Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why are hidden fields used?

I have always seen a lot of hidden fields used in web applications. I have worked with code which is written to use a lot of hidden fields and the data values from the visible fields sent back and forth to them. Though I fail to understand why the hidden fields are used. I can almost always think of ways to resolve the same problem without the use of hidden fields. How do hidden fields help in design?

Can anyone tell me what exactly is the advantage that hidden fields provide? Why are hidden fields used?

like image 600
pavanred Avatar asked May 21 '10 11:05

pavanred


2 Answers

Hidden fields is just the easiest way, that is why they are used quite a bit.

Alternatives:

  • storing data in a session server-side (with sessionid cookie)
  • storing data in a transaction server-side (with transaction id as the single hidden field)
  • using URL path instead of hidden field query parameters where applicable

Main concerns:

  • the value of the hidden field cannot be trusted to not be tampered with from page to page (as opposed to server-side storage)
  • big data needs to be posted every time, could be a problem, and is not possible for some data (for example uploaded images)

Main advantages:

  • no sticky sessions that spill between pages and multiple browser windows
  • no server-side cleanup necessary (for expired data)
  • accessible to client-side scripts
like image 154
Thilo Avatar answered Sep 19 '22 14:09

Thilo


Suppose you want to edit an object. Now it's helpful to put the ID into a hidden field. Of course, you must never rely on that value (i.e. make sure the user has appropriate rights upon insert/update).

Still, this is a very convenient solution. Showing the ID in a visible field (e.g. read-only text box) is possible, but irritating to the user.

Storing the ID in a session / cookie is prohibitive, because it disallows multiple opened edit windows at the same time and imposes lifetime restrictions (session timeout leads to a broken edit operation, very annoying).

Using the URL is possible, but breaks design rules, i.e. use POST when modifying data. Also, since it is visible to the user it creates uglier URLs.

like image 36
mnemosyn Avatar answered Sep 19 '22 14:09

mnemosyn