Hidden fields are incredibly simple and very useful for passing data in a form you might not want your end user seeing. It is handy for passing
ugly data that you might not want visible to your users. You can also use it for carrying values from page to page - maintaining your state in a multi-part form, for example.
A hidden field is basically a name and a value:
print $cgi->textfield(
-name => 'hidden_message',
-default => 'This message is a hidden field.',
);
That's all it is. Here is what the above example produces in plain HTML:
<input type="text" name="hidden_message" value="This message is a hidden field." />
You might think that a hidden field offers some security since the user can't directly alter it's contents, but don't be mislead by the term
hidden. Using hidden fields is no safer than any other form field, and
all data should be validated and checked on the server side.
