I recently tried including JavaScript using PHP as such:
<?php include 'iife.SomeFile.js';?>
I did not expect it to work, b.c. I thought it would try to interpret the JS as PHP, but instead it just included the file as I asked it.
Is it b.c. I simply omitted the <?php tag that it chose to output the file as text.
Makes me wonder if I can include pretty much any type of file I want.
Also, makes the purpose of SSI seem redundant.
Because this is a valid PHP file:
<html>
...
<script>
var foo = 'bar';
</script>
You may notice that there's no PHP at all in this file, yet it's still valid. That's because PHP was designed as an embedded language to be used in HTML, delimited by the <?php ?> tags. PHP passes anything that's not in those tags through as is.
Also, makes the purpose of SSI seem redundant.
The existence of one language does not make another redundant. Many languages overlap with many other languages in what they can do. Doesn't mean we should all be using just one language. For one, SSI is a lot more lightweight than a full-blown PHP instance if all you want is to include a file.
PHP includes work the same way includes for languages such as C. They simply include or insert the file at that point.
It's just like typing in that entire file yourself where you put the include.
PHP code is executed on the server side. JavaScript is executed on the client side (except with node.js)
The include statement is used to include PHP code. You can use it to include a php lib file in your code.
Related
I created now a Javascript Code that get the php variable into javascript code, my issue that the php variable is important and I don't want any can see this variable is there is any way to do that by the way I tried to use obfuscator but it doesn't work because of the PHP code inside the Javascript code, let's say this is my Code,
<?php
$var = "this is impotant";
?>
<script type="text/javascript">
var javaScriptVar = "<?php echo $var; ?>";
</script>
So, is there any way to use PHP variables in Javascript code or hide the result of the PHP code?
Nobody sees the PHP code. But if you expose values into Javascript, they are not secret anymore. There is no way to deal with this. You cannot use the value in Javascript and NOT reveal it.
If you want to keep process data secret on the server, and available for the next request of that user, use a session.
People will only see the value of the variable. They wont know what it is or how important it is supposed to be. Nobody will see the variable name because the PHP code is executed BEFORE the page is sent to the client. Therefore there is no need to obfuscate the value, and you cant anyway since you need the value.
An example. if I use this PHP code in my file
<p>Hello Mr <?php echo $MY_SUPER_SECRET_VARIABLE ?></p>
the only thing people will be able to see in the source when the page loads is
<p>Hello Mr Bond</p>
The same rule applies if it is placed in Javascript
First you need to understand that Javascript is executed on the client side, every piece of code and variable are in some way accessible by someone with some programming background.
Although you can obfuscate the source code and encrypt the variable to make it harder to read, there is no 100% protection when things happen on client side.
who wants to get the value, will get it. but you can
dynamically inject them via ajax
encode (base64 etc.) the value
obfuscate the code
PHP files will be interpreted into static (like html or xml format) file, means that all variables will be replaced with certain values.What users see is static, no php code displayed but just interpreted text.
I have a javascript file, myjs.php, that is generated on the server and delivered to the browser with a header.
Header("content-type: application/x-javascript; charset=utf-8");
The file is large and contains a lot of comments that are echoed within the js sections:
echo " // comments /* comments */ etc.
I appreciate that, if necessary, I could rewrite the php so that all comments were within php sections.
Is there a way, within PHP, to remove these comments at runtime so that they are not part of the file that is delivered to the browser, either by minifying or by some other means?
You can use tool such as UglifyJS from a PHP wrapper. There are packages to handle it, like UglifyPHP. After your file is generated, run the minifier on it, which will also strip comments:
use UglifyPHP\JS;
$js = new JS(['myjs.php']);
$js->minify('myjs.js', [
'comments' => false,
]);
In combination with ob_start(), ob_get_contents(), ob_end_clean() and using raw file stream as input you can achieve desired result.
Update:
Added this on demand by OP, if one haven't got possibility to use anything other than pure LAMP stack.
Here's a reference on how to remove single- and multiline PHP comments from a file:
Regex to strip comments and multi-line comments and empty lines
And here's working universal solution:
Best way to automatically remove comments from PHP code
This do the trick.
I have 3 questions, but I think the first 2 are very simple, so I'll ask them all here.
I normally work in C++ with SQL (and sometimes with VBA), and I'm trying to figure out the basics of JS, PHP & HTML (I've mostly got the jist of HTML and CSS).
I have 5 different reference books plus the net, but one thing I can't seem to find anything about are the file exts (.js, .php, .html).
From my tests I have come to realize that you can usually run JS scripts in other file types, but PHP seems to require the .php ext.
So the questions are:
Do I always have to use *.php for PHP scripting?
In a SINGLE file, can I delay PHP execution by simply putting the code into a function?
eg
<?php
function test() {echo "hello world";}
//as opposed to:
echo "hello world";
?>
When using multiple files, are there any compelling reasons to (or not to) always put scripts in their corresponding file types (e.g. JS in *.js). Obviously this would make it easier to understand / read, especially as it grows BUT can this create problems?
No, you can use any extension you want. Even if you want, don't use extension at all. But then, tell your server what interpreter to use when he founds he has to parse a *.wtf file. I mean, you're running a the script "file.wtf" from the command line you can do it like this:
$>php file.wtf
but if the script is to be parsed by your favorite web server (like Apache) because it is part of (say) a web page, then you have to configure it to interpret .wtf files with the PHP library.
By simply putting it in a function:no. But you really want to delay execution, use the sleep function
Just what you said: You can mix html and javascript code in your php files, but that is very messy.
I have some html, that had a bunch of JS code inside a script tag. So I moved it to a separate .js file.
JS code also loaded some variables from CGI, using strings in a form of <%ejGet(var)%>. But after separating the code from HTML file, the strings don't get replaced with data from the server.
Is there a way to include a JS file as if it was written inside a script tag or is there another way to do this?
<script language="javascript">
<!-- hide
var syncNvram = '<%ejGetWl(wlSyncNvram)%>';
...about 1000 lines more...
</script>
So after moving this code to a separate file, the variables don't load.
The problem is that your <% ejGetWl(wlSyncNvram) %> is being executed on the server by some templating or processing engine before it gets sent to the browser, so the browser is actually seeing the output, e.g.
var syncNvram = 'abcdefg'; // or whatever the output is
The question you are really asking is, can my server side templating/processing engine process a javascript file as opposed to an html file.
The answer is, it depends on the template/processing engine, but in general, this is a bad idea. JS files should remain static assets for lots of good reasons (breaking code, distributing via CDNs, etc.)
The better thing to do is separate them out:
<script>var syncNvram = '<%ejGetWl(wlSyncNvram)%>';</script>
<script src="myfile.js"></script>
Declare it separately.
Even better might be using ajax to get it, but that is a whole different architecture which may not suit here.
To do that you need to generate the script from the CGI program.
<script src="/cgi-bin/example.js.cgi"></script>
Of course, that will be a different CGI program so getting the variables in the right state may be problematic.
Usually you would solve the problem using a different approach: include the data in the document (either in the script element or in an element such as a <meta> element, a hidden input or a data-* attribute on something relevant and then have a static script read the data from the DOM.
How can I add automatic language injection for PHP into JavaScript files?
When I add some PHP code into JavaScript the whole syntax highlighting messes up and I got a ton of errors.
I tried to add language injection with ALT+ENTER but I don't get PHP in my list of injections:
This won't work. The reason that it cannot be done is that when you load the javascript file in your browser, the PHP code will just appear as plain text, rather than actually be ran to produce the result that you want.
Just to reiterate, you cannot inject PHP code into Javascript files, what you can do however, is have inline javascript, within a file that can handle PHP. For example, if you want the variable contents, you'd have your JS file like follows:
$(function() {
loadSomething(varNameHere);
});
Then somewhere in the main body of the main, file somewhere that PHP can be ran, you can have this.
?>
<script> var varNameHere = "<?=$somePhp;?>"; </script>
<?php
While not ideal, this is a base example of how it'd work. Hope that helped.