Posted inPHP

What Are Hidden Fields in PHP? See Examples

Hidden fields are HTML input elements that are not shown to the user but are submitted along with form data. They are a powerful way to pass information silently from one page to another in PHP applications. Developers use them for tracking, multi-step form submissions, cart systems, CSRF tokens, and more.

Let’s dive deep into how they work.

⭐ What Are Hidden Fields in PHP?

A hidden field is an <input> element with:

type="hidden"

Example:

<input type="hidden" name="userid" value="123">

The user cannot see this on the page, but PHP receives the value through $_POST or $_GET.

⭐ Why Hidden Fields Are Used

Hidden fields help in:

  • Passing data between pages
  • Keeping track of user progress
  • Storing tokens for security validation
  • Maintaining state temporarily
  • Sending IDs without showing them
  • Tracking user source or metadata
  • Shopping cart product management

They are simple yet very useful.

⭐ How Hidden Fields Work in PHP

1. Adding a Hidden Field in HTML

<form action="process.php" method="post">
    <input type="text" name="username" placeholder="Enter your name">
    
    <input type="hidden" name="userid" value="556">
    
    <button type="submit">Submit</button>
</form>

2. Accessing It in PHP

process.php

<?php
$username = $_POST['username'];
$userid   = $_POST['userid'];

echo "Name: $username <br>";
echo "User ID: $userid";
?>

This shows how PHP reads values sent through hidden fields.

⭐ Real-World Applications

1. Multi-Step Forms

Hidden fields pass data between steps:

<input type="hidden" name="step" value="2">

2. Shopping Cart Systems

Stores product IDs without showing them:

<input type="hidden" name="product_id" value="1990">

3. CSRF Tokens (Security)

A common security technique:

$token = bin2hex(random_bytes(16));

<input type="hidden" name="token" value="<?php echo $token; ?>">

4. Tracking User Source

<input type="hidden" name="ref" value="instagram">

5. Page State Management

<input type="hidden" name="page" value="3">

⭐ Important: Hidden Fields Are Not Secure

Hidden fields are invisible, but users can still:

  • View them in the HTML source
  • Modify them using browser developer tools

Therefore, never store sensitive data such as:

❌ Passwords
❌ Billing data
❌ Admin roles
❌ Authentication data

Always validate hidden field values on the server.

⭐ Example: Timestamp Using Hidden Field

<input type="hidden" name="submitted_at" value="<?php echo time(); ?>">

PHP:

echo date('Y-m-d H:i:s', $_POST['submitted_at']);

Useful for analytics or tracking form submission delays.

⭐ Passing Arrays via Hidden Fields

Hidden fields also support array values:

<input type="hidden" name="items[]" value="A1">
<input type="hidden" name="items[]" value="A2">
<input type="hidden" name="items[]" value="A3">

PHP:

print_r($_POST['items']);

⭐ Best Practices

✔ Validate all hidden field data in PHP
✔ Use for safe metadata only
✔ Use sessions for sensitive info
✔ Combine with CSRF tokens for security
✔ Keep meaningful field names
✔ Do not expose important logic through hidden fields

Citations

🔗 View other articles about PHP:
http://savanka.com/category/learn/php/

🔗 External PHP Documentation:
https://www.php.net/manual/en/

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *