Handle the SqlDataSourceView.Filtering event to perform validation operations on filter parameter values before the System.Web.UI.WebControls.SqlDataSourceView object performs a filter operation. You can cancel the SqlDataSourceView.Select(System.Web.UI.DataSourceSelectArguments) method by setting the System.ComponentModel.CancelEventArgs.Cancel property of the System.Web.UI.WebControls.SqlDataSourceFilteringEventArgs object to true. The event is raised only if the SqlDataSourceView.FilterExpression property is set.
You should validate any filter parameter value that you receive from the client. The runtime simply substitutes the parameter value into the filter expression and applies it to the System.Data.DataView object that is returned by the ObjectDataSource.Select method. If you are using the ObjectDataSource.FilterExpression property as a security measure to limit the number of items that are returned, you must validate the parameter values before the filtering occurs.
For more information about handling events, see Consuming Events.