How to sanitize a query string when used with a databound repeater control?

Given the following URL:

domain.com/page.aspx?id=123

How can I sanitize that query string value when it is used on a Databound Control such as a repeaters SqlDataSource?

开发者_JS百科<asp:SqlDataSource ID="projectDataSource" runat="server" 
    ConnectionString="MyConnectionStrings" 
    SelectCommand="select foo from bar">
    <SelectParameters>
        <asp:QueryStringParameter 
            DefaultValue="0" 
            Name="idfromqs" 
            QueryStringField="id" 
            Type="Int32" />
    </SelectParameters>
</asp:SqlDataSource>

Such that ?id=asdf does not result in an error?

These similar questions have good answers, but none of them seem to quite match my problem

• Validate QueryStrings in ASP.NET (check occurs in code behind file)
• How to intercept and pre-process QueryStrings in Asp.Net (seems to drastic for a simple check)

Note: This is an internal application that is limited to a small block of local ip address. I'm less worried about malicious sql injection and more about preventing less savvy users from seeming nasty error messages.

---

You could use the Selecting event of the SQLDataSource where you can check the querysting value. This event fires before the Select Method is called.

protected void SqlDataSource1_Selecting(object sender, SqlDataSourceSelectingEventArgs e)
{
    SqlDataSource1.SelectParameters.Clear(); //Clear existing parameters
    // based on your check, you can pass the default value
    SqlDataSource1.SelectParameters["idfromqs"].DefaultValue = "Set Value here";

}

---

Just take the type off. A querystring is a already string, unless you convert it explicitly to something else (like an int32). If there's some reason to convert it to an int32, you can do that later int he code where it's easier to apply logic to.

<asp:QueryStringParameter 
   DefaultValue="0" 
   Name="idfromqs" 
   QueryStringField="id" />