note
perlfan
><i>"hard coded"</i>
<p>
Back in my day, we called these <i>hidden</i> form elements.
<p>
<code>
<form action="/cgi-bin/delete.pl" method="POST" accept-charset="UTF-8">
<div class="form-group">
<label for="id"> Your token</label>
<input id="id" name="token" type="text" class="form-control" readonly >
</div>
<div class="form-group">
<input type="hidden" name="key" value="gfgf">
<input type="hidden" name="usr" value="rob">
<button name="submit" type="submit" class="btn btn-primary">Delete</button>
</div>
</form>
</code>
<p>
Fortunately, we've learned a few things since then, like:
<ul>
<li>Send values via <code>method=POST</code> so you don't broadcast your values in the <i>action</i> URL even when using <i>SSL/TLS</i></li>
<li><i>.cgi</i> is a pain to maintain (use [mod://Dancer2] or [mod://Mojo])</li>
<li>this pattern of HTML form + cgi <i>processor</i> is inferior to using a modern JavaScript async call to send the data to a RESTful API <i>endpoint</i> (like <code>/cgi-bin/rob/gfgf</code> with <code>method=DELETE</code>, encoded as <code>application/json</code></li>
</ul>
<p>
To answer your question about what is happening? The browser is resetting the <i>query</i> part of your action (when <code>method=GET</code>, adding only the named form elements to the call to <i>action</i> and stupidly dropping what's in there. I am sure I had actions with query params in them once upon a time, and I don't recall the query string being fully replaced. But in any case, that's what's happening. I bet if you set <code>method=POST</code> and kept that action it would retain your query params. But use the <code><input type="hidden"...</code>, that's what it's for.
11118636
11118636