%META:TOPICINFO{author="ProjectContributor" date="1443119042" format="1.1" version="1"}%
%META:TOPICPARENT{name="Macros"}%
---+ URLPARAM -- get URL or HTTP POST parameter value
Returns the value of the named parameter in the URL or HTTP POST request.
---++ Parameters
     %TABLE{sort="off"}%
     | *Parameter:* | *Description:* | *Default:* |
     | ="name"= | The name of a URL parameter | required |
     | =default= | Default value, used if the parameter is not present | =""= |
     | =newline= | Convert newlines in textarea to other delimiters | |
     | =encode= | Control how special characters are encoded <br /> ="off"= - No encoding. Avoid using this when possible. See the security warning below. <br />\
                  ="entity"= - Encode special characters into HTML entities. See [[VarENCODE][ENCODE]] for more details. <br /> \
                  ="safe"= - Encode characters ='"&lt;&gt;%= into HTML entities. <br />\
                  ="url"= - Encode special characters for URL parameter use, like a double quote into =%22= <br />\
                  ="quote"= - Escape double quotes with backslashes (=\"=), does not change other characters; required when feeding URL parameters into other macros.<br/>\
                  You can combine several encodings together, and they will be applied in the order you specify e.g. =encode="safe, quote"= | =safe= |
     | =multiple= | If set, gets all selected elements of a =&lt;select multiple="multiple"&gt;= tag. Can be set to a format string, with =$item= indicating the element, e.g. =multiple="Option: $item"= (also supports the standard [[format tokens]]) | first element |
     | =separator= | Separator between multiple selections. Only relevant if multiple is specified | =$n= (new line) |
---++ Examples
=%<nop>URLPARAM{"skin"}%= returns =print= for a =.../view/%WEB%/%INCLUDINGTOPIC%?skin=print= URL

<div class="foswikiHelp">
%H% URL parameters passed into HTML form fields must be [[VarENCODE][entity encoded]].

%H% Double quotes in URL parameters must be escaped when passed into other macros.%BR% Example: =%<nop>SEARCH{ "%<nop>URLPARAM{ "search" encode="safe, quote" }%" noheader="on" }%=

%H% Reverse the encoding when used in SEARCH.%BR% Example:  =%<nop>SEARCH{ "%<nop>URLPARAM{ "search" encode="safe, quote"}%" decode="safe" noheader="on" }%=.  (It is not necessary to reverse quote encoding, otherwise =decode== options should be specified in the reverse order from the =encode== options.)

%H% When used in a template topic, this macro will be expanded when the template is used to create a new topic. See TemplateTopics#TemplateTopicsVars for details.

%X% Watch out for internal parameters, such as =rev=, =skin=, =template=, =topic=, =web=; they have a special meaning in Foswiki. Common parameters and view script specific parameters are documented at CommandAndCGIScripts.

%X% If you have =%<nop>URLPARAM{= in the value of a URL parameter, it will be modified to =%&lt;nop&gt;URLPARAM{=. This is to prevent an infinite loop during expansion.

%X% Security warning! Using URLPARAM can easily be misused for cross-site scripting unless specific characters are entity encoded. By default URLPARAM encodes the characters ='"&lt;&gt;%= into HTML entities (same as encode="safe") which is relatively safe. The safest is to use encode="entity". When passing URLPARAM inside another macro always use double quotes ("") combined with using URLPARAM with encode="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.
</div>
%STOPINCLUDE%
---++ Related
 [[VarENCODE][ENCODE]], [[VarSEARCH][SEARCH]], FormattedSearch, [[VarQUERYSTRING][QUERYSTRING]]
