hidden_field(object_name, method, options = {}) public

Returns a hidden input tag tailored for accessing a specified attribute (identified by method) on an object assigned to the template (identified by object). Additional options on the input tag can be passed as a hash with options. These options will be tagged onto the HTML as an HTML element attribute as in the example shown.


hidden_field(:signup, :pass_confirm)
# => <input type="hidden" id="signup_pass_confirm" name="signup[pass_confirm]" value="#{@signup.pass_confirm}" />

hidden_field(:post, :tag_list)
# => <input type="hidden" id="post_tag_list" name="post[tag_list]" value="#{@post.tag_list}" />

hidden_field(:user, :token)
# => <input type="hidden" id="user_token" name="user[token]" value="#{@user.token}" />
Show source
Register or log in to add new notes.
July 30, 2008
19 thanks

Value parameter

You can add a value to your hidden field by using the :value parameter.

hidden_field(:object, :field, :value => params[:requestval])
June 7, 2010
2 thanks

No security

One important thing to remember is that this is NOT hidden in the source code and can be modified by an evil user so all input in a hidden field should be considered as untrustworthy and checked just like a visible field.

May 7, 2012
1 thank

Hidden Field Example

Here’s a pseudo code example of a hidden field within an ERB template. A post has many comments and this comment form is in a post’s show view. This would set a comment’s post_id attribute.

<%= form_for(@comment) do |f| %>

<%= f.hidden_field :post_id, :value => @post.id %>

<% end %>