Forum: Ruby on Rails how hidden field

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
A3ae9f39c4b2fd0fa048bfa43ca2a495?d=identicon&s=25 Thiti Panya (plemazako)
on 2009-05-06 09:17
(Received via mailing list)
Dear all,


i wrote script in view like this,
<% form_for :seq do |form| %>
     <fieldset>
      <legend>Source Information</legend>
        <div class="form_row">
          <label for="seq_id">User ID </label>
          <%= form.text_field  :user_id, :value => session
[:user_id],:size=>10 %>
        </div>
   </fieldset>
 <% end %>

and i want hide this field to user but i want value= session[:user_id]
to  insert database automatically
how i do?
thank you
84fbb9c2a7b05c3ddf39904514585a90?d=identicon&s=25 Franco Catena (Guest)
on 2009-05-06 13:28
(Received via mailing list)
Change form.text_field for form.hidden_field, see
http://api.rubyonrails.org/classes/ActionView/Help...
for more options.

Regards.

Franco Catena.
054ea2f04b5592b91f8223796cc53979?d=identicon&s=25 Brendon Whateley (brendon)
on 2009-05-06 17:33
(Received via mailing list)
Just make sure you don't create a security hole where a "bad user"
could change the hidden user_id to create problems for the
application.
A3ae9f39c4b2fd0fa048bfa43ca2a495?d=identicon&s=25 Thiti Panya (plemazako)
on 2009-05-07 06:37
(Received via mailing list)
thank you so much
i use form.hidden_field .it's work
-_-

2009/5/6 Brendon <brendon@darkindigo.com>
054ea2f04b5592b91f8223796cc53979?d=identicon&s=25 Brendon Whateley (brendon)
on 2009-05-09 19:44
(Received via mailing list)
Just as long as you know that users can EASILY change values you put
into hidden fields... so If they can mess up the system, somebody
will.

If you need to protect against that (and don't want to store this
stuff in the session which is where I'd put it) then ALSO include a
hash of the hidden value + a secret value to protect against changes.

Brendon.
This topic is locked and can not be replied to.