SqlDataSource.DeleteParameters Property

Definition

Gets the parameters collection that contains the parameters that are used by the DeleteCommand property from the SqlDataSourceView object that is associated with the SqlDataSource control.

public:
 property System::Web::UI::WebControls::ParameterCollection ^ DeleteParameters { System::Web::UI::WebControls::ParameterCollection ^ get(); };
[System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)]
public System.Web.UI.WebControls.ParameterCollection DeleteParameters { get; }
[<System.Web.UI.PersistenceMode(System.Web.UI.PersistenceMode.InnerProperty)>]
member this.DeleteParameters : System.Web.UI.WebControls.ParameterCollection
Public ReadOnly Property DeleteParameters As ParameterCollection

Property Value

A ParameterCollection that contains the parameters used by the DeleteCommand property.

Attributes

Examples

The following code example demonstrates how to set the DeleteCommand text to delete an order from the Northwind database. Initially, data is retrieved from the Orders table and displayed in a DropDownList control. You must explicitly declare DeleteParameters property and call the Delete method when using data-bound controls, such as DropDownList (unlike other controls, such as GridView and DetailsView, which automatically populate the parameters and call Delete on a data source control). In this example, the OnClick event is delegated to the private OnDelete event handler, which explicitly calls the Delete method of the SqlDataSource control.

<%@Page  Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
private void OnDelete(Object sender, EventArgs e) {
    SqlDataSource1.Delete();
}
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
        <form id="form1" runat="server">

            <asp:SqlDataSource
                id="SqlDataSource1"
                runat="server"
                ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
                SelectCommand="SELECT OrderID FROM Orders"
                DeleteCommand="DELETE FROM [Order Details] WHERE OrderID=@OrderID;DELETE FROM Orders WHERE OrderID=@OrderID;">
                <DeleteParameters>
                    <asp:ControlParameter Name="OrderID" ControlId="DropDownList1" PropertyName="SelectedValue" />
                </DeleteParameters>
            </asp:SqlDataSource>

            <asp:DropDownList
                id="DropDownList1"
                runat="server"
                DataTextField="OrderID"
                DataValueField="OrderID"
                DataSourceID="SqlDataSource1">
            </asp:DropDownList>

            <asp:Button
                id="Button1"
                runat="server"
                Text="Delete Order"
                OnClick="OnDelete">
            </asp:Button>

        </form>
    </body>
</html>
<%@Page  Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
 Sub On_Delete(ByVal sender As Object, ByVal e As EventArgs)
    SqlDataSource1.Delete()
 End Sub 'On_Delete
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head>
    <title>ASP.NET Example</title>
</head>

    <body>
        <form id="form1" runat="server">

            <asp:SqlDataSource
                id="SqlDataSource1"
                runat="server"
                ConnectionString="<%$ ConnectionStrings:MyNorthwind%>"
                SelectCommand="SELECT OrderID FROM Orders"
                DeleteCommand="DELETE FROM [Order Details] WHERE OrderID=@OrderID;DELETE FROM Orders WHERE OrderID=@OrderID;">
                <DeleteParameters>
                    <asp:ControlParameter Name="OrderID" ControlId="DropDownList1" PropertyName="SelectedValue" />
                </DeleteParameters>
            </asp:SqlDataSource>

            <asp:DropDownList
                id="DropDownList1"
                runat="server"
                DataTextField="OrderID"
                DataValueField="OrderID"
                DataSourceID="SqlDataSource1">
            </asp:DropDownList>

            <asp:Button
                id="Button1"
                runat="server"
                Text="Delete Order"
                OnClick="On_Delete">
            </asp:Button>

        </form>
    </body>
</html>

Remarks

If the DeleteCommand property contains a parameterized SQL query, the DeleteParameters collection contains any Parameter objects that correspond to the parameter placeholders in the SQL string.

Note

Make sure that no BoundField controls in the data-bound control that you bind to the SqlDataSource control have names that match any parameter names in the DeleteParameters collection. Parameters that have the same name as bound fields are excluded from the SQL command, and a "parameter was not supplied" error might result.

If the ConflictDetection property is set to the CompareAllValues value, the parameters are created for both the old and new values of the data. The parameters for the old values are named according to the OldValuesParameterFormatString property.

Depending on the ADO.NET provider, the order of the parameters in the DeleteParameters collection might be important. The System.Data.OleDb and System.Data.Odbc providers associate the parameters in the collection according to the order in which the parameters appear in the parameterized SQL query. The System.Data.SqlClient provider, which is the default ADO.NET provider for the SqlDataSource control, associates the parameters in the collection by matching the name of the parameter with the placeholder in the SQL query. For more information about parameterized SQL queries and commands, see Using Parameters with the SqlDataSource Control.

The DeleteParameters property retrieves the DeleteParameters property that is contained by the SqlDataSourceView object that is associated with the SqlDataSource control.

Important

Values are inserted into parameters without validation, which is a potential security threat. Use the Deleting event to validate parameter values before executing the query. For more information, see Script Exploits Overview.

Applies to

See also