Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Configure a form to accept custom querystring parameters

Applies To: CRM 2015 on-prem, CRM Online

The ability to pass values to a Web page by using query strings represents a concern for security. Microsoft Dynamics CRM applies the best practice of always comparing any parameter passed as a query string against a list of expected parameter names and data types.

By default, Microsoft Dynamics CRM allows a specified set of query string parameters to be passed to a form. You use these parameters to set default values when you create a new record in the application. Each parameter must use a standard naming convention that includes a reference to the attribute logical name. For more information, see Set field values using parameters passed to a form.

In your applications, you may want to pass custom query string parameters to an entity form. This topic provides information about how you can define a set of specific parameter names and data types that can be accepted for a specific entity form.

There are two ways to specify which query string parameters will be accepted by the form:

  • Edit form properties

  • Edit form XML

When you edit an entity form, on the Home tab in the Form group, click Form Properties. In the Form Properties dialog box, select the Parameters tab.

Use this tab to modify the names and data types that the form allows.

Within the exported solution customizations.xml file, immediately following the footer element, you can add a <formparameters> (FormXml) element. In the <formparameters> element, add <querystringparameter> (FormXml) elements to specify which parameters will be allowed.

The following describes the querystringparameter element attributes, name and type:

  • name. Each name attribute must contain at least one underscore ('_') character, but the name of the query string parameter cannot begin with an underscore. The name also can’t start with “crm_”. We strongly recommend that you use the customization prefix of the solution publisher as the naming convention. A valid querystringparameter name attribute value is “myISV_contact_specialvalue”.

    If a querystringparameter element name is not unique, it may be overwritten by another parameter definition using a different data type.

  • Type. Match the data type values with the parameter values so that invalid data is not passed with the parameter. The following are valid data types:

    • Boolean

    • DateTime

    • Double

    • EntityType

    • Integer

    • Long

    • PositiveInteger

      PositiveInteger includes “0” in the range of valid values.

    • SafeString

    • UniqueId

    • UnsignedInt

See Also

Microsoft Dynamics CRM 2015 and Microsoft Dynamics CRM Online
Send comments about this topic to Microsoft.
© 2015 Microsoft. All rights reserved.
© 2015 Microsoft