Login/Register
Using hidden value instead of $_GET or $_REQUEST
Asked Answered
Solved phpgetrequesthidden
H

2

5

I have been using hidden values for forms.

Example: 

 <form method="post" action="page.php">
 <input type="text" name="name""
 <input type="hidden" name="book_id" value="$bookid">
 <input type="button">
 </form>

$bookid is the $_GET value for book.php?id=34324

So instead of doing page.php?id=$bookid I am using $bookid in hidden field.

My Question: Is it harmful if i use hidden values vs using $GET or $POST in the form action?

Hedve answered 8/11, 2011 at 16:7 Comment(4)
Hidden values are perfectly fine for propagating data from one form to another. You may also consider storing the data in the user's session.Avruch
@Digital there is no point in propagating data from one form to another.Abstractionism
@Col. Shrapnel: Sure there is, we've used it from time to time.Avruch
Of course, if you use the GET method, your hidden value will be very visible in the address bar, hence not hidden.Dame
S
4

To answer your question: no it is not harmful to use hidden inputs in this way.

To fix the supplied code you need to give your hidden input a name and change the method to GET:

 <?php
 if(array_key_exists('id', $_GET)) {
     $bookid = (int) $_GET['id'];
 }
 ?>

 <form method="get" action="page.php">
     <input type="text" name="name">
     <input type="hidden" name="id" value="<?php echo $bookid; ?>">
     <input type="button">
 </form>
Smite answered 8/11, 2011 at 16:9 Comment(1)
It is important to sanitise any user input though, as this example does by converting $_GET['id'] to an integer. A more general alternative is htmlspecialchars(): <input type="hidden" name="id" value="<?php echo htmlspecialchars($_GET['id']); ?>">Flexile
A
3

Question is: is it harmful if i use hidden values vs using $GET or $POST in the form action?

The answer is: actually you will have your hidden value either in the $_GET or $_POST array according to the chosen method. And no, there is no harm in using hidden inputs. Though there is no gains either.

Abstractionism answered 8/11, 2011 at 16:31 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.