3

I have been struggling with this kind of problem for a while now, and cannot seem to find any information or sample code to transfer some data between PHP and JavaScript. I saw many ways to do it, but not safely. What I mean exactly is , when you transfer some variable data between the systems, it is directly shown on the view-source window of your page, when it is loaded. What need exactly is a way to transfer the data, but silently and safely , so that it won't show up on the user-side when the page is loaded.

So in brief, is there a way to do this, and possible how ?

I have already tried, transferring the data with a XML file, JSON also, straight forward with echo + , or just after the ?> abbreviation in php. But every way I have used so far, is displayed in the source code of the page when loaded .

Improve this question
3
  • maybe an AJAX call from JS to get the value? or maybe encode it (base64) but if it is really important (like password) then nothing will help you. Commented Jun 29, 2012 at 12:17
  • What exactly are you trying to do ("passing parameters safely" isn't a description, "preventing the user from seeing the page's source code" is)? Commented Jun 29, 2012 at 12:17
  • 1
    Anything you do in JavaScript is accessible by the user, because it is client-side. PHP cannot literally pass 'variables' to JavaScript, since they happen in different places, at different times, and are, thus, unaware of each other's presence. PHP can only print out data, which JavaScript can intercept and act on. As Martin asked, tell us what precisely you're trying to achieve and we may be able to suggest an approach, but it doesn't sound like the one you have currently is viable. Commented Jun 29, 2012 at 12:22

1 Answer 1

Reset to default
4

What you are asking really isn't possible due to the nature of JavaScript and the web. There are ways of obfuscating the data, and hiding it away in xhttp / ajax requests that can only be requested once. But in order to send the data to the client, the client has to be able to read it, meaning that users that know what they are doing (i.e. have FireBug installed and can write JavaScript) can always decode it and see it.

If I were you I'd look at some simple forms of encoding or encrypting JSON (and request the data via ajax/xhttp over HTTPS) this will put off most people but the technically savvy will still be able to work out ways to decrypt the content. However, if the content needs to be 100% secure - from everybody, even the user actually using the site - then you don't want to be sending that data to the client at all.

Basically it boils down to what data you are actually sending? If it's a question of needing the data on the client-side to perform a specific calculation, ask yourself - Is it possible to send only the user input involved from JavaScript back to PHP (via ajax/xhttp) and then have PHP return the answer. That way PHP only ever need access to your sensitive data.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.