Hi Xmod gurus,
I think I suspect the answer to this question, but you guys have often surprised me with solutions outside the box!
I've been trying to use the <xmod:select> statement as a type of input validation, and have not been having too much luck. We have an xmod template that returns training course information based on a courseID in the query string parameters, e.g. "?courseID=232050". which SQL needs to see as an integer.
Lately we've been hit by a bot that keeps submitting invalid courseID values. These generate a whole host of SQL data type errors in the event log, and we're trying to prevent that.
I surrounded the set of <xmod:template> blocks inside the template file with a select case statement that uses a regex to determine if the courseID was all digits and under a set length. The select case block does work, but it appears that the ListDataSource queries are run whether they are within a true case block or not and continue to generate the errors. Is that just the order of processing on the server side?
Here's my code example, simplified:
<xmod:select>
<case value='[[Url:courseid]]' operator="=" expression="^[0-9]{1,9}$" comparetype="regex">
<xmod:Template UsePaging="false" Ajax="False" AddRoles="" EditRoles="" DeleteRoles="" DetailRoles="">
<ListDataSource
CommandText="SELECT CourseTitle FROM Course WHERE CourseID = @courseID"
ConnectionString="[[ConnectionString:Courses]]">
<Parameter Name="CourseID" Value='[[Url:courseid]]' />
</ListDataSource>
<ItemTemplate>
<h1>[[CourseTitle]]</h1>
</ItemTemplate>
</xmod:Template>
</case>
</xmod:select>