hidden_field
![Extensive documentation Importance_4](https://d2vfyqvduarcvs.cloudfront.net/images/importance_4.png?1349367920)
hidden_field(object_name, method, options = {})
public
Returns a hidden input tag tailored for accessing a specified attribute (identified by method) on an object assigned to the template (identified by object). Additional options on the input tag can be passed as a hash with options. These options will be tagged onto the HTML as an HTML element attribute as in the example shown.
Examples
hidden_field(:signup, :pass_confirm) # => <input type="hidden" id="signup_pass_confirm" name="signup[pass_confirm]" value="#{@signup.pass_confirm}" /> hidden_field(:post, :tag_list) # => <input type="hidden" id="post_tag_list" name="post[tag_list]" value="#{@post.tag_list}" /> hidden_field(:user, :token) # => <input type="hidden" id="user_token" name="user[token]" value="#{@user.token}" />
![Default_avatar_30](https://www.gravatar.com/avatar/c4c2402d8b101ccbc9747b2fb45cd7df?default=http://apidock.com/images/default_avatar_30.png&size=30)
Value parameter
You can add a value to your hidden field by using the :value parameter.
Example
hidden_field(:object, :field, :value => params[:requestval])
![Default_avatar_30](https://www.gravatar.com/avatar/682233f4f5b894b2d328b0c98d0d7582?default=http://apidock.com/images/default_avatar_30.png&size=30)
No security
One important thing to remember is that this is NOT hidden in the source code and can be modified by an evil user so all input in a hidden field should be considered as untrustworthy and checked just like a visible field.
![Default_avatar_30](https://www.gravatar.com/avatar/e592374400b28da11c2bb03d163a09a1?default=http://apidock.com/images/default_avatar_30.png&size=30)
Hidden Field Example
Here’s a pseudo code example of a hidden field within an ERB template. A post has many comments and this comment form is in a post’s show view. This would set a comment’s post_id attribute.
<%= form_for(@comment) do |f| %>
<%= f.hidden_field :post_id, :value => @post.id %>
<% end %>