System.Web.UI.WebControls.SqlDataSource.InsertCommand Property

Gets or sets the SQL string that the System.Web.UI.WebControls.SqlDataSource control uses to insert data into the underlying database.

Syntax

[System.ComponentModel.DefaultValue("")]
public string InsertCommand { set; get; }

Value

Documentation for this section has not yet been entered.

Remarks

The SqlDataSource.InsertCommand represents either an SQL query or the name of a stored procedure, and is used by the SqlDataSource.Insert method.

Because different database products use different varieties of SQL, the syntax of the SQL string depends on the current ADO.NET provider being used, which is identified by the SqlDataSource.ProviderName property. If the SQL string is a parameterized query or command, the placeholder of the parameter also depends on the ADO.NET provider being used. For example, if the provider is the System.Data.SqlClient, which is the default provider for the System.Web.UI.WebControls.SqlDataSource class, the placeholder of the parameter is '@parameterName'. However, if the provider is set to the System.Data.Odbc or System.Data.OleDb, the placeholder of the parameter is '?'. For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

The SqlDataSource.InsertCommand can be an SQL string or the name of a stored procedure, if the data source supports stored procedures.

This property delegates to the SqlDataSourceView.InsertCommand property of the System.Web.UI.WebControls.SqlDataSourceView that is associated with the System.Web.UI.WebControls.SqlDataSource control.

Note:

For security purposes, the SqlDataSource.InsertCommand property is not stored is view state. Because it is possible to decode the contents of view state on the client, storing sensitive information about the database structure in view state could result in an information disclosure vulnerability.

Note:

Values are inserted into parameters without validation, which is a potential security threat. Use the SqlDataSource.Filtering event to validate parameter values before executing the query. For more information, see Script Exploits Overview.

Requirements

Namespace: System.Web.UI.WebControls
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0