Solved

Reasons to use hidden input types in web forms

Posted on 2008-06-15
8
542 Views
Last Modified: 2013-11-19
I know this question is beyond basic but for some reason, I'm just not comprehending when I should or would want to use this type of input type in a web form/survey.  I've created a number of these now and have never used this input type but wonder what I'm missing out on.  To be clear here's an example of the input type:

<input type="hidden" value="us_only" name="site" id="search-site">

whomever responds, please give me some pratical examples of when, where and why I would use this input type.
0
Comment
Question by:max7
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 82

Assisted Solution

by:hielo
hielo earned 150 total points
ID: 21788843
Let's say you have an online quiz that consists of 5 questions but you only display one question at a time. Ideally, you would want to give the user a "confirmation" page where they can see all their answers before actually submitting/processing the responses. So, you would want to do this AFTER all the questions have been aswered.  When one question is completed, you click "Next" and you get the other question but what happens to the previous answer? Well, you could save it on the server via Sessions, which would consume server resources OR you could just send it back to the client in a hidden variable. Basically, you use the hidden variable as "temporary storage" withing the <form> that will not be seen by the user. When you reach the last question, you will have all the answers in the same form - all the previous answers in hidden variables and the current answer in a "visible" input field. When you submit that page your server will see all the responses and would then show the user all the responses on one page and give them a chance to modify/edit any of their responses before actually submitting. The "hidden" variable is "hidden" from the user on the BROWSER, not the server.
0
 
LVL 14

Expert Comment

by:ali_kayahan
ID: 21788847
Hi max7 ;May be hidden form fields would be useless in plain html.But as far as serverside scripting concerned,it becomes one of the most important keystones for developers.
     You can pass so many important information via hidden input fields,that visitor should see such as user_id or page no for dynamic sites, and also you may use it for captcha.
    Sure there are lots of alternative ways to pass info to other pages such as cookies,sessions and URL ,but hidden input fields are one of the useful.
    Also in forms you may assing a value that you created with javascript to hidden input field on page load ,and compare that with the user side,to assure that form filler is a human instead of bot (capthca)
   
0
 
LVL 1

Author Comment

by:max7
ID: 21794943
Hielo wrote:
>>>Basically, you use the hidden variable as "temporary storage" withing the <form> that will not be seen by the user.

Wow -- great example.  Can you give me one more example of how hidden form fields can be used?

ali_kayahan wrote:
>>> . . . it becomes one of the most important keystones for developers.

Another wow -- can you give me an example how you personally use this type of form field?

Basically, from both comments it seems that hidden form fields is a convenient way of capturing and passing information to the server where needed -- did I get that right?


0
 
LVL 14

Accepted Solution

by:
ali_kayahan earned 250 total points
ID: 21795144
   Imagine that you have the feedback form below ;
<?php
$ref=@$HTTP_REFERER ;
?>
    <form action="feedback.php" method="POST">
   Your Name :<input type="text" size="10" name="visitor_name" />
   E-mail :<input type="text" size="10" name="visitor_email" />
   Your Message :<textarea cols="20" rows="40" name="visitor_message"></textarea>
   <input type="hidden" value="<?=$ref ?>" name="from_where">
    </form>
  Basicly when the user clicks submit,you will have a variable that holds where user came from passed to your server side script,which is hidden from user.

   Also if its a registered user you may pass his id to hidden input which will help you to determine who is the sender.
 
   Sure you can handle those kind of things with alternative ways,but hidden input field is one of the easiest...

P.S : Although the hidden input fields are not shown to user directly during form fill,if they look at source they will be able to see the info stored in hidden field.So you should pass secure info such as password via hidden input fields.
   
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 14

Expert Comment

by:ali_kayahan
ID: 21795159
Corection **So you should not pass secure info such as password via hidden input fields.
0
 
LVL 41

Assisted Solution

by:HonorGod
HonorGod earned 100 total points
ID: 21795324
One reason for using "hidden fields" is to keep track of information.
HTTP is a sessionless protocol, meaning that the client (e.g., browser)
sends a request (query) to the server, and the server responds.  At
that point, the server can "forget" everything about the request/query.

So, different techniques have been developed to keep track, or persist,
information for longer than the request/response.  Some of these
techniques include:

- cookies
- session data
- hidden fields

Hopefully this helps.
0
 
LVL 1

Author Closing Comment

by:max7
ID: 31467358
Thanks a lot guys; I'm going to read through all your comments and experiment with this.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 21801736
Thanks for the assist.  Good luck & have a great day
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
This video teaches users how to migrate an existing Wordpress website to a new domain.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now