I'm building a web store. When a visitor clicks on a product category link, such as "Furniture" or "Clothing", I would pass the a variable that represented their selection via a querystring. This variable would be used in my SQL code to retrive the products from my database and load them onto the page.
Is there a better more secure way of doing this? Any suggestions would be appriciated. Thanks!