eXtropia: the open web technology company
Technology | Support | Tutorials | Development | About Us | Users | Contact Us
 ::   Tutorials
 ::   Presentations
Perl & CGI tutorials
 ::   Intro to Perl/CGI and HTML Forms
 ::   Intro to Windows Perl
 ::   Intro to Perl 5
 ::   Intro to Perl
 ::   Intro to Perl Taint mode
 ::   Sherlock Holmes and the Case of the Broken CGI Script
 ::   Writing COM Components in Perl

Java tutorials
 ::   Intro to Java
 ::   Cross Browser Java

Misc technical tutorials
 ::   Intro to The Web Application Development Environment
 ::   Introduction to XML
 ::   Intro to Web Design
 ::   Intro to Web Security
 ::   Databases for Web Developers
 ::   UNIX for Web Developers
 ::   Intro to Adobe Photoshop
 ::   Web Programming 101
 ::   Introduction to Microsoft DNA

Misc non-technical tutorials
 ::   Misc Technopreneurship Docs
 ::   What is a Webmaster?
 ::   What is the open source business model?
 ::   Technical writing
 ::   Small and mid-sized businesses on the Web

Offsite tutorials
 ::   ISAPI Perl Primer
 ::   Serving up web server basics
 ::   Introduction to Java (Parts 1 and 2) in Slovak


introduction to web programming
Hidden Widgets  
Another very useful input widget is the HIDDEN field that is used to pass administrative data to the server. The data and the value are hidden from the user so that they can't easily modify it. In fact, the HIDDEN input widget is totally invisible to the user.

For the most part, the HIDDEN tag is used so that you can pass administrative data. As such, it takes a NAME and a VALUE attribute.

For example, consider the following hidden field...

    <INPUT TYPE = "HIDDEN" NAME = "admin"
           VALUE = "selena">
    <INPUT TYPE = "HIDDEN" NAME = "form_version"
           VALUE = "2.1">

In this case, the browser would simply tag on the following name/value pair in the HTTP message body:


Since the user is not concerned with this administrative data, it is hidden from them. However, you can pass as much data as you want using this input method

Regardless, we will talk a lot more about hidden fields tomorrow when we discuss "state maintenance" in more detail.

It is important to note that a crafty user could view the source of your form, copy it to their own web server, change the values of the hidden fields, and submit the faulty data to your server. So you cannot assume that hidden data is totally secure.

Previous | Next | Table of Contents