Home/ Questions/Q 6705297
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T07:23:16+00:00

When I use HttpPost shouldn’t the form values be hidden in my URL? Here’s

  • 0

When I use HttpPost shouldn’t the form values be hidden in my URL?

Here’s the Razor code I’m using to generate a confirm page for payment:

@using (Html.BeginForm("Index", "Checkout", new { amount = Model.PackageCost, currency = "$", itemDescription = Model.PackageDescriptor, type = "digital" }, FormMethod.Post))
{    
    <input type="submit" value="Confirmar" class="btn primary frmsubmit" />
}

In my HTML, this is generated:

<form action="/Checkout?amount=50&amp;currency=%24&amp;itemDescription=Paquete%20Gold50%20%7C%2050%24%20(59%20lances)&amp;type=digital" method="post">    
    <input type="submit" value="Confirmar" class="btn primary frmsubmit" />
</form>

And when I click the Confirm button to submit the form, this is the URL I’m lead to:

http://localhost:5868/Checkout?amount=50&currency=%24&itemDescription=Paquete%20Gold50%20%7C%2050%24%20%2859%20lances%29&type=digital

So what gives? Why aren’t the values being hidden if it’s a POST form?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Because those are not the form values, but the route values. The form values are the values of the <input > tags.

    I assume you don’t want any route values(leave out the third parameter) and instead create <input ...> tags with an appropriate default value. If the normal user should not see them use <input type="hidden"> (This is obviously not a security feature).

    You should also use anti request forgery tokens.

    • 0