Hi guys,
I have been reading up:
http://devnet.kentico.com/Forums.aspx?forumid=45&threadid=17356
I'm having a similar issue trying to resolve a custom macro below. However the quotes wrapped around the date are causing the SQL injections.
I have tried adding this as an inline macro within the portal repeater web part with the '|(sqlescape)false' parameter but didn't have any luck.
I've also tried adding the this.SQLProperties = ""; line into the cmsrepeater web part in the SetupControl method but didn't have any luck there either. Each load would just reload the default parameters back in.
if (CMSContext.CurrentDocument.DocumentName.ToLower() == "new arrivals")
{
sbResult.AppendFormat(" AND (DateCreated > CONVERT(date, '{0}', 103))", DateTime.Now.AddDays(-14));
}
e.Match = true;
e.Result = sbResult.ToString();
Appreciate any advice