Pass hidden value in <a> tag

Hi all

Is it possible to pass a hidden value through a href=“” tag

just like we pass

<input type="hidden" value="something">

i want to do same thing but with a href tag ??

is it possible ??

i dont want to pass or show value in browser on clicking link as


1 Like

It depends on what you are linking to.

I seem to remember doing it with a form and GET in the past.

But if you use GET, the value will show up in the URL. Why not use a form with just a type="hidden" input box and a submit button, using POST?

OP wants to do this in an anchor tag rather than a form. I suppose it could be done using a cookie.

I think it’s one of those questions where you need to ask why you want to do this? What are you trying to achieve?
Knowing that may point to a suitable solution.

1 Like

how about an ajax event and set a session variable etc?

No, you can’t do that.

Anything in the HTML is going to be accessible to users. The same holds true for hidden input elements. Never reveal sensitive data in html via hidden form inputs or otherwise. Doing so is a huge security vulnerability. Like others have stated there is a more appropriate way to solve your problem.

1 Like

but if it was done using an ajax in a function you could set the secret bit in the php page the ajax is calling, without the user seeing what it is. If someone looked at the html they would just see the ‘onlick function’

I have a really simple ajax function that just inserts a vote into a table when someone clicks a link, but it could do anything like set a cookie or variable.

Only downside is if JS is disabled.

Sorry I meant POST

That isn’t hidden - it is visible to anyone who views the source.

1 Like

Hi all

thanks for all the replies

as many have suggested to do it via ajax.

i know ajax works in all browsers.

if i dont want to disclose any links variables inside an email then will ajax work inside email clients ??


only in browsers with JavaScript enabled. With so many junk scripts out there a lot of people only enable JavaScript for the specific sites where they know it works properly.

I’ve only ever heard of people doing that on this forum – no where else. Aeverage users aren’t going to do that. So I think you’re slightly over exaggerating.

This problem reminds me of

“I want people to be able to download content to their browser, but not to be able to have the content on their computer.”

Maybe <input type="hidden" would more accurately be <input type="not_rendered"
I imagine a good number of people don’t know about “view source” or “F12”, but I would not rely on that in keeping something hidden.

In terms of links, there are GET variables.
These can be obvious such as index?lang=en or less obvious as “friendly” URLs index/en/


The ones you need to be worried about know it.

1 Like

No. Some email clients are able to execute javascript but this option is off by default. Web based email clients strip javascript off. You can maybe count on ~0.5% of users to be able to run your ajax in emails.

and all of those will have their computers full of viruses installed via JavaScript from an email. Turning JavaScript off in emails is the most basic security measure you can apply to any computer. It’s a real mystery why so many email programs allow you to completely disable computer security by enabling it ever.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.