I want to know what <input type="hidden"> is doing in the following HTML.
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
it is specifying a form value that will including with the post, but not shown on the screen to the user, hence the hidden. In this case it is specifying the max file size that the form should allow to upload. It isn't very secure, since you can craft your own post to send.
Because it's just a bunch of data that's sent to the script, you just can guess it :)
My guessing is, that this field limits the size of the file you can upload - most likely in bytes, so it's around 2MB you can upload.
Please keep in mind, that the script, using this output does not need to handle this data. If it isn't handled in the script, it's ignored.
The file-size is may not only controlled by this hidden field ...
In general hidden input is added to send some additional info along with non-hidden data. It could be a session ID, encoded metadata, or whatever. Actually I don't see the reasons for adding MAX_FILE_SIZE cause this value could be set in php.ini file (in case of using PHP as a server-side platform).
