I use SPGridView to represent some data and have activated the filtering ability, which works very well. Until you select a specific item in the data to filter ...
In the data element in question there is an apostrophe in the line (for example, "this is the line of the rich"), which leads to the death of the page after the filter:
Syntax error: Missing operand after 's' operator.
Obviously, the data does not automatically become safe ...
Data is in a data format, and an SPGridView is transmitted using an objectdatasource using a datatable.
What is the best or the right data security method?
EDIT:
After long clips, I found a partial answer, but the question still remains.
The partial answer is that you can make the data safe for the filter code, but then you cannot make it correct in the filter drop-down list.
Adding BoundField.HtmlEncode = true; SPGridView does nothing to the definition.
Using HttpUtility.HtmlEncode in a string does nothing.
Manually replace all apostrophes in the data with ampersand # 39; when inserted into a DataTable, the filter works fine, and the data is displayed in the SPGridView, but it is displayed with the replacement of the html string in the drop-down list of the filter, and not with an apostrophe character. This is a partial solution and is not actually used because it creates a terrible filter string that is visible to the end user.
I still have to find a complete solution to this problem, except that you remove offensive characters from the data in general, which is not really a solution.