Passing a url param to a search form

Question

Exact problem: Trying to pass a param from the url to a search box destination page.

The param is "subid" this way:

http://www.domain.com/?subid=3456

and the current (non working) search form code in php:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
</head>
<body>
<form action="http://search.yahoo.com/search?subid=<?php print $_GET['subid'];?>&" target="_blank" id="search-box">
  <input type="text" name="p" size="31" />
  <input type="submit" value="Search" />
</form>

</body>
</html>

I can see with firebug that the subid is in the form action when I go here:

http://www.domain.com/?subid=3456

but when I run a query in the form, is not passing to yahoo.

so where is the problem?

Answer 1

You should post subid as a parameter also, and specify method as get .

<form action="http://search.yahoo.com/search" target="_blank" method="get" id="search-box">
  <input type="hidden" name="subid" value="<?php print $_GET['subid'];?>" />
  <input type="text" name="p" size="31" />
  <input type="submit" value="Search" />
</form>

Answer 2

As was asked by the author, added some filtering for GET parameter:

<form action="http://search.yahoo.com/search" target="_blank" method="get" id="search-box">
  <input type="hidden" name="subid" value="<?=(int)$_GET['subid']?>" />
  <input type="text" name="p" size="31" />
  <input type="submit" value="Search" />
</form>

Or you can use strip_tags + htmlentities functions, before output.