Right. If you can get it from viewstate that would be better. Then you could EnableViewStateMAC to prevent tampering.
Also, this method just puts it back into the dataset. You still have a chance to fire business rules before updating into the database.
>>>What I do to fix it is I iterate through the form that is posted back and I compare the control id's with the datasets column names. If there are any matches, I update the dataset with the form's value. I call this round-trip databinding and it works well. You just have to remember to name your controls the same as your dataset columns.
>>
>>Cool idea, and thanks for this info.
>
>Just a warning, this can possibly open security holes in your applications if you're not careful. Doing this makes it possible for someone to stuff other fields/values into the response string which then gets saved into your data, which could be a problem.