Written by: Geoffrey Callaghan
Five Uses for Hidden Form Inputs
Five Uses For Hidden Form Inputs
Hidden form inputs are a useful feature in web development that allows you to include data in a form without displaying it to the user. Here are five common uses for hidden form inputs:
Hidden inputs can be used to preserve data between different pages or steps in a multi-step form. This ensures that data entered on one page is not lost when the user navigates to another page.
<input type="hidden" name="step" value="2">
Hidden inputs can capture and send tracking information to the server when the form is submitted. This is useful for analytics, marketing, and understanding user behavior.
<input type="hidden" name="referrer" value="email_campaign">
<input type="hidden" name="landing_page" value="/special-offer">
Hidden inputs are often used to include security tokens, such as CSRF (Cross-Site Request Forgery) tokens, to ensure that the form submission is coming from a legitimate source.
<input type="hidden" name="csrf_token" value="1234567890abcdef">
When rendering a form server-side, hidden inputs can be used to pass additional data that the client-side script might need to process when the form is submitted.
<input type="hidden" name="user_id" value="42">
<input type="hidden" name="session_id" value="abc123">
Hidden inputs can store metadata that might be necessary for processing the form submission but should not be altered by the user. This includes things like form versioning, user preferences, or contextual data.
<input type="hidden" name="form_version" value="1.0">
<input type="hidden" name="user_role" value="admin">
In a multi-step registration form, you can keep track of which step the user is on:
HTML Form (Step 2):
<form action="/register-step-3" method="POST">
<input type="hidden" name="step" value="2">
<input type="hidden" name="first_name" value="John">
<input type="hidden" name="last_name" value="Doe">
<!-- Step 2 fields here -->
<button type="submit">Next</button>
</form>
Capture the source of the user visit for marketing analysis:
HTML Form:
<form action="/submit-form" method="POST">
<input type="hidden" name="referrer" value="email_campaign">
<input type="hidden" name="landing_page" value="/special-offer">
<!-- Form fields here -->
<button type="submit">Submit</button>
</form>
Include a CSRF token to protect against CSRF attacks:
HTML Form:
<form action="/submit-form" method="POST">
<input type="hidden" name="csrf_token" value="1234567890abcdef">
<!-- Form fields here -->
<button type="submit">Submit</button>
</form>
Pass server-generated data to the client:
HTML Form:
<form action="/submit-form" method="POST">
<input type="hidden" name="user_id" value="42">
<input type="hidden" name="session_id" value="abc123">
<!-- Form fields here -->
<button type="submit">Submit</button>
</form>
Store form version and user role information:
HTML Form:
<form action="/submit-form" method="POST">
<input type="hidden" name="form_version" value="1.0">
<input type="hidden" name="user_role" value="admin">
<!-- Form fields here -->
<button type="submit">Submit</button>
</form>
Hidden form inputs are a versatile tool in web development, offering various uses from state preservation to security. Properly leveraging hidden inputs can enhance the functionality, security, and user experience of your web forms.