How to keep already-set GET parameter values on form submission?

Question

I have a URL : foo.php?name=adam&lName=scott, and in foo.php I have a form which gives me values of rectangleLength & rectangleBreadth with a submit button.

When I click this submit button with form action as $_SERVER['REQUEST_URI'], I get this result URL: foo.php?rectangleLength=10&rectangleBreadth=5 (these values have been filled in by the user).

Notice that I am losing my previous values name & lName from the URL.

How can I keep them?

Also, keep in mind that I have to come back to foo.php and if the user wants to submit the form again then the length and breadth values should change.

Emil Vikström · Accepted Answer · 2016-01-20T10:28:35.283

52

You can add two hidden fields in the form on the first target site, blabla.php in your case:

<form ...>
  <input type="hidden" name="name" value="<?php echo htmlspecialchars($_GET['name']);?>">
  <input type="hidden" name="lName" value="<?php echo htmlspecialchars($_GET['lName']);?>">

  <!-- rest of the form here -->
</form>

For a dynamic solution, use a foreach loop:

<?php
foreach($_GET as $name => $value) {
  $name = htmlspecialchars($name);
  $value = htmlspecialchars($value);
  echo '<input type="hidden" name="'. $name .'" value="'. $value .'">';
}
?>

You may consider locking the dynamic approach down to a list of known possible keys:

<?php
$keys = array('name', 'lName', ...);
foreach($keys as $name) {
  if(!isset($_GET[$name])) {
    continue;
  }
  $value = htmlspecialchars($_GET[$name]);
  $name = htmlspecialchars($name);
  echo '<input type="hidden" name="'. $name .'" value="'. $value .'">';
}
?>

edited Jan 20 '16 at 10:28

answered Aug 26 '11 at 07:19

Emil Vikström

90,431
16
141
175

how to make dynamic hidden fields if i have dynamic get parameters, both incomming and thus outgoing? – saurabh Aug 26 '11 at 07:23
saurabh, I've updated my answer with an example of dynamic get parameters. – Emil Vikström Aug 26 '11 at 08:00
Wow.. this is exactly that i am looking for.. thanks Emil. i did not know that if you send hidden fields via GET, it is visible in the URL. Now to avoid repeating length abd bredth fields i can apply a simple check in this for loop. Solves the problem..... I am just curious about 1 more thing - > How can AMAZON hide so much code?? either i cannot read it or its hidden somewhere i do not know... Any tips on how to make our code that awesome and hidden : ) i know its a totally different conv. thanks for your help... good day – saurabh Aug 26 '11 at 09:02
1

Amazon doesn't hide the info in the URL, but only passes an id that links to a database entry (which contains the information) – ty812 Aug 26 '11 at 09:05
Right.. thats when a particular kind of parameters cross a threshold. but the form details etc. are hidden better than any other site i have tried to decode : ).. – saurabh Aug 26 '11 at 12:36
1

Please add closing paranthese `)` in last block `if(!isset($_GET[$name]) { continue; }` after `$_GET[$name])` like `$_GET[$name]))` – Sohail Ahmed Feb 15 '13 at 10:26

score 8 · Answer 2 · answered May 28 '13 at 22:03

8

A simpler solution to keep the URL unchanged by using http_build_query

 <form action="<?php echo $_SERVER["PHP_SELF"] . '?'.http_build_query($_GET); ?>" ... 
  ..
  ..

answered May 28 '13 at 22:03

Kalyanaraman Santhanam

1,371
1
18
30

4

I tested this and it does not seem to work. Even when the URL params are defined in the `action` attribute, the submit replaces them with the fields from the form. `
` and one input field `` will open the URL `page.php?search=value` and NOT `page.php?list=members&search=value`
– Philipp Jun 16 '15 at 15:03
`http_build_query($_GET)` uses the values in the `$_GET` request so check if `list` field/parameter is part of the form which you submitted. Use `var_dump($_GET)` to check if it works – Kalyanaraman Santhanam Jun 16 '15 at 17:41
1

Tested this in chrome. But it does not keep existing query parameters. See https://jsfiddle.net/tz1b6yqx/1/ – Waaghals Dec 19 '18 at 11:10

ty812 · Answer 3 · 2017-01-10T18:56:22.627

4

There are different ways to do this. All of them write the parameters they receive into a file, memory, or a database and retrieve them later with a key

The easiest method is something like a session variable: http://php.net/manual/en/features.sessions.php

The main setup is something like this (caution: that is unsecure code, make sure you only add session variables you want to keep, and sanitize user input!):

<?php
session_start();
foreach ($_GET as $key=>$value) {
    $_SESSION[$key]=>$value;
}

?>

and now, as long as the user does not close the browser, you can access these variables with $_SESSION[varname];

edited Jan 10 '17 at 18:56

answered Aug 26 '11 at 07:07

ty812

3,293
19
36

but what if i want all these values in GET Paramaters only, if a user send this URL to somebody else i want them to see all the values... i want to remember parameters VIA URL only. – saurabh Aug 26 '11 at 07:33
Be aware that this is a problematic approach insofar as the length of the GET string is limited (depending on the browser and the webserver) - including variable names. You might want to combine something like "writing the parameters to a database with a key" and sending the key in a hidden input field... – ty812 Aug 26 '11 at 07:36
yeah.. i am new, its not allowing me to upVote it. – saurabh Aug 26 '11 at 07:37

score 2 · Answer 4 · answered Mar 13 '15 at 07:31

2

Once, I needed sorting the results in a table keeping the search results coming from GET. I did like that:

unset($_GET['sort']); // sort param is removed, otherwise there will be created many sort params
$url = http_build_query($_GET);

echo "<a href='?".$url."&sort=title'>Title</a>";
echo "<a href='?".$url."&sort=author'>Author</a>";

answered Mar 13 '15 at 07:31

Sarvar Nishonboyev

12,262
10
69
70

this is great solution – Mateusz Jan 06 '16 at 21:27
2

Screams for a htmlspecialchars() to prevent XSS attacks. – kungfooman Oct 07 '16 at 10:17

score 1 · Answer 5 · answered Jun 29 '21 at 10:32

To handle query with arrays:

foreach (explode("\n", http_build_query($query, '', "\n")) as $keyValue) {
    [$key, $value] = explode('=', $keyValue, 2);
    $key = htmlspecialchars(urldecode($key), ENT_COMPAT | ENT_HTML5);
    $value = htmlspecialchars(urldecode($value), ENT_COMPAT | ENT_HTML5);
    echo '<input type="hidden" name="' . $key . '" value="' . $value . '"' . "/>\n";
}

score 0 · Answer 6 · edited Jun 19 '14 at 17:28

In menu (calling html) I call VendorSearch.php. variable fromvs is used in URL.
The target php VendorSearch.php will do different jobs based on the value of $_GET['fromvs']
In VendorSearch.php, aftersession_start(),

$srchfor =""; $fromwhat = $_GET['fromvs']; $_SESSION['fromwhat'] = $fromwhat; $vs = $fromwhat;
Use hidden input to store URL passed variable

<div style='position: absolute; top: 10px; left: 400px;'><input type='hidden' hidden='hidden' id='fromvs' name='fromvs' value="<?php echo $_SESSION['fromwhat']; ?>"></div>
But this thie

Segment in Calling html .... Add a Subcontractor .... Assign Subcontractor Contracts ..... Log Out ....

Segment in target php: VendorSearch.php

<?php
//VendorSearch.php
//http://mted202.mtaent.org:9051/ocr/login.php rweinbau 
require_once('dbinfo.php');

session_start();
$c = oci_pconnect("ocr","ocrmta","HQT4");
oci_set_client_identifier($c, $_SESSION['username']);
$username = htmlentities($_SESSION['username'], ENT_QUOTES); 
.....
$srchfor ="";

$fromwhat = $_GET['fromvs'];
$_SESSION['fromwhat'] = $fromwhat;
$vs = $fromwhat;

if (isset($_POST['srchvnd']))
{ 
 $vs = $_POST['fromvs'];

 somefunction($vs);

}
else
{
    ;
}

?>
<body>
<form class="vfrmsrch" name="vndsearch" id="vndsearch" action="VendorSearch.php?fromvs='<?php    echo $fromwhat; ?>'" method="POST"> 
    <div style='position: absolute; top: 10px; left: 400px;'><input type='hidden' hidden='hidden' id='fromvs' name='fromvs' value="<?php echo $_SESSION['fromwhat'];  ?>"></div>
......
</form>
.......
</body>  
</html> 
<?php
function somefunction($vvs){    
//$msg = "We are inf somefunction() function </a></div><br>";

// echo  "<div style='position: absolute; top: 100px; left: 10px;'><a style='color:blue'>".$msg;

$_SESSION['fromwhat'] = $vvs;
............

oci_close($c);
}

score 0 · Answer 7 · answered Jun 19 '14 at 17:08

Following code works for my project. Hope it help some. 1. In menu (calling html) I call VendorSearch.php. variable fromvs is used in URL. 2. The target php VendorSearch.php will do different jobs based on the value of $_GET['fromvs'] 3. In VendorSearch.php, aftersession_start(),

$srchfor ="";
$fromwhat = $_GET['fromvs'];
$_SESSION['fromwhat'] = $fromwhat;
//save value to $VS
$vs = $fromwhat;

3. Use hidden input to store URL passed variable
<div style='position: absolute; top: 10px; left: 400px;'><input type='hidden' hidden='hidden' id='fromvs' name='fromvs' value="<?php echo $_SESSION['fromwhat'];  ?>"></div>

4. But this thie field's value may lost after clicking button "srchvnd". So use a function to reset 
$_SESSION['fromwhat'];  

if (isset($_POST['srchvnd']))
{ 
     $vs = $_POST['fromvs'];

     somefunction($vs);

}

-----------------Source code----------------------

Segment in Calling html 
....
<body>
<div style="  position: absolute; top: 1px; left: 5px; height:740px;  width:205px; border-radius: 10px;" >
<!-- Start css3menu.com BODY section -->
<ul  id="css3menu1" class="topmenu">
    <li class="topfirst"><a href="VendorSearch.php?fromvs=V" target="I1" style="width:183px;">Add a Subcontractor </a></li>
    ....
    <li class="topmenu"><a href="VendorSearch.php?fromvs=S" target="I1" style="width:183px;">Assign Subcontractor Contracts</a></li>
    .....
    <li class="toplast"><a href="login.php" target="_self" style="width:183px;">Log Out</a></li>
</ul>
....
</div>

Segment in target php: VendorSearch.php

<?php
//VendorSearch.php
//http://mted202.mtaent.org:9051/ocr/login.php rweinbau 
require_once('dbinfo.php');

session_start();
$c = oci_pconnect("ocr","ocrmta","HQT4");
oci_set_client_identifier($c, $_SESSION['username']);
$username = htmlentities($_SESSION['username'], ENT_QUOTES); 
.....
$srchfor ="";

$fromwhat = $_GET['fromvs'];
$_SESSION['fromwhat'] = $fromwhat;
$vs = $fromwhat;

if (isset($_POST['srchvnd']))
{ 
     $vs = $_POST['fromvs'];

     somefunction($vs);

}
else
{
    ;
}

?>
<body>
    <form class="vfrmsrch" name="vndsearch" id="vndsearch" action="VendorSearch.php?fromvs='<?php echo $fromwhat; ?>'" method="POST"> 
        <div style='position: absolute; top: 10px; left: 400px;'><input type='hidden' hidden='hidden' id='fromvs' name='fromvs' value="<?php echo $_SESSION['fromwhat'];  ?>"></div>
    ......
      <td><input type="submit" class="slbt" name="srchvnd"  id ="srchvnd" vaue="Search"></input></td>
     ......
    </form>
.......
</body>  
</html> 
<?php
function somefunction($vvs){    
//$msg = "We are inf somefunction() function </a></div><br>";

// echo  "<div style='position: absolute; top: 100px; left: 10px;'><a style='color:blue'>".$msg;

$_SESSION['fromwhat'] = $vvs;
............

oci_close($c);
}

score 0 · Answer 8 · answered May 16 '20 at 02:41

My personal preference would be to specify the keys you wish to accept and be sure to run the value through htmlspecialchars().

$url_params = array(
  'tab'
);
foreach( $url_params as $key ) {
  echo !empty( $_GET[$key] ) ? '<input type="hidden" name="'. $key .'" value="'. htmlspecialchars( $_GET[$key] ) .'" />' : '';
}

How to keep already-set GET parameter values on form submission?

8 Answers8

Linked