Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Escaping HTML Encoded Characters while submitting button/forms

byMR
January 19, 2023

My need is to send multiple values when a user clicks a button which uses GET METHOD.
Since multiple values are to be sent, I am using an argument as follows:

$argument='var2=value2&var3=value3';
echo "<button value='value1&$argument&' type='submit' name='var1'>Send</button>";

Essentially, the button tag in HTML has a restriction that it can send ONLY one name-value pair. In this case, it will send name='var1' and corresponding value as value1. Hence, I am appending the other name-value pairs through the PHP $argument variable. In this case, var2=value2&var3=value3 are getting appended, and sent.

All good till here.

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

The problem is that when it reaches the submitted page, it is getting the following encoding:
https://example.com/dir1/page.php?var1=value1%26var2%3Dvalue2%26var3%3Dvalue3%26

Essentially, the & is getting %26, and = is becoming %3D.
I am aware that this is due to the inbuilt encodeURIComponent of HTML, but due to this encoding the form submission is failing.

I am looking for a way/method to receive the following in the submitted page (i.e. without encoding), so that it can be processed smoothly:

https://example.com/dir1/page.php?var1=value1&var2=value2&var3=value3&

PS: have explored existing threads like Escaping ampersand in URL & Why does %26 get decoded to & when passed as a parameter to a JavaScript function from a link? & many more, but unable to find the answer.

Also tried the following as mentioned in URL/HTML escaping/encoding, but not working:

echo "<button value='value1&".htmlspecialchars($argument)."' type='submit' name='var1'>Send</button>";

If any existing answer exists, pls point me to it in the comment before marking this question down.
Thanks

>Solution :

You can simply put these values individually in hidden fields in the form which the button is part of.

e.g.

<form>
    <button type='submit' name='send'>Send</button>
    <input type="hidden" name="var1" value="<?php echo htmlspecialchars($val1)?>">
    <input type="hidden" name="var2" value="<?php echo htmlspecialchars($val2)?>">
</form>

The browser will then use these to create a properly-constructed and encoded URL for you automatically when the form is submitted.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading