Creating Secure Filters in Kentico: Programmatically or QueryStrings
When doing any custom development, it is important to ensure you don’t make your site vulnerable to SQL injection attacks. Fortunately, Kentico provides developers and site administrators with easy ways to protect their sites. In this post, I provide a use case scenario on creating secure filters with Kentico programmatically, or using querystrings.
Consider this scenario: You are creating a new page type that will provide editors with an easy way to add cocktail recipes to your site. You want to provide a way to show how potent the drink is, but you don’t want to allow the editor to type in whatever they want because said editor lacks a censor. So, you decide to use the drop down list form control and limit what the editor can select. You also decide to allow users to filter by potency and search by drink name.