8

Is it okay or correct to put a url get parameter in a form action?

<form method='get' action='index.php?do=search'>
  <input name='_search' type='text' value='What are you looking for?'>
  <button type='submit'> Search </button>
</form>

When I submit the form the URL is changed to:

index.php?_search=What are you looking for? (I've stripped %20)

I'd prefer the URL to read

index.php?do=search&_search=What are you looking for?

Would it be best to add a hidden field into the form

<input type='hidden' name='do' value='search' />
Improve this question
4
  • yes thats how you would do it (hidden fields). its best practice to use post when querying and get (which your using) when you know exactly whats being requested like when using variables for navigation ect then evil do'ers find it lil bit harder to manipulate query's ect Commented Apr 20, 2011 at 2:17
  • @Lawrence, there is absolutely no difference between GET and POST from a security standpoint. They are both equally plain-text. GET is generally used for requests (such as, get me this document with ID 5) and POST is generally used for anything requiring more than a few hundred bytes of data (sometimes GET gets truncated), or when submitting data for processing. Commented Apr 20, 2011 at 2:28
  • yeah I not that I noticed any difference but I usually use post when using jquery ajax methods. THanks for the input guys Commented Apr 20, 2011 at 2:34
  • @Brad i totally agree and basically thats what i said anyway lol. i didnt say they were different from a security standpoint.(saying ones secure and ones not) Commented Apr 20, 2011 at 4:29

3 Answers 3

Reset to default
16

In my opinion you should add them as hidden fields. There is no point to try to pass params if you can do it via hidden form field

use that:

<input type='hidden' name='do' value='search' />
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

A don't see any reason why you can't or shouldn't do it that way. My preferred method of handling it however would be:

<form method='get' action='index.php'>
    <input name='_search' type='text' value='What are you looking for?' />
    <submit name='do' value='Search'>
</form>

The name/value pair of do/search is passed through the button press, and if you want to create multiple actions on a form you can then have different values for each submit button, handling the form in multiple ways.

if ($_GET['do'] == "Search") {
 ... do Search ...
} else if ($_GET['do'] == "Foo") {
 ... do Foo ...
} else if ($_GET['do'] == "Bar") {
 ... do Bar ...
}

alternatively you can use a case construct:

switch($_GET['do']) {
    case "Search":
        ... do Search ...
    case "Foo":
        ... do Foo ...
        break;
    case "Bar":
        ... do Bar ...
        break;
}

I normally use post myself, but I am sure get would work the same way. Hope that answers your question.

Improve this answer

Comments

2

I think the same as Teodor, there should be no reason to don't send the variable as a hidden field. But in case you have a good reason for doing that... Have you tried adding a & at the end of the url:

<form method='get' action='index.php?do=search&'>
Improve this answer

1 Comment

FWIW, adding & at the end of the acion URL doesn't help to keep the parameters in the action URL.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.