Sometimes, you might need to include information with your form that shouldn't be displayed to the visitor or left to the visitor to fill in. In these kinds of circumstances, you can use hidden fields, which do not display in the browser. Hidden fields are often used with server-side scripting when specific information is required for processing the form: for gathering the name, order number, or other relevant information about a product that is being purchased; to provide an e-mail address and a subject header if the form will be sent to e-mail; for including the URL of a page to which you want to redirect visitors after they have filled out your form; for passing information from one form to another; or for requiring certain fields to be completed by the visitor. In such cases, server-side scripting is required to process the hidden fields. JavaScript can also be combined with hidden fields (in what is known as client-side scripting) for situations in which server-side scripting is not needed or available. In client-side scripting, the visitor's browser (the client) processes the scripts. You learned about JavaScript in Lesson 8. If no scripting is used in connection with the hidden field when the form is submitted for processing, the hidden fields embedded in the form are included just like values from other form objects.
In this case, you are including the title of this form as a predefined value for the hidden field. Information that always remains the same can be passed to dynamic pages and CGI scripts through these kinds of hidden fields. Hidden fields using values that are set in this manner are not encrypted or securethey can easily be seen in the document source code through the browser. Do not place any information that is sensitive (such as passwords) into these kinds of hidden fields. Secure hidden fields can be created when dynamically generating the value of the field through the use of dynamic pages or CGI scripts. The name and value of hidden fields are usually dependent on the script that is being used to process them. For example, some scripts that send the data to an e-mail address might use "recipient" as the name of the hidden field and the e-mail address to which the data should be sent as the value. This name and value pair does not function unless you have the script that processes the recipient field on your server. Note File fields are another field type that you can use in forms. A file field makes it possible for you to let visitors send files to you via your form. This capability can be useful when you need to receive documents relating to the data collected in the form. For example, a file field might be made available on a job application for which you want the visitor to submit a resume. File fields rely on the server to process the data received by the form and upload or otherwise direct the file to an appropriate location. |