I am curious about the original purpose of the <input type="hidden"> tag.
Nowadays it is often used together with JavaScript to store variables in it which are sent to the server and things like that.
Therefore, the <input type="hidden"> existed before JavaScript, so what was its original purpose? I can only imagine of sending a value from the server to the client which is (unchanged) sent back to maintain a kind of a state. Or do I get something wrong in the history of it and <input type="hidden"> was always supposed to be used together with JavaScript?
If possible, please also give references in your answers.
This question is related to
javascript
html
history
In short, the original purpose was to make a field which will be submitted with form's submit. Sometimes, there were need to store some information in hidden field(for example, id of user) and submit it with form's submit.
From HTML September 22, 1995 specification
An INPUT element with `TYPE=HIDDEN' represents a hidden field.The user does not interact with this field; instead, the VALUE attribute specifies the value of the field. The NAME and VALUE attributes are required.
basically hidden fields will be more useful and advantages to use with multi step form. we can use hidden fields to pass one step information to next step using hidden and keep it forwarding till the end step.
Cross-site request forgery is a very common website vulnerability. Requiring a secret, user-specific token in all form submissions will prevent CSRF attacks since attack sites cannot guess what the proper token is and any form submissions they perform on the behalf of the user will always fail.
If you need to store what step in a multi-page form the user is currently on, use hidden input fields. The user doesn't need to see this information, so hide it in a hidden input field.
General rule: Use the field to store anything that the user doesn't need to see, but that you want to send to the server on form submission.
I'll provide a simple Server Side Real World Example here, say if the records are looped and each record has a form with a delete button and you need to delete a specific record, so here comes the hidden field in action, else you won't get the reference of the record to be deleted in this case, it will be id
For example
<?php
if(isset($_POST['delete_action'])) {
mysqli_query($connection, "DELETE FROM table_name
WHERE record_id = ".$_POST['row_to_be_deleted']);
//Here is where hidden field value is used
}
while(condition) {
?>
<span><?php echo 'Looped Record Name'; ?>
<form method="post">
<input type="hidden" name="row_to_be_deleted" value="<?php echo $record_id; ?>" />
<input type="submit" name="delete_action" />
</form>
<?php
}
?>
The values of form elements including type='hidden' are submitted to the server when the form is posted. input type="hidden" values are not visible in the page. Maintaining User IDs in hidden fields, for example, is one of the many uses.
SO uses a hidden field for the upvote click.
<input value="16293741" name="postId" type="hidden">
Using this value, the server-side script can store the upvote.
Source: Stackoverflow.com