Welcome to Vortx Community Forum, where you can ask questions and receive answers from the staff at Vortx and other members of the community.

If you had a user account on our previous forums website, you will need to register a new account here.

Learn more about...


Replace UpsellProducts with Querystring?


I’m trying to send a link from an email to storefront and have that list of items displayed as upsell products on the product page. I’m sending a link ending in “../p-12345-product.aspx?usid=12345,12346,13247” and have turned it into a parameter on product.replaceupsell.xml.config using:  


<xsl:param name="USIDs" select="/root/QueryString/usid" />


This returns a nicely formatted comma separated product list using:

<xsl:value-of select="$USIDs"/>


I’ve been working with <xsl:variable name="ProductIdsOnPage"> in upsellproducts.xml.config and <xsl:value-of select="aspdnsf:ShowUpsellProducts(ProductID)" disable-output-escaping="yes"/> in my product.simpleReplaceUpsell.xml.config, but can’t seem to figure out where/how to replace the <UpsellProducts> element with my query string results.


Any guidance or suggestions would be appreciated.

Thank you,




No source code
asked Apr 14, 2014 in MultiStore by butcher (130 points)

1 Answer

0 votes

Eric, if you are passing the commad delimited list as a Query String, make sure to first run it via some validator and pass in as Runtime Parameter into your Product XmlPackage... if you read it via the Query String (in SQL block) it would be very prone to SQL injection!

With that said, try to read in that Query String on the showproduct.aspx.cs, then validate it if ok, and then send into your XmlPackage runtime further down that page as a Runtime parameter...

Thank you,
Compunix, LLC (Phoenix, AZ)
AspDotNetStorefront Development Partner and Reseller since 2005
 AspDotNetStorefront add-ons and plugins : http://www.ecommercecartmods.com
 Complete Automotive Solution : http://www.autopartsshoppingcart.com
answered Apr 14, 2014 by jsimacek (6,825 points)