What is the safest way of passing arguments from server-side PHP to client-side JavaScript [duplicate]
My favorite way is :
<?php$var = array( 'prop1' => 'value1', 'prop2' => 'value2', // ...);?><script type="text/javascript"> var varNameSpace = <?php echo json_encode($var); ?>; alert( varNameSpace.prop1 ); // -> 'value1'</script>
Using json_encode()
ensures that the values passed to Javascript are escaped and well formatted. Using a common variable container also prevents from over using the global space (window).
You might want to use JSON for this, it's really simple to use in both PHP (check json_encode()
) and JavaScript.
It's safe to use within <script>
-Tags and browsers which understand JavaScript. Note that the PHP function doesn't encode <
and >
.
Some example PHP:
$user = (object) array("name"=>"Joseph", "age"=>29, "email"=>"asdf@example.net");echo '<script type="text/javascript"> var user = '.json_encode($user).'; </script>';
I'd try to use JSON. Here is a link for you to php.net explaining how to do this.