Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why are hidden fields used?

Tags:

asp.net

hidden-fields

I have always seen a lot of hidden fields used in web applications. I have worked with code which is written to use a lot of hidden fields and the data values from the visible fields sent back and forth to them. Though I fail to understand why the hidden fields are used. I can almost always think of ways to resolve the same problem without the use of hidden fields. How do hidden fields help in design?

Can anyone tell me what exactly is the advantage that hidden fields provide? Why are hidden fields used?

like image 600
pavanred Avatar asked May 21 '10 11:05

pavanred

2 Answers

Hidden fields is just the easiest way, that is why they are used quite a bit.

Alternatives:

  • storing data in a session server-side (with sessionid cookie)
  • storing data in a transaction server-side (with transaction id as the single hidden field)
  • using URL path instead of hidden field query parameters where applicable

Main concerns:

  • the value of the hidden field cannot be trusted to not be tampered with from page to page (as opposed to server-side storage)
  • big data needs to be posted every time, could be a problem, and is not possible for some data (for example uploaded images)

Main advantages:

  • no sticky sessions that spill between pages and multiple browser windows
  • no server-side cleanup necessary (for expired data)
  • accessible to client-side scripts
like image 154
Thilo Avatar answered Sep 19 '22 14:09

Thilo

Suppose you want to edit an object. Now it's helpful to put the ID into a hidden field. Of course, you must never rely on that value (i.e. make sure the user has appropriate rights upon insert/update).

Still, this is a very convenient solution. Showing the ID in a visible field (e.g. read-only text box) is possible, but irritating to the user.

Storing the ID in a session / cookie is prohibitive, because it disallows multiple opened edit windows at the same time and imposes lifetime restrictions (session timeout leads to a broken edit operation, very annoying).

Using the URL is possible, but breaks design rules, i.e. use POST when modifying data. Also, since it is visible to the user it creates uglier URLs.

like image 36
mnemosyn Avatar answered Sep 19 '22 14:09

mnemosyn
Sign in to Comment

Related questions

ASP.NET has no access to IIS metabase
Issue adding reference to class library project in ASP.NET 5 (Core)
appSettings and ConfigurationManager.AppSettings issue
Is ASP.net Model View Presenter worth the time?
The message received from the server could not be parsed
Re-Scaffold views after changing their model
Error "Visual Basic 9.0 does not support auto-implemented properties" on an interface in Visual Studio 2015 RC
How do I convert legacy ASP applications to ASP.NET?
How can I make visible an invisible control with jquery? (hide and show not work)
Get data from two tables(join) with linq and return result into view
How to send Json object (or string data) from Javascript xmlhttprequest to MVC Controller
Internal Server Error with httpHandlers section of web.config
How to call controller from the button click in asp.net MVC 4
Convert DataTable to IEnumerable<T> in ASP.NET Core 2.0
ASP.NET -- How to effectively use design patterns without over-engineering!
Using System.Web.Caching.Cache
How to generate a URL for ASP.NET MVC action, including hostname and port? [duplicate]
aspNetCore 2.2.0 - AspNetCoreModuleV2 error
Special Characters in web.config file
Does anyone know of an advanced diff tool for C#?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!