submitting a GET form with query string params and hidden params disappear

Question

Consider this form   lt form action  quot http   www blabla com a 1 amp b 2 quot  method  quot GET quot  gt       lt input type  quot hidden quot  name  quot c quot  value  quot 3 quot    gt    lt  form gt   When submitting this GET form  the parameters a and b are disappearing  Is there a reason for that  Is there a way of avoiding this behaviour

User · Answer

I usually write something like this   foreach   GET as  key  gt  content           echo   lt input type  hidden  name   key  value   content   gt        This is working  but don t forget to sanitize your inputs against XSS attacks

User · Answer

In HTML5  this is per-spec behaviour   See http   www w3 org TR 2011 WD-html5-20110525 association-of-controls-and-forms html form-submission-algorithm  Look at  4 10 22 3 Form submission algorithm   step 17   In the case of a GET form to an http s URI with a query string      Let destination be a new URL that is equal to the action except that   its  lt query gt  component is replaced by query  adding a U 003F QUESTION   MARK character     if appropriate     So  your browser will trash the existing        part of your URI and replace it with a new one based on your form   In HTML 4 01  the spec produces invalid URIs - most browsers didn t actually do this though    See http   www w3 org TR html401 interact forms html h-17 13 3  step four - the URI will have a   appended  even if it already contains one

User · Answer

Isn t that what hidden parameters are for to start with      lt form action  quot http   www example com quot  method  quot GET quot  gt     lt input type  quot hidden quot  name  quot a quot  value  quot 1 quot    gt      lt input type  quot hidden quot  name  quot b quot  value  quot 2 quot    gt      lt input type  quot hidden quot  name  quot c quot  value  quot 3 quot    gt      lt input type  quot submit quot    gt    lt  form gt   I wouldn t count on any browser retaining any existing query string in the action URL  As the specifications  RFC1866  page 46  HTML 4 x section 17 13 3  state   If the method is  quot get quot  and the action is an HTTP URI  the user agent takes the value of action  appends a     to it  then appends the form data set  encoded using the  quot application x-www-form-urlencoded quot  content type   Maybe one could percent-encode the action-URL to embed the question mark and the parameters  and then cross one s fingers to hope all browsers would leave that URL as it  and validate that the server understands it too   But I d never rely on that  By the way  it s not different for non-hidden form fields  For POST the action URL could hold a query string though

User · Answer

This is in response to the above post by Efx   If the URL already contains the var you want to change  then it is added yet again as a hidden field   Here is a modification of that code as to prevent duplicating vars in the URL   foreach    GET as  key   gt   value        if   key     my key             echo   lt input type  hidden  name   key  value   value   gt

User · Answer

You should include the two items  a and b  as hidden input elements as well as C

User · Answer

If you need workaround  as this form can be placed in 3rd party systems  you can use Apache mod rewrite like this   RewriteRule  dummy link  index php a 1 amp b 2  QSA L    then your new form will look like this    lt form     action  http  www blabla com dummy link  method  GET  gt   lt input type  hidden  name  c  value  3    gt    lt  form gt    and Apache will append 3rd parameter to query

User · Answer

lt form     action  http  www blabla com a 1 amp b 2  method   POST  gt   lt input type  hidden  name  c  value  3    gt    lt  form gt    change the request method to  POST  instead of  GET

User · Answer

What you can do is using a simple foreach on the table containing the GET information  For example in php    foreach    GET as  key   gt   value        echo   lt input type  hidden  name   key  value   value   gt

User · Answer

Your construction is illegal  You cannot include parameters in the action value of a form  What happens if you try this is going to depend on quirks of the browser  I wouldn t be surprised if it worked with one browser and not another  Even if it appeared to work  I would not rely on it  because the next version of the browser might change the behavior    But lets say I have parameters in query string and in hidden inputs  what can I do   What you can do is fix the error  Not to be snide  but this is a little like asking   But lets say my URL uses percent signs instead of slashes  what can I do   The only possible answer is  you can fix the URL

User · Answer

I had a very similar problem where for the form action  I had something like    lt form action  http   www example com  q content something  method  GET  gt      lt input type  submit  value  Go away       gt  amp nbsp   lt  form gt    The button would get the user to the site  but the query info disappeared so the user landed on the home page rather than the desired content page   The solution in my case was to find out how to code the URL without the query that would get the user to the desired page   In this case my target was a Drupal site  so as it turned out  content something also worked   I also could have used a node number  i e   node 123

[html] submitting a GET form with query string params and hidden params disappear

Examples related to html

Examples related to forms

Examples related to submit