从< form>将URL参数附加到URL行动 [英] Appending GET parameters to URL from <form> action

问题描述

我试图构建一个搜索表单这将显示在大多数网页上，但我希望表单操作转到 http：// mywebsiteurl .com /？p = search& q = GETDATA ，因为我的网站的分页取决于传递给'p'属性的数据。

在提交后以静态方式将搜索参数追加到URL中？

解决方案

您应该将参数 p 在搜索表单内的隐藏表单字段中;例如：

 < input type =hidden
 name =p
 value = <？php echo（htmlspecialchars（$ _ REQUEST [p]））;？> /> 
  

将参数放入表单操作参数并不是一个好主意;发布请求的处理方式与GET请求的处理方式不同，POST请求中的值不会被URL追加到？和&与GET一样;这意味着您实际上不会将p参数放入处理POST请求的脚本中。

还要注意不要显示请求参数未反映（因此，htmlspecialchars，感谢提示！），因为恶意客户可能会尝试将代码注入到您的页面中（ HTML注入 / XSS ）。

So say I'm currently on index.php or index.php?p=about within my current web build.

I am trying to build a search form that will be displayed on most pages, but I want the form action to go to http://mywebsiteurl.com/?p=search&q=GETDATA, as my website's paging depends on the data passed to the 'p' attribute.

How would I append the search parameter to the URL in a static fashion, upon submission?

解决方案

You should put the value of the parameter p inside a hidden form field inside the search form; something like:

<input type="hidden"
    name="p"
    value="<?php echo(htmlspecialchars($_REQUEST["p"])); ?>" />

It's not a good idea to put the parameter to the form action parameter; post requests are handled differently than GET requests, the values in a POST request aren't appended to the URL by ? and & as with GET; meaning that you wouldn't actually get the p parameter into the script handling the POST request from the form...

Also take care not to show the request parameter unreflected (hence the htmlspecialchars, thanks for the hint!), since malicious clients could try to inject code into your page (HTML injection / XSS).

这篇关于从< form>将URL参数附加到URL行动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！