You could proxy the request: take the user's request to site A, have your script add the "secret" parameters and perform the query to sit B directly (via one of the LWP modules for example). Then display the results back to the client (you may have to sanitize the output before displaying, to make sure none of the confidential information is returned in the page).

A word of warning though, if your information is indeed confidential you should not be posting it to an http address (as your OP indicates), the communication should at least be SSL-secured.