Morten Laske AI × Business Central
← Notes

Always sanitize AI-generated values before SetFilter in AL

Business CentralALAI

When you feed an AI-generated string straight into SetFilter, a stray &, |, ( or * turns into filter syntax and you get either a wrong result set or a runtime error — silently, on exactly the inputs you didn’t test.

Run every AI/user value through a sanitizer first, then filter:

SalesLine.SetFilter("No.", '%1', SanitizeForBCFilter(AiValue));

The model doesn’t know your filter grammar. Treat its output as untrusted input, same as you would a web form.