1

I am using multiple select elements on a page. This page's url is something like this: "index.php?s=foo".

Now I want that changing my select boxes will alter my URL and refresh page, this just works partly :( Here is the example:

<form action="'.$_SERVER['REQUEST_URI'].'" method="GET">
    <select name="this" onchange="this.form.submit()">
        <option value="1">Value 1</option>
        <option value="2">Value 2</option>
        <option value="3">Value 3</option>
    </select>
</form>

So if I change my selection the url will swap to "index.php?this=1", but I would like to hold the previous _GET Parameters, so change would occur to "index.php?s=foo&this=1".

Any chance I would get that?

Thanks very much for your help. Best Regards

user2959229
  • 1,360
  • 2
  • 11
  • 21
ChilliSchotte
  • 11
  • 1
  • 2
  • add this `` – ArtisticPhoenix Sep 23 '15 at 13:46
  • You can make use of input fields with `type="hidden"` which are added automatically. You can use a for each loop in php to create those in case you want to add all existing get params – newBee Sep 23 '15 at 13:46
  • Why would you want people to see what you are sending between PHP-pages? Just use POST? – Naruto Sep 23 '15 at 13:47
  • @Naruto - there are valid reasons to use `$_GET` that's why it exists, such as bookmarking a search result for example. – ArtisticPhoenix Sep 23 '15 at 13:48
  • Do you know the set of parameters that will be passed via GET? Or do you need **all** parameters to be passed through? – Timm Sep 23 '15 at 13:49
  • @ArtisiticPhoenix That wont work for me. Sometimes the url looks like index.php?s=foo&d=12&a=13.... the order of parameters depends on the user, isn't there a way to grab the actual url and just add the selected value? – ChilliSchotte Sep 23 '15 at 13:56
  • @Naruto 45 Oh that's fine in that case, I want people be able to copy the url to show their config. It's nothing secure or personal data like. – ChilliSchotte Sep 23 '15 at 13:56
  • @Timm I dont know the exact amount of GET Parameters nor the order of them. They depend on which the user will use/select or not. So I would need the whole url including the GET Parameters choosen until that time. – ChilliSchotte Sep 23 '15 at 13:57
  • @ChilliSchotte - why not just submit the form to the proper url like, the intewebs are designed to work? See my answer ... cheers! – ArtisticPhoenix Sep 23 '15 at 14:09

3 Answers3

1

The simple answer is instead of this:

<form action="'.$_SERVER['REQUEST_URI'].'" method="GET">

Do the action like this:

<form action="<?php echo $_SERVER['REQUEST_URI'].'?'.$_SERVER['QUERY_STRING']; ?>" method="GET">

Which will include the current $_GET values in your form's action/url and by extension be present when the form is submitted. Basically that is the way forms are designed in general to handle submission to a page with query parameters, ie. the default way it works.

Just a note but I think the way you have it now you might get this for your action/url

 "http://'.$_SERVER['REQUEST_URI'].'"

It's just a guess, but it looks like the form is html, and the php will just print and not be executed as code ( without php tags ). Probably just an over-site in the example code. But, I would expect this with the format you have:

 echo '<form action="'.$_SERVER['REQUEST_URI'].'" method="GET">';

Cheers!

ArtisticPhoenix
  • 21,464
  • 2
  • 24
  • 38
0

You could add each query string item as a hidden field which will be added to the query string when the form is submitted. Be sure to do some sanitizing on these things to make them safe.

if(!empty($_GET))
{
    foreach($_GET AS $k => $v)
    {
        echo '<input type="hidden" name="'.$k.'" value="'.$v.'">';
    }
}

The form action can then be hard coded to something like the file name or $_SERVER['SCRIPT_NAME']. Not $_SERVER['PHP_SELF'] - as pointed out by comment below.

edit : posted answer before I was finished. :(

user2959229
  • 1,360
  • 2
  • 11
  • 21
  • Please do not use PHP_SELF. It introduces XSS. see: http://stackoverflow.com/questions/6080022/php-self-and-xss and http://seancoates.com/blogs/xss-woes – Timm Sep 23 '15 at 13:58
  • @Timm thanks, also realized that after I posted the answer so have updated it again. – user2959229 Sep 23 '15 at 14:02
  • Thanks, that works nearly perfect. Except that the first selection adds the get parameter as i want, but if i want to select something other in this select element, it doesnt replace the parameter above, it just adds it to the ones before. But this I should be able to fix, thanks very much! – ChilliSchotte Sep 23 '15 at 14:15
  • @ChilliSchotte Please be aware, that arrays cannot be serialized this way. Having something in the url like ```query[color]=red``` is serialized wrongly to ```query=Array``` . If you can be sure, there are no such arrays in your query, you should be fine. – Timm Sep 23 '15 at 14:52
0

Using REQUEST_URI does not include your current GET parameters. You will need the function in this gist to transform all parameters into input fields: https://gist.github.com/eric1234/5802030 .

<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="get">
    <?php array_to_input($_GET); ?>
    <select name="this" onchange="this.form.submit()">
        <option value="1">Value 1</option>
        <option value="2">Value 2</option>
        <option value="3">Value 3</option>
    </select>
</form>

CAUTION: array_to_input can introduce XSS vulnerabilities. Please escape contents of the $_GET variable so this cannot happen.

Timm
  • 1,005
  • 8
  • 20