Hello Greg,
The only thing extra that I would suggest is to escape query suggested by Brendon like this, which he has already mentioned in his answer. I reached out to Kentico recently for a case where value of parameter "p" could have apostrophe like "Greg's". You may get an error/incorrect results as it will get evaluated. This is primarily dropped to avoid any SQL injection attacks.
{% if(SQLEscape(QueryString.GetValue("p")) == "RB") { "PostedBy = 'Ray Block'" } |(handlesqlinjection)false @%}
Laura's Article is an excellent premier on best parctices while creating secure filters
Kentico's article on SQL Injection attack
Let us know if it helps