Document Place

URL Parameter Variables

Table Of Contents

Overview #

PZForms supports automatic URL parameter handling, allowing you to pass form data as URL parameters in redirects. This is useful for passing data between pages, creating dynamic redirects, or integrating with external systems.

How URL Parameters Work #

1. Automatic Parameter Detection #

PZForms automatically detects fields with _param suffixes in the form submission and adds them as URL parameters to the redirect URL.

2. Parameter Field Creation #

To create a URL parameter, add a hidden field to your form with a name ending in _param:

<input type="hidden" name="user_id_param" value="123" />
<input type="hidden" name="status_param" value="active" />

By far the easiest way to do this is to use the pzhidden block to set the variable. If you are arriving at a page with a URL parameter in place, you can draw it into your form by creating a field with the same name as the parameter name and using the pzprefill block to add the value from the URL to that field.

3. Redirect URL Processing #

When the form is submitted, PZForms processes all _param fields and appends them to the success redirect URL:

Original URL: /thank-you
With parameters: /thank-you?user_id=123&status=active

Setting Parameters in Submit Scripts #

Method 1: Add to $_POST Array #

In your form-specific submit file (e.g., submit/my-form.php), you can add parameters by setting values in the $_POST array:

// Add parameters that will appear in the redirect URL
$_POST['user_id_param'] = '123';
$_POST['status_param'] = 'active';
$_POST['timestamp_param'] = date('Y-m-d H:i:s');

Method 2: Use WordPress Filter #

You can also modify the redirect URL directly using the pzforms_filter_redirectURL filter:

add_filter('pzforms_filter_redirectURL', function($url) {
    $url .= (strpos($url, '?') === false ? '?' : '&') . 'user_id=123';
    $url .= '&status=active';
    return $url;
});

There's nothing wrong with this second approach, but generally, since you're already very likely using a submit folder file in a scenario like this, it's more straightforward to use the first approach at the end of your submit file.

Parameter Naming Convention #

  • Field name: Must end with _param (e.g., user_id_param)
  • URL parameter: The _param suffix is removed (e.g., user_id)
  • Value: The value of the field becomes the parameter value

Examples #

Field NameURL ParameterExample URL
user_id_paramuser_id?user_id=123
status_paramstatus?status=active
form_type_paramform_type?form_type=contact

Dynamic Parameter Values #

Using Form Data #

You can use form data to set parameter values:

// In your submit script
if (isset($email)) {
    $_POST['user_email_param'] = $email;
}

if (isset($person['id'])) {
    $_POST['person_id_param'] = $person['id'];
}

Using Repeater Data #

You can also use data from repeater blocks:

// Count repeater items
$_POST['item_count_param'] = count($repeater_data);

// Pass first repeater item data
if (!empty($repeater_data[0]['name'])) {
    $_POST['first_name_param'] = $repeater_data[0]['name'];
}

Multiple Parameters #

You can add multiple parameters to the same redirect:

$_POST['user_id_param'] = '123';
$_POST['status_param'] = 'active';
$_POST['timestamp_param'] = date('Y-m-d H:i:s');
$_POST['form_name_param'] = $formName;

This will create a URL like:

/thank-you?user_id=123&status=active&timestamp=2025-06-28 18:59:24&form_name=contact

Parameter Validation and Sanitization #

Security Considerations #

  • Always sanitize parameter values before adding them to URLs
  • Avoid passing sensitive data (passwords, tokens) as URL parameters. For sensitive data, a better approach is to use custom fields that are stored in the database. This does mean the user will need to have an account on your site, though.
  • Use HTTPS for forms that pass sensitive information. But you’re already using HTTPS for everything, right?

Sanitization Example #

// Sanitize before adding to URL
$_POST['user_input_param'] = sanitize_text_field($user_input);
$_POST['email_param'] = sanitize_email($email);

Troubleshooting #

Parameters Not Appearing #

  1. Check field names: Ensure they end with _param
  2. Verify $_POST assignment: Make sure you’re setting $_POST['field_param'] not just $field_param
  3. Check timing: Parameters must be set before the redirect processing occurs. Generally, you can’t get yourself into trouble with this because the entire submit script runs before the redirect occurs.

Parameter Values Missing #

  1. Check for empty values: Ensure the parameter has a non-empty value
  2. Verify encoding: Use urlencode() for values that might contain special characters
  3. Check for conflicts: Ensure parameter names don’t conflict with form field names

URL Encoding Issues #

For values that might contain special characters:

$_POST['message_param'] = urlencode($message);
$_POST['url_param'] = urlencode($callback_url);

Best Practices #

  1. Use descriptive names, but short ones: Choose parameter names that indicate their purpose, but consider using ‘rt’ instead of ‘retry_count’
  2. Keep values short: Long parameter values can make URLs unwieldy. There’s no universal maximum length for URLs, but the de facto standard is 2000 characters.
  3. Validate on receiving end: Always validate and sanitize parameters when processing them

Example Complete Submit Script #

<?php
// submit/contact-form.php

// Process form data
$name = sanitize_text_field($firstname . ' ' . $lastname);
$email = sanitize_email($email);

// Add parameters for redirect
$_POST['user_name_param'] = $name;
$_POST['user_email_param'] = $email;
$_POST['submission_time_param'] = date('Y-m-d H:i:s');
$_POST['form_type_param'] = 'contact';

// Add repeater data count if applicable
if (isset($repeater_data) && !empty($repeater_data)) {
    $_POST['items_count_param'] = count($repeater_data);
}

// The redirect URL will now include: ?user_name=John%20Doe&user_email=john@example.com&submission_time=2025-06-28%2018:59:24&form_type=contact&items_count=2
?>
How'd we do?
Updated on June 28, 2025