If I understand what you are doing, I would use AJAX to popup an overlay with the edit form, and again use AJAX to handle the form submission. However, one way to do it your way...
Resource A has the list. Each item in the list has an "edit" button so you can edit it. This edit button should go to page #7, with a form for editing the list item. The URL for this form page looks like "edit.html?id=42", where 42 is the list item selected. What you need is to be able to have your form know that it's working with item #42.
There are a few ways to do this.
You can make each button a miniature form with a hidden field to hold the value, and clicking the button submits the form to page #7, so you can use POST instead of GET. You would need to validate that POST value before using it for anything.
Once you're in page #7, you can use a small snippet to fetch the $_GET or $_POST, and make a placeholder out of it. In your form, have a hidden field that uses that placeholder as its value. Or skip the placeholder, and just use the snippet call as the value of the hidden field. Make sure to validate the $_GET/$_POST value in your snippet so that somebody doesn't try to pass something nasty in it.
Or instead of a snippet you can install pdoTools and enable its custom parser, or install FastField (which the pdoTools custom parser is based on). This gives you a new MODX tag, [[#...]]. It includes the ability to get any field from any resource, as well as the PHP arrays such as GET and POST.
<input type="hidden" name="itemID" value="[[#get.id]]">
The major disadvantage to this is that the GET value is not validated in any way, so you would need to create a custom output modifier to make sure it's not anything dangerous - it should just be in integer, nothing more. A snippet like this named 'isnum' would do the job (remember, all GET and POST values are strings!)
<?php
$output = is_numeric($input) ? $input : '0';
return $output;
Now your fastfield tag would look like this:
<input type="hidden" name="itemID" value="[[#get.id:isnum]]">
You should still do further validation of the incoming itemID value in your form processing before you go anywhere near the database or the filesystem with it. Never, ever forget that any data coming from any user's browser is very dangerous.
[ed. note: sottwell last edited this post 9 years, 9 months ago.]