I need put something to params, and read that value from controller, but it must be not visible/editable by user.
I know i can put hidden input, but it can be still edit by user (with browser/inspect element).
Can you elaborate on your use case? In general the user can edit anything, there’s nothing you can do to prevent that.
You can try to detect if they’ve edited something by placing a signed value in the form. Alternatively it may be easier to just put something in the user’s session which is encrypted by Phoenix and can’t be edited by the user.