diff --git a/app/streams/stream_edit.php b/app/streams/stream_edit.php
index 0e8fed235..48ef9e751 100644
--- a/app/streams/stream_edit.php
+++ b/app/streams/stream_edit.php
@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2018-2025
+	Portions created by the Initial Developer are Copyright (C) 2018-2026
 	the Initial Developer. All Rights Reserved.
 */
 
@@ -41,6 +41,32 @@
 	$stream_description = '';
 	$stream_uuid = '';
 
+// Set variables from http GET parameters
+	$page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0;
+	$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'stream_name'));
+	$order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc';
+	$search = $_GET['search'] ?? '';
+	$show = $_GET['show'] ?? '';
+
+// Build the query string
+	$param = [];
+	if (!empty($page)) {
+		$param['page'] = $page;
+	}
+	if (!empty($_GET['order_by'])) {
+		$param['order_by'] = $order_by;
+	}
+	if (!empty($_GET['order'])) {
+		$param['order'] = $order;
+	}
+	if (!empty($search)) {
+		$param['search'] = $search;
+	}
+	if (!empty($show) && $show == 'all' && permission_exists('stream_all')) {
+		$param['show'] = $show;
+	}
+	$query_string = http_build_query($param);
+
 //action add or update
 	if (!empty($_REQUEST["id"])) {
 		$action = "update";
@@ -73,7 +99,7 @@
 			$token = new token;
 			if (!$token->validate($_SERVER['PHP_SELF'])) {
 				message::add($text['message-invalid_token'],'negative');
-				header('Location: streams.php');
+				header('Location: streams.php'.($query_string ? '?'.$query_string : ''));
 				exit;
 			}
 
@@ -204,7 +230,7 @@
 				if ($action == "update") {
 					$_SESSION["message"] = $text['message-update'];
 				}
-				header('Location: stream_edit.php?id='.urlencode($stream_uuid));
+				header('Location: stream_edit.php?id='.urlencode($stream_uuid).($query_string ? '&'.$query_string : ''));
 				return;
 			}
 	}
@@ -228,7 +254,7 @@
 
 //need stream_all permission to edit a global stream
 	if (!permission_exists('stream_all') && $domain_uuid == null) {
-		header('Location: streams.php');
+		header('Location: streams.php'.($query_string ? '?'.$query_string : ''));
 		return;
 	}
 
@@ -249,7 +275,7 @@
 	echo "<div class='action_bar' id='action_bar'>\n";
 	echo "	<div class='heading'><b>".$text['title-stream']."</b></div>\n";
 	echo "	<div class='actions'>\n";
-	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','link'=>'streams.php']);
+	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','link'=>'streams.php'.($query_string ? '?'.$query_string : '')]);
 	echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$settings->get('theme', 'button_icon_save'),'id'=>'btn_save','style'=>'margin-left: 15px;']);
 	echo "	</div>\n";
 	echo "	<div style='clear: both;'></div>\n";
diff --git a/app/streams/stream_map.php b/app/streams/stream_map.php
index 11021eef3..c3852fd10 100644
--- a/app/streams/stream_map.php
+++ b/app/streams/stream_map.php
@@ -59,7 +59,7 @@
 
 //add the search variable
 	if (!empty($_GET["search"])) {
-		$search = strtolower($_GET["search"]);
+		$search = $_GET["search"];
 	}
 
 //add the show variable
@@ -121,7 +121,7 @@
 		$sql .= "	or music like :search \n";
 		$sql .= "	or description like :search \n";
 		$sql .= ") \n";
-		$parameters['search'] = '%'.$search.'%';
+		$parameters['search'] = '%'.lower_case($search).'%';
 	}
 	if (!empty($excluded_applications)) {
 	    $sql .= "AND application NOT IN ('" . implode("','", $excluded_app_array) . "') \n";
@@ -151,16 +151,16 @@
 	echo "<div class='action_bar' id='action_bar'>\n";
 	echo "	<div class='heading'><b>".$text['title-stream_map']."</b><div class='count'>".number_format($num_rows)."</div></div>\n";
 	echo "	<div class='actions'>\n";
-	echo 		"<form id='form_search' class='inline' method='get'>\n";
+	echo "		<form id='form_search' class='inline' method='get'>\n";
 	if (permission_exists('dialplan_all')) {
 		if ($show == 'all') {
 			echo "		<input type='hidden' name='show' value='all'>\n";
 		}
 		else {
-			echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$_SESSION['theme']['button_icon_all'],'link'=>'?show=all&search='.urlencode($search)]);
+			echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$_SESSION['theme']['button_icon_all'],'link'=>'?show=all']);
 		}
 	}
-	echo 		"<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";
+	echo "		<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";
 	echo button::create(['label'=>$text['button-search'],'icon'=>$_SESSION['theme']['button_icon_search'],'type'=>'submit','id'=>'btn_search']);
 	// if ($paging_controls_mini != '') {
 	// 	echo 	"<span style='margin-left: 15px;'>".$paging_controls_mini."</span>\n";
@@ -175,7 +175,6 @@
 
 	echo "<form id='form_list' method='post'>\n";
 	echo "<input type='hidden' id='action' name='action' value=''>\n";
-	echo "<input type='hidden' name='search' value=\"".escape($search ?? '')."\">\n";
 
 	if (!empty($results) && is_array($results) && @sizeof($results) != 0) {
 		$previous_application = '';
diff --git a/app/streams/streams.php b/app/streams/streams.php
index ad3b2ed31..16f5b8bcd 100644
--- a/app/streams/streams.php
+++ b/app/streams/streams.php
@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2018-2024
+	Portions created by the Initial Developer are Copyright (C) 2018-2026
 	the Initial Developer. All Rights Reserved.
 */
 
@@ -36,16 +36,35 @@
 	$language = new text;
 	$text = $language->get();
 
-//set additional variables
-	$show = $_GET["show"] ?? '';
+// Set variables from http GET parameters
+	$page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0;
+	$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'stream_name'));
+	$order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc';
+	$search = $_GET['search'] ?? '';
+	$show = $_GET['show'] ?? '';
 
-//set the defaults
-	$search = '';
+// Build the query string
+	$param = [];
+	if (!empty($page)) {
+		$param['page'] = $page;
+	}
+	if (!empty($_GET['order_by'])) {
+		$param['order_by'] = $order_by;
+	}
+	if (!empty($_GET['order'])) {
+		$param['order'] = $order;
+	}
+	if (!empty($search)) {
+		$param['search'] = $search;
+	}
+	if (!empty($show) && $show == 'all' && permission_exists('stream_all')) {
+		$param['show'] = $show;
+	}
+	$query_string = http_build_query($param);
 
 //get the http post data
 	if (!empty($_POST['streams'])) {
 		$action = $_POST['action'];
-		$search = $_POST['search'] ?? '';
 		$streams = $_POST['streams'];
 	}
 
@@ -72,19 +91,10 @@
 				break;
 		}
 
-		header('Location: streams.php'.(!empty($search) ? '?search='.urlencode($search) : ''));
+		header('Location: streams.php'.($query_string ? '?'.$query_string : ''));
 		exit;
 	}
 
-//get order and order by
-	$order_by = $_GET["order_by"] ?? '';
-	$order = $_GET["order"] ?? '';
-
-//add the search term
-	if (!empty($_GET["search"])) {
-		$search = $_GET["search"];
-	}
-
 //prepare to page the results
 	$sql = "select count(stream_uuid) from v_streams ";
 	$sql .= "where true ";
@@ -95,7 +105,7 @@
 		$sql .= "or lower(stream_enabled) like :search ";
 		$sql .= "or lower(stream_description) like :search ";
 		$sql .= ") ";
-		$parameters['search'] = '%'.strtolower($search).'%';
+		$parameters['search'] = '%'.lower_case($search).'%';
 	}
 	if (permission_exists('stream_all') && $show == "all") {
 		//show all
@@ -113,12 +123,8 @@
 
 //prepare to page the results
 	$rows_per_page = $settings->get('domain', 'paging', 50);
-	$param = "&search=".$search;
-	$param = ($show == 'all' && permission_exists('stream_all')) ? "&show=all" : null;
-	$page = isset($_GET['page']) ? $_GET['page'] : 0;
-	if (!empty($page)) { $page = 0; $_GET['page'] = 0; }
-	list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page);
-	list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true);
+	list($paging_controls, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page);
+	list($paging_controls_mini, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page, true);
 	$offset = $rows_per_page * $page;
 
 //get the list
@@ -134,7 +140,7 @@
 		$sql .= "	or lower(cast(stream_enabled as text)) like :search ";
 		$sql .= "	or lower(stream_description) like :search ";
 		$sql .= ") ";
-		$parameters['search'] = '%'.strtolower($search).'%';
+		$parameters['search'] = '%'.lower_case($search).'%';
 	}
 	if (permission_exists('stream_all') && $show == "all") {
 		//show all
@@ -175,7 +181,7 @@
 	echo "	<div class='heading'><b>".$text['title-streams']."</b><div class='count'>".number_format($num_rows)."</div></div>\n";
 	echo "	<div class='actions'>\n";
 	if (permission_exists('stream_add')) {
-		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$settings->get('theme', 'button_icon_add'),'id'=>'btn_add','link'=>'stream_edit.php']);
+		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$settings->get('theme', 'button_icon_add'),'id'=>'btn_add','link'=>'stream_edit.php'.($query_string ? '?'.$query_string : '')]);
 	}
 	if (permission_exists('stream_add') && $streams) {
 		echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$settings->get('theme', 'button_icon_copy'),'id'=>'btn_copy','name'=>'btn_copy','style'=>'display: none;','onclick'=>"modal_open('modal-copy','btn_copy');"]);
@@ -189,20 +195,20 @@
 	if (permission_exists('stream_map') && $streams) {
 		echo button::create(['type'=>'button','label'=>$text['button-map'],'icon'=>$settings->get('theme', 'button_icon_map'),'id'=>'btn_back','style'=>'margin-right: 15px;','link'=>'stream_map.php']);
 	}
-	echo 		"<form id='form_search' class='inline' method='get'>\n";
-	if (permission_exists('stream_all')) {
-		if ($show == 'all') {
-			echo "		<input type='hidden' name='show' value='all'>\n";
-		}
-		else {
-			echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$settings->get('theme', 'button_icon_all'),'link'=>'?show=all']);
+	echo "		<form id='form_search' class='inline' method='get'>\n";
+	foreach ($param as $key => $value) {
+		if ($key !== 'search' && $key !== 'page') {
+			echo "		<input type='hidden' name='".escape($key)."' value='".escape($value)."'>\n";
 		}
 	}
-	echo 		"<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown='list_search_reset();'>";
+	if ($show !== 'all' && permission_exists('stream_all')) {
+		echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$settings->get('theme', 'button_icon_all'),'link'=>'?show=all']);
+	}
+	echo "		<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown='list_search_reset();'>";
 	echo button::create(['label'=>$text['button-search'],'icon'=>$settings->get('theme', 'button_icon_search'),'type'=>'submit','id'=>'btn_search','style'=>(!empty($search) ? 'display: none;' : null)]);
 	echo button::create(['label'=>$text['button-reset'],'icon'=>$settings->get('theme', 'button_icon_reset'),'type'=>'button','id'=>'btn_reset','link'=>'streams.php','style'=>($search == '' ? 'display: none;' : null)]);
 	if (!empty($paging_controls_mini)) {
-		echo 	"<span style='margin-left: 15px;'>".$paging_controls_mini."</span>\n";
+		echo "	<span style='margin-left: 15px;'>".$paging_controls_mini."</span>\n";
 	}
 	echo "		</form>\n";
 	echo "	</div>\n";
@@ -224,7 +230,6 @@
 
 	echo "<form id='form_list' method='post'>\n";
 	echo "<input type='hidden' id='action' name='action' value=''>\n";
-	echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";
 
 	echo "<div class='card'>\n";
 	echo "<table class='list'>\n";
@@ -235,12 +240,12 @@
 		echo "	</th>\n";
 	}
 	if ($show == 'all' && permission_exists('stream_all')) {
-		echo th_order_by('domain_name', $text['label-domain'], $order_by, $order);
+		echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, null, null, $query_string);
 	}
-	echo th_order_by('stream_name', $text['label-stream_name'], $order_by, $order);
+	echo th_order_by('stream_name', $text['label-stream_name'], $order_by, $order, null, null, $query_string);
 	echo "	<th class='pct-60'>".$text['label-play']."</th>\n";
-	echo th_order_by('stream_enabled', $text['label-stream_enabled'], $order_by, $order, null, "class='center'");
-	echo th_order_by('stream_description', $text['label-stream_description'], $order_by, $order, null, "class='hide-sm-dn'");
+	echo th_order_by('stream_enabled', $text['label-stream_enabled'], $order_by, $order, null, "class='center'", $query_string);
+	echo th_order_by('stream_description', $text['label-stream_description'], $order_by, $order, null, "class='hide-sm-dn'", $query_string);
 	if (permission_exists('stream_edit') && $settings->get('theme', 'list_row_edit_button', false)) {
 		echo "	<td class='action-button'>&nbsp;</td>\n";
 	}
@@ -251,7 +256,7 @@
 		foreach ($streams as $row) {
 			$list_row_url = '';
 			if (permission_exists('stream_edit')) {
-				$list_row_url = "stream_edit.php?id=".urlencode($row['stream_uuid']);
+				$list_row_url = "stream_edit.php?id=".urlencode($row['stream_uuid']).($query_string ? '&'.$query_string : '');
 				if (!empty($row['domain_uuid']) && $row['domain_uuid'] != $_SESSION['domain_uuid'] && permission_exists('domain_select')) {
 					$list_row_url .= '&domain_uuid='.urlencode($row['domain_uuid']).'&domain_change=true';
 				}