I think your hidden fields are actually there, in request.post_vars. Just print request.post_vars and look for them in the console.
You can use an onvalidation function to add them to the form. Just make sure you validate them, too, as they are untrusted. If you're really paranoid, you could verify that the ID: name pair submitted correspond to values in the db. On Tuesday, October 30, 2012 6:08:53 AM UTC-4, Viliam Oršula wrote: > > Hello, > I'm writing simple webpage for adding purchased items into database. There > is one div(*newItem*) with fields as *itemName*, *itemID*, *price* and > add button. *itemID* is hidden field, which is filled with value from > DB(ajax) according to user input. > I don't want to submit page until list of purchased items is complete, > therefore I use javascript to copy my*newItem* div into form. At the > beginning, form has no divs no fields, just submit button. I can add as > many items as I like and then hit submit button and form is submitted. > My problem is: *All data are submitted except for hidden fileds.* > If I googled right this is due to security reasons. > > How can I solve it preserving this: > 1. Form is submitted just after filling whole purchase list, not after > every item. (For that form has to remain javascript generated as it is. Or > not?) > 2. Form has to have hidden fields, because I need get some data, which > user is not supposed to see. (Or is there better way of doing this than > using hidden fileds?) > > Is there easy solution to my problem, or am I doing this completely wrong? > --
