ObjectDataSource控制項並不直接與資料庫之間進行連接,可以通過對業務物件的調用,實現對資料庫的操作。
一、ObjectDataSource控制項的幾個重要屬性
SelectMethod:ObjectDataSource控制項執行查詢時調用的方法名。
DeleteMethod:ObjectDataSource控制項執行刪除時調用的方法名。
UpdateMethod:ObjectDataSource控制項執行更新時調用的方法名。
InsertMethod:ObjectDataSource控制項執行插入時調用的方法名。
SelectMethod:ObjectDataSource控制項執行查詢時調用的方法名。
DeleteMethod:ObjectDataSource控制項執行刪除時調用的方法名。
UpdateMethod:ObjectDataSource控制項執行更新時調用的方法名。
InsertMethod:ObjectDataSource控制項執行插入時調用的方法名。
二、ObjectDataSource控制項的幾個重要方法
Select():調用SelectMethod進行查詢
Insert():調用InsertMethod進行插入
Update():調用UpdateMethod進行更新
Delete():調用DeleteMethod進行刪除
Select():調用SelectMethod進行查詢
Insert():調用InsertMethod進行插入
Update():調用UpdateMethod進行更新
Delete():調用DeleteMethod進行刪除
三、ObjectDataSource控制項的幾個重要的子元素
InsertParameters:為InsertMethod的方法提供參數
UpdateParameters:為UpdateMethod的方法提供參數
DeleteParameters:為DeleteMethod的方法提供參數
SelectParameters:為SelectMethod的方法提供參數
四、舉例
1.配置連接字串
2.編寫業務模組(此處我用資料庫的insert/update/delete/select來替代,在實際應用中,業務模組遠比此複雜)
在此業務功能模組用的是SQLDataSource物件讀取資料的,當然也可以用ADO.NET來讀取數據
public class FruitDA
{
private SqlDataSource sd;
public FruitDA()
{
sd = new SqlDataSource();
sd.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["conn1"].ToString();;
}
public DataView select()
{
sd.SelectCommand = "select * from fruit";
sd.DataSourceMode = SqlDataSourceMode.DataSet;
DataView ds = (DataView)sd.Select(DataSourceSelectArguments.Empty);
return ds;
}
public void update(string ids,string name,decimal price,string source,string stack)
{
sd.UpdateCommand = "update fruit set name = @name,price = @price,source = @source,stack = @stack where ids = @ids";
sd.UpdateParameters.Add("ids", TypeCode.String, ids);
sd.UpdateParameters.Add("name",TypeCode.String,name);
sd.UpdateParameters.Add("price", TypeCode.Decimal, price.ToString());
sd.UpdateParameters.Add("source",TypeCode.String,source);
sd.UpdateParameters.Add("stack",TypeCode.String,stack);
sd.Update();
}
public void insert(string ids, string name, decimal price, string source, string stack)
{
sd.InsertCommand = "insert into fruit (ids,name,price,source,stack) values(@ids,@name,@price,@source,@stack)";
sd.InsertParameters.Add("ids", TypeCode.String, ids);
sd.InsertParameters.Add("name", TypeCode.String, name);
sd.InsertParameters.Add("price", TypeCode.Decimal, price.ToString());
sd.InsertParameters.Add("source", TypeCode.String, source);
sd.InsertParameters.Add("stack", TypeCode.String, stack);
sd.Insert();
}
public void delete(string ids)
{
sd.DeleteCommand = "delete from fruit where ids = @ids";
sd.DeleteParameters.Add("ids",TypeCode.String,ids);
sd.Delete();
}
}
3.配置ObjectDataSource和GridView,實現update/select/delete功能
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataKeyNames="ids" DataSourceID="s">
<Columns>
<asp:CommandField ShowDeleteButton="True" ShowEditButton="True" />
<asp:BoundField DataField="ids" />
<asp:BoundField DataField="name" />
<asp:BoundField DataField="price" />
<asp:BoundField DataField="source" />
<asp:BoundField DataField="stack" />
</Columns>
</asp:GridView>
<asp:ObjectDataSource ID="s" runat="server" SelectMethod="select" TypeName="FruitDA" DeleteMethod="delete" UpdateMethod="update" InsertMethod="insert" >
<DeleteParameters>
<asp:Parameter Name="ids" Type="String" />
</DeleteParameters>
<UpdateParameters>
<asp:Parameter Name="ids" Type="String" />
<asp:Parameter Name="name" Type="String" />
<asp:Parameter Name="price" Type="Decimal" />
<asp:Parameter Name="source" Type="String" />
<asp:Parameter Name="stack" Type="String" />
</UpdateParameters>
<InsertParameters>
<asp:ControlParameter Name="ids" ControlID = "txtIds" Type="String" />
<asp:ControlParameter Name="name" ControlID = "txtName" Type="String" />
<asp:ControlParameter Name="price" ControlID = "txtPrice" Type="Decimal" />
<asp:ControlParameter Name="source" ControlID = "txtSource" Type="String" />
<asp:ControlParameter Name="stack" ControlID = "txtStack" Type="String" />
</InsertParameters>
</asp:ObjectDataSource>
<asp:TextBox ID="txtIds" runat="server"></asp:TextBox>
<asp:TextBox ID="txtName" runat="server"></asp:TextBox>
<asp:TextBox ID="txtPrice" runat="server"></asp:TextBox>
<asp:TextBox ID="txtSource" runat="server"></asp:TextBox>
<asp:TextBox ID="txtStack" runat="server"></asp:TextBox><br />
<asp:Button ID="Button1" runat="server" Text="Insert" OnClick="Button1_Click" />
4.實現插入功能的代碼
protected void Button1_Click(object sender, EventArgs e)
{
s.Insert();
}
InsertParameters:為InsertMethod的方法提供參數
UpdateParameters:為UpdateMethod的方法提供參數
DeleteParameters:為DeleteMethod的方法提供參數
SelectParameters:為SelectMethod的方法提供參數
四、舉例
1.配置連接字串
2.編寫業務模組(此處我用資料庫的insert/update/delete/select來替代,在實際應用中,業務模組遠比此複雜)
在此業務功能模組用的是SQLDataSource物件讀取資料的,當然也可以用ADO.NET來讀取數據
public class FruitDA
{
private SqlDataSource sd;
public FruitDA()
{
sd = new SqlDataSource();
sd.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["conn1"].ToString();;
}
public DataView select()
{
sd.SelectCommand = "select * from fruit";
sd.DataSourceMode = SqlDataSourceMode.DataSet;
DataView ds = (DataView)sd.Select(DataSourceSelectArguments.Empty);
return ds;
}
public void update(string ids,string name,decimal price,string source,string stack)
{
sd.UpdateCommand = "update fruit set name = @name,price = @price,source = @source,stack = @stack where ids = @ids";
sd.UpdateParameters.Add("ids", TypeCode.String, ids);
sd.UpdateParameters.Add("name",TypeCode.String,name);
sd.UpdateParameters.Add("price", TypeCode.Decimal, price.ToString());
sd.UpdateParameters.Add("source",TypeCode.String,source);
sd.UpdateParameters.Add("stack",TypeCode.String,stack);
sd.Update();
}
public void insert(string ids, string name, decimal price, string source, string stack)
{
sd.InsertCommand = "insert into fruit (ids,name,price,source,stack) values(@ids,@name,@price,@source,@stack)";
sd.InsertParameters.Add("ids", TypeCode.String, ids);
sd.InsertParameters.Add("name", TypeCode.String, name);
sd.InsertParameters.Add("price", TypeCode.Decimal, price.ToString());
sd.InsertParameters.Add("source", TypeCode.String, source);
sd.InsertParameters.Add("stack", TypeCode.String, stack);
sd.Insert();
}
public void delete(string ids)
{
sd.DeleteCommand = "delete from fruit where ids = @ids";
sd.DeleteParameters.Add("ids",TypeCode.String,ids);
sd.Delete();
}
}
3.配置ObjectDataSource和GridView,實現update/select/delete功能
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataKeyNames="ids" DataSourceID="s">
<Columns>
<asp:CommandField ShowDeleteButton="True" ShowEditButton="True" />
<asp:BoundField DataField="ids" />
<asp:BoundField DataField="name" />
<asp:BoundField DataField="price" />
<asp:BoundField DataField="source" />
<asp:BoundField DataField="stack" />
</Columns>
</asp:GridView>
<asp:ObjectDataSource ID="s" runat="server" SelectMethod="select" TypeName="FruitDA" DeleteMethod="delete" UpdateMethod="update" InsertMethod="insert" >
<DeleteParameters>
<asp:Parameter Name="ids" Type="String" />
</DeleteParameters>
<UpdateParameters>
<asp:Parameter Name="ids" Type="String" />
<asp:Parameter Name="name" Type="String" />
<asp:Parameter Name="price" Type="Decimal" />
<asp:Parameter Name="source" Type="String" />
<asp:Parameter Name="stack" Type="String" />
</UpdateParameters>
<InsertParameters>
<asp:ControlParameter Name="ids" ControlID = "txtIds" Type="String" />
<asp:ControlParameter Name="name" ControlID = "txtName" Type="String" />
<asp:ControlParameter Name="price" ControlID = "txtPrice" Type="Decimal" />
<asp:ControlParameter Name="source" ControlID = "txtSource" Type="String" />
<asp:ControlParameter Name="stack" ControlID = "txtStack" Type="String" />
</InsertParameters>
</asp:ObjectDataSource>
<asp:TextBox ID="txtIds" runat="server"></asp:TextBox>
<asp:TextBox ID="txtName" runat="server"></asp:TextBox>
<asp:TextBox ID="txtPrice" runat="server"></asp:TextBox>
<asp:TextBox ID="txtSource" runat="server"></asp:TextBox>
<asp:TextBox ID="txtStack" runat="server"></asp:TextBox><br />
<asp:Button ID="Button1" runat="server" Text="Insert" OnClick="Button1_Click" />
4.實現插入功能的代碼
protected void Button1_Click(object sender, EventArgs e)
{
s.Insert();
}
ControlParameter:以表單控制項的屬性值作為參數
FormParameter:以表單控制項的id作為參數
CookieParameter:以Cookie值作為參數
SessionParameter:以Session值作為參數
QuaryStringParameter:以查詢字串作為參數
ProfileParameter:以個性化設置的內容作為參數
在ado.net1.1中好象中只有一種參數類型,為什麼要在這裏出現這麼多的參數類型?
1、檢查參數的來源類型,防止篡改Cookie或QuaryString的值進地攻擊
2、對參數的長度進行檢查
3、對注入式攻擊的代碼進行安全處理
參數舉例:
1 .ControParameter
protected void Button1_Click(object sender, EventArgs e)
{
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
//ddl是下拉清單
ControlParameter param = new ControlParameter("ids", "ddl", "SelectedItem.Value");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
FormParameter:以表單控制項的id作為參數
CookieParameter:以Cookie值作為參數
SessionParameter:以Session值作為參數
QuaryStringParameter:以查詢字串作為參數
ProfileParameter:以個性化設置的內容作為參數
在ado.net1.1中好象中只有一種參數類型,為什麼要在這裏出現這麼多的參數類型?
1、檢查參數的來源類型,防止篡改Cookie或QuaryString的值進地攻擊
2、對參數的長度進行檢查
3、對注入式攻擊的代碼進行安全處理
參數舉例:
1 .ControParameter
protected void Button1_Click(object sender, EventArgs e)
{
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
//ddl是下拉清單
ControlParameter param = new ControlParameter("ids", "ddl", "SelectedItem.Value");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
2.SessionParameter
protected void Button2_Click(object sender, EventArgs e)
{
Session["data"] = txtIds.Text;
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
SessionParameter param = new SessionParameter("ids", "data");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
3.CookieParameter
protected void Button3_Click(object sender, EventArgs e)
{
Response.Cookies.Add(new HttpCookie("data",txtIds.Text));
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
CookieParameter param = new CookieParameter("ids", "data");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
4.QuryStringParameter
protected void Button4_Click(object sender, EventArgs e)
{
Response.Redirect("default5.aspx?id="+txtIds.Text);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["id"] != null)
{
Response.Cookies.Add(new HttpCookie("data", txtIds.Text));
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
QueryStringParameter param = new QueryStringParameter("ids", "id");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
}
}
5.FormParameter
protected void Button5_Click(object sender, EventArgs e)
{
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
FormParameter param = new FormParameter("ids", "ddl");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
protected void Button2_Click(object sender, EventArgs e)
{
Session["data"] = txtIds.Text;
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
SessionParameter param = new SessionParameter("ids", "data");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
3.CookieParameter
protected void Button3_Click(object sender, EventArgs e)
{
Response.Cookies.Add(new HttpCookie("data",txtIds.Text));
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
CookieParameter param = new CookieParameter("ids", "data");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
4.QuryStringParameter
protected void Button4_Click(object sender, EventArgs e)
{
Response.Redirect("default5.aspx?id="+txtIds.Text);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["id"] != null)
{
Response.Cookies.Add(new HttpCookie("data", txtIds.Text));
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
QueryStringParameter param = new QueryStringParameter("ids", "id");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
}
}
5.FormParameter
protected void Button5_Click(object sender, EventArgs e)
{
SqlDataSource1.SelectCommand = "select * from fruit where ids = @ids";
FormParameter param = new FormParameter("ids", "ddl");
SqlDataSource1.SelectParameters.Clear();
SqlDataSource1.SelectParameters.Add(param);
}
转载于:https://blog.51cto.com/zhjjzhjj/461234