The Problem

Sometimes you want to have a form on a page that acts like a filter. If the page has URL variables from other places that you need to preserve on form submit, however, you might notice that can be a pain to carry over.

The biggest issue is that PHP does not have a good way to break down the current URL of a page to get the url parameters. Basically, that part of the url is invisible to PHP. If you do a parse_url(‘YOUR URL HERE’) with a url that has url parameter such as “https://www.google.com?foo=bar”, you will notice the “foo” parameter with the “bar” value is not there.

Ok, so you can just do a !empty check for the different $_GET variables server side, right? Well, yes technically you could. You would have to do an if check for every possible value in order to formulate a proper ACTION url for the form we’re about to make. Then you would have to do more server side logic to determine on submit if the value is already defined and replace it if so. This is because when you submit a form the url that is shown when the page reloads is going to only be the base url to the page along with whatever fields are found in that form.

The Solution

The best way I have found to rectify the issue in this particular circumstance is to add hidden form fields with the possible URL parameters and values populated. This allows you to let the action remain as the base url of the page without having to use logic to output the exact url of the ACTION of the form each time. So something like this:

This will give you a correct url on form submission without removing any of the existing parameters you might need. The only real catch is you need to know what the parameters can possibly be beforehand. Even with that you could just iterate through the $_GET array and output a hidden field for every value found other than your main form non-hidden field.

The only issue is it will always preserve all url variables, even if the user adds their own in the url bar. Thankfully the htmlspecialchars() function should prevent anything malicious from happening server side.