that is exposed by the System.Web.UI.WebControls.SqlDataSourceCommandEventArgs object. You can, however, cancel the database operation by setting the System.ComponentModel.CancelEventArgs.Cancel property of the System.Web.UI.WebControls.SqlDataSourceCommandEventArgs to true.
For more information about handling events, see Consuming Events.
Values are inserted into parameters without validation, which is a potential security threat. Use the SqlDataSource.Updating event to validate parameter values before executing the query. For more information, see Script Exploits Overview.