1

I created now a Javascript Code that get the php variable into javascript code, my issue that the php variable is important and I don't want any can see this variable is there is any way to do that by the way I tried to use obfuscator but it doesn't work because of the PHP code inside the Javascript code, let's say this is my Code, 

<?php
$var = "this is impotant";
?>
<script type="text/javascript">
    var javaScriptVar = "<?php echo $var; ?>";
</script>

So, is there any way to use PHP variables in Javascript code or hide the result of the PHP code?

Improve this question
1
  • To be on the safe side you should use var jsvar = <?php echo json_encode($var); ?>; Commented Jul 12, 2013 at 7:24

5 Answers 5

Reset to default
3

Nobody sees the PHP code. But if you expose values into Javascript, they are not secret anymore. There is no way to deal with this. You cannot use the value in Javascript and NOT reveal it.

If you want to keep process data secret on the server, and available for the next request of that user, use a session.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

People will only see the value of the variable. They wont know what it is or how important it is supposed to be. Nobody will see the variable name because the PHP code is executed BEFORE the page is sent to the client. Therefore there is no need to obfuscate the value, and you cant anyway since you need the value.

An example. if I use this PHP code in my file

<p>Hello Mr <?php echo $MY_SUPER_SECRET_VARIABLE ?></p>

the only thing people will be able to see in the source when the page loads is

<p>Hello Mr Bond</p>

The same rule applies if it is placed in Javascript

Improve this answer

5 Comments

Unless I misunderstand, not quite. Variable names in JS code are quite readable unless obfuscated.
I think you misunderstand. I was entirely talking about PHP code, which also applies to PHP tags inside a JS block. I wasn't talking about JS variables directly. I can see how it could be confusing though
Yep, I misunderstood then. Your phrasing is a tad ambiguous. Still, vote up from me.
@PlausibleSarge is there is any way to insert the php variable without echo it??
Well you can do what you want with it, but if you want to view the result of any calculations on it, you are going to have to echo something somewhere, even if it changes your page in different ways (like setting the href field in an image tag)
2

First you need to understand that Javascript is executed on the client side, every piece of code and variable are in some way accessible by someone with some programming background.

Although you can obfuscate the source code and encrypt the variable to make it harder to read, there is no 100% protection when things happen on client side.

Improve this answer

Comments

0

who wants to get the value, will get it. but you can

  • dynamically inject them via ajax
  • encode (base64 etc.) the value
  • obfuscate the code
Improve this answer

1 Comment

Injecting it via ajax, i.e. loading it in an own request, would make the value easier to sniff than embedding it in the html imho
0

PHP files will be interpreted into static (like html or xml format) file, means that all variables will be replaced with certain values.What users see is static, no php code displayed but just interpreted text.

Improve this answer

1 Comment

I mean how to hide the interpreted text

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.