php hide variable from javascript [duplicate] - javascript

I created now a Javascript Code that get the php variable into javascript code, my issue that the php variable is important and I don't want any can see this variable is there is any way to do that by the way I tried to use obfuscator but it doesn't work because of the PHP code inside the Javascript code, let's say this is my Code,
<?php
$var = "this is impotant";
?>
<script type="text/javascript">
var javaScriptVar = "<?php echo $var; ?>";
</script>
So, is there any way to use PHP variables in Javascript code or hide the result of the PHP code?

Nobody sees the PHP code. But if you expose values into Javascript, they are not secret anymore. There is no way to deal with this. You cannot use the value in Javascript and NOT reveal it.
If you want to keep process data secret on the server, and available for the next request of that user, use a session.

People will only see the value of the variable. They wont know what it is or how important it is supposed to be. Nobody will see the variable name because the PHP code is executed BEFORE the page is sent to the client. Therefore there is no need to obfuscate the value, and you cant anyway since you need the value.
An example. if I use this PHP code in my file
<p>Hello Mr <?php echo $MY_SUPER_SECRET_VARIABLE ?></p>
the only thing people will be able to see in the source when the page loads is
<p>Hello Mr Bond</p>
The same rule applies if it is placed in Javascript

First you need to understand that Javascript is executed on the client side, every piece of code and variable are in some way accessible by someone with some programming background.
Although you can obfuscate the source code and encrypt the variable to make it harder to read, there is no 100% protection when things happen on client side.

who wants to get the value, will get it. but you can
dynamically inject them via ajax
encode (base64 etc.) the value
obfuscate the code

PHP files will be interpreted into static (like html or xml format) file, means that all variables will be replaced with certain values.What users see is static, no php code displayed but just interpreted text.

Related

How does php know when interpret and when to output?

I recently tried including JavaScript using PHP as such:
<?php include 'iife.SomeFile.js';?>
I did not expect it to work, b.c. I thought it would try to interpret the JS as PHP, but instead it just included the file as I asked it.
Is it b.c. I simply omitted the <?php tag that it chose to output the file as text.
Makes me wonder if I can include pretty much any type of file I want.
Also, makes the purpose of SSI seem redundant.
Because this is a valid PHP file:
<html>
...
<script>
var foo = 'bar';
</script>
You may notice that there's no PHP at all in this file, yet it's still valid. That's because PHP was designed as an embedded language to be used in HTML, delimited by the <?php ?> tags. PHP passes anything that's not in those tags through as is.
Also, makes the purpose of SSI seem redundant.
The existence of one language does not make another redundant. Many languages overlap with many other languages in what they can do. Doesn't mean we should all be using just one language. For one, SSI is a lot more lightweight than a full-blown PHP instance if all you want is to include a file.
PHP includes work the same way includes for languages such as C. They simply include or insert the file at that point.
It's just like typing in that entire file yourself where you put the include.
PHP code is executed on the server side. JavaScript is executed on the client side (except with node.js)
The include statement is used to include PHP code. You can use it to include a php lib file in your code.

JS, PHP, Html File Conventions

I have 3 questions, but I think the first 2 are very simple, so I'll ask them all here.
I normally work in C++ with SQL (and sometimes with VBA), and I'm trying to figure out the basics of JS, PHP & HTML (I've mostly got the jist of HTML and CSS).
I have 5 different reference books plus the net, but one thing I can't seem to find anything about are the file exts (.js, .php, .html).
From my tests I have come to realize that you can usually run JS scripts in other file types, but PHP seems to require the .php ext.
So the questions are:
Do I always have to use *.php for PHP scripting?
In a SINGLE file, can I delay PHP execution by simply putting the code into a function?
eg
<?php
function test() {echo "hello world";}
//as opposed to:
echo "hello world";
?>
When using multiple files, are there any compelling reasons to (or not to) always put scripts in their corresponding file types (e.g. JS in *.js). Obviously this would make it easier to understand / read, especially as it grows BUT can this create problems?
No, you can use any extension you want. Even if you want, don't use extension at all. But then, tell your server what interpreter to use when he founds he has to parse a *.wtf file. I mean, you're running a the script "file.wtf" from the command line you can do it like this:
$>php file.wtf
but if the script is to be parsed by your favorite web server (like Apache) because it is part of (say) a web page, then you have to configure it to interpret .wtf files with the PHP library.
By simply putting it in a function:no. But you really want to delay execution, use the sleep function
Just what you said: You can mix html and javascript code in your php files, but that is very messy.

Is it possible to use $_SESSION with a Javascript file?

I have a Javascript file main.js and I need to use echo $_SESSION["username"] within it, but it doesn't work obviously. Is there any way I can do this / some kind of workaround?
You cannot execute PHP code in a .js file but there are ways to work around it. You could use an ajax call to get that variable (check out this link for ajax tips).
Depending on the information you wish to store, you could also get PHP to echo it into a specific element in your html page and then use JS to look up that element like this:
echo "<span id='usernameForJS' style='display: none;'>".$_SESSION['USERNAME']."</span>";
And then go and grab that elements inner html with JS like this:
var username = document.getElementById('usernameForJS').innerHTML;
I would advise AJAX just because then there is no need for almost redundant elements in your page. And obviously don't use the second method for anything sensitive.
There is a option I saw on css-tricks.com
https://css-tricks.com/snippets/htaccess/use-php-inside-javascript/
I have never tried on my own but commentators said it works.
There is also a explanation of how you could do this in the comments:
https://css-tricks.com/snippets/htaccess/use-php-inside-javascript/#comment-85757
But don't forget taht this is a rather "hacky" way to do it, you should consider to open that javascript file and instantiate your class/function(or whatever is in this file) from the .php-page.

Using PHP variables in jQuery plugin initialization?

I have a jQuery image gallery plugin that I'm using extensively throughout a site for which I'm building PHP templates. In the properties for the plugin initialization, most of the values will remain the same throughout the site, aside from a few exceptions. In these instances, I'm wondering if it's ok for me to pass in a value for the property via PHP; e.g. if there is a property called "thumbnailsVisible" in certain cases I will want this set to true, and in others, false. Thus, is there anything wrong with assigning a value to a corresponding variable and including the following in the jQuery initialization within the template:
thumbnailsVisible : <?php echo $thumbnailsVisible; ?>
I realize I could also just externalize the initialization in a js file and create different versions as needed, but this would be much simpler provided there isn't anything wrong with this approach...
Also, if there's a completely different approach that would be optimal, I'd appreciate any sort of assistance. Thanks.
Yes. You can do this.
PHP is processed on the server side and only sent to client when it's processed.
You could write a php script to return the JavaScript and pass in an argument.
Eg.
<?php
$thumbnailVisible = isset($_GET['showthumb']) ? $_GET['showthumb'] : 'false';
?>
$.func({
thumbnailsVisible: <?php echo $thumbnailVisible; ?>
});
If it doesn't work correctly, try specify the content-type using header().
header('Content-type: application/javascript');
Place this at the top of the PHP script.
Yes, you could do that , actually i come across cases like that very often and i usually do the same .
You can check the code here :
(Although that is based on codeIgniter)

In webpy, how can I assign a javascript value to a python variable?

I'm looking for a simple way to assign a value held by a javascript variable to a python variable in a webpy template. I have an int value held by a js variable that I want to use to get an element of a python array. For example (if I want $list[0] in a template):
<script>
...
foo = 0
$i = foo ??? (doesn't work...)
return $list[ foo ] ??? (doesn't work...)
...
</script>
Sorry if that isn't as clear as I hope it is. I've tried a ton of different ways to do this, and I can't seem to make it work. Thanks!!!
To expand on Pointy's answer, what you are asking for does not make sense because web pages code is run in a certain order, and you are trying to make it run backwards.
The webserver (python) gets a request. It uses templates to construct a response for that request, and returns and HTML page and sends it to the client. At this point, generally, the python code is done running.
The client (browser) gets the web page. It loads all the other resources it needs to display it, and then runs the javascript.
The javascript and python, therefore, are running on different computers at different times. The solution to your problem is probably going to be a little more complicated then you were hoping for: you have to make a server request from javascript to get the data from the server after the page is loaded on the client, and then manually add it to the DOM.

Categories

Resources