Forum: Ruby on Rails how hidden field

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Thiti P. (Guest)
on 2009-05-06 11:17
(Received via mailing list)
Dear all,

i wrote script in view like this,
<% form_for :seq do |form| %>
      <legend>Source Information</legend>
        <div class="form_row">
          <label for="seq_id">User ID </label>
          <%= form.text_field  :user_id, :value => session
[:user_id],:size=>10 %>
 <% end %>

and i want hide this field to user but i want value= session[:user_id]
to  insert database automatically
how i do?
thank you
Franco C. (Guest)
on 2009-05-06 15:28
(Received via mailing list)
Change form.text_field for form.hidden_field, see
for more options.


Franco C..
Brendon W. (Guest)
on 2009-05-06 19:33
(Received via mailing list)
Just make sure you don't create a security hole where a "bad user"
could change the hidden user_id to create problems for the
Thiti P. (Guest)
on 2009-05-07 08:37
(Received via mailing list)
thank you so much
i use form.hidden_field .it's work

2009/5/6 Brendon <removed_email_address@domain.invalid>
Brendon W. (Guest)
on 2009-05-09 21:44
(Received via mailing list)
Just as long as you know that users can EASILY change values you put
into hidden fields... so If they can mess up the system, somebody

If you need to protect against that (and don't want to store this
stuff in the session which is where I'd put it) then ALSO include a
hash of the hidden value + a secret value to protect against changes.

This topic is locked and can not be replied to.