Magento - Add a product to the cart via query string without form_key parameter

Question

I've just installed Magento Community Edition ver 1.8.0.0 (default settings).

System -> Configuration -> Sales -> Checkout -> Checkout Options
Enable Onepage Checkout: Yes
Allow Guest Checkout: Yes

I'm trying to add a product to the cart using query string method.
According to all resources I've found, these are correct ways to do it:

[store]/checkout/cart/add/product/1/
[store]/checkout/cart/add?product=1&qty=1

but they're not working... the cart remains empty.

After quite some time, I found the working solution:

[store]/checkout/cart/add/product/1/form_key/yu6b5VEzwSU2V7YE/

However, I'd like not to put form_key parameter in the url.
This security feature is not needed in my case.

For example product comparison works fine without the form_key:

[store]/catalog/product_compare/add/product/1/

The idea is to put a static link on some other websites (so dynamically generated form_key is not known), so if a customer clicks on it he is redirected to the store with a filled cart straight away.

Is it possible to get rid of form_key parameter and still be able to add a product to the cart? And if so, then how?

Answer 1

This works best for me in Magento C 1.8

<?php
 
$formKey = Mage::getSingleton('core/session')->getFormKey();?>

<form action="/checkout/cart/add/product/<?php echo $productid; ?>" method="post">
    <input type="hidden" name="form_key" value="<?php echo $formKey; ?>" />

    <input type="text" name="qty"> QTY

    <input type="submit" value="Add to basket" />
</form>