System.Web.UI.WebControls.SqlDataSource.UpdateCommand Property

Gets or sets the SQL string that the System.Web.UI.WebControls.SqlDataSource control uses to update data in the underlying database.

Syntax

[System.ComponentModel.DefaultValue("")]
public string UpdateCommand { set; get; }

Value

Documentation for this section has not yet been entered.

Remarks

The SqlDataSource.UpdateCommand represents an SQL query or the name of a stored procedure, and is used by the SqlDataSource.Update method.

Because different database products use different varieties of SQL, the syntax of the SQL string depends on the current ADO.NET provider being used, which is identified by the SqlDataSource.ProviderName property. If the SQL string is a parameterized query or command, the placeholder of the parameter also depends on the ADO.NET provider being used. For example, if the provider is the System.Data.SqlClient, which is the default provider for the System.Web.UI.WebControls.SqlDataSource class, the placeholder of the parameter is '@parameterName'. However, if the provider is set to the System.Data.Odbc or System.Data.OleDb, the placeholder of the parameter is '?'. For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

The SqlDataSource.UpdateCommand property can be an SQL string or the name of a stored procedure, if the data source supports stored procedures.

The SqlDataSource.UpdateCommand property delegates to the SqlDataSourceView.UpdateCommand property of the System.Web.UI.WebControls.SqlDataSourceView object that is associated with the System.Web.UI.WebControls.SqlDataSource control.

Note:

For security purposes, the SqlDataSource.UpdateCommand property is not stored is view state. Because it is possible to decode the contents of view state on the client, storing sensitive information about the database structure in view state could result in an information disclosure vulnerability.

Note:

Values are inserted into parameters without validation, which is a potential security threat. Use the SqlDataSource.Filtering event to validate parameter values before executing the query. For more information, see Script Exploits Overview.

Requirements

Namespace: System.Web.UI.WebControls
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0