Because it differs from the industry-standard way of doing. Traditionally it’s the back-end responsible for commanding a redirect, this happened on standard HTML forms (outside Wappler), where upon a form submission the back-end would give a Location
header for the browser to redirect to:
<?php
// Do something with $_POST, e.g. check login credentials
// And then redirect browser
header("Location: /dashboard");
On a side-note, unfortunately Wappler Server Connect doesn’t follow redirects, so you have to rely on a Set Value to provide the redirect URL, and consequent Form On Success browser go to step (which is what Ken did, and also what you did as a variation specific to trip_id).
Perhaps I’m being overly cautious, from my early days of web development
Before Wappler and before SQL prepared statements, user inputs such as $_GET.trip_id
needed to be escaped or sanitized to prevent SQL injection or XSS attacks.
You don’t have to worry about any of that anymore, but those that grew with it stick with those fundamentals in mind.