QueryString(ParameterName, Options)

Retrieves the values of the parameters in the HTTP query string. Allows you to filter the values to be returned. Provides an additional level of security in Sage CRM customizations.

Parameters
  • ParameterName. Specifies the name of the parameter to retrieve.
  • Options. Allows you to filter the parameter values to retrieve. Can take one or several of the following values:
    • IntegersOnly. Returns only integers from the parameter value. This value is useful if you want to get a record ID.
    • WordOnly. Returns only the following characters from the parameter value:
      A-Z, a-z, 0-9, underscore (_). This value is useful if you're expecting a single value to be returned.
    • SQLInjection. Applies a SQL injection filter to protect against SQL injection attacks. If an injection attempt is identified, a blank value is returned.
    • XSS. Applies a cross-site scripting filter to protect against XSS attacks. Returns only content that passes the filter. This value is useful if you expect plain text to be returned.

    When using several Options values, use a comma as a separator.
    When the Options parameter is omitted, SQLInjection and XSS are used by default.

Return value

String

Examples
Copy 
var myParam = CRM.QueryString('MyParameter', 'SQLInjection, XSS')

Applies both the SQL injection and cross-site scripting filters. This line of code performs the same action as var myParam = CRM.QueryString('MyParameter')