Hidden Form Fields

Is there a way to post some values in a form without using hidden fields?

The user should not be able to read 开发者_运维知识库these values by checking the DOM.

You can use hidden fields for posting data. But if you want that the user should not be able to read the values set in hidden field, you can encrypt the value before setting in the hidden field and then set it.

In this way nobody except you, who knows how to decode the value, would be able to read it.

Hope this helps.

AJAX can post any values you like, whether or not they appear in the form.

Well, whatever method you use the data is visible. The way sensitive data can be handled 'safely' on a public webpage is twofold.

1. Encrypt the data, as other poster mentionned.

2. Use ssl ( https:// ) for the pages you want secured. This prevents any 3rd party from sniffing the traffic generated by your users requests.

With these 2 simple steps properly implemented, the data, though not 100% secure ( nothing is secure on the net ), it is a lot harder to attain.

Using this two way passworded encryption class

http://www.tonymarston.net/php-mysql/showsource.php?file=std.encryption.class.inc

and following the usage example

http://www.tonymarston.net/php-mysql/showsource.php?file=encryption.php

you can get something like this

http://www.tonymarston.net/php-mysql/encryption.php

Then in your situation you can do this:

<form >
<input type="hidden" name="data value="<?php echo($encryptedData); ?>" />
</form>

or you could do this

<?php setcookie("formdata", $encryptedData, time()+3600);  /* expire in 1 hour */ ?>

Then on the other end you can decrypt the data using your password.

If I'm reading your question correctly, no, not really.

If you give something to the user and get it back, the user can modify it.

Why are you in need of this functionality? If you give us some context, I bet you'll get a definitive answer.