0

I was wondering what the best way would be to pass a php object via AJAX.

for example

//objectClass = objectClass.php
$obj = new objectClass();
<a href="javascript:getOutput("some variable", $obj);

As the other file i.e. output.php (called through ajax in getOutput() function) needs to access objectClass.php as well, what is the best way to access $obj?

I tried to jscon_encode($obj) then decode but not working.

Thanks in advance

Improve this question
6
  • 1
    You could try PHP Object Serialization -- Perhaps serialize the object to transfer then unserialize it when it's received. Commented Dec 14, 2011 at 19:04
  • 1
    JSON is the way to go. Show your code. Commented Dec 14, 2011 at 19:04
  • 2
    Take care that while serialization is the simple alternative, unserializing is not without exploitability. The other option is just passing the object over the $_SESSION store. Commented Dec 14, 2011 at 19:07
  • @mario Am I correct in assuming you're speaking of a man-in-the-middle sort of situation where someone intercepts the serialized string and manipulates it? Just interested in your thought process ... Commented Dec 14, 2011 at 19:09
  • 1
    @rdlowrey: If it's accessible via AJAX or just a form really, then anyone could pass a specifically crafted serialize blob. Some class types can run passed code, and there were some overflowish exploits for it blog.nibbles.fr/1837 Commented Dec 14, 2011 at 19:13

2 Answers 2

Reset to default
2

Honestly, it's going to be easiest to just store the information that needs passed (in this case an object) in a session variable like @mario suggested. If you need it to be a dynamically named session variable, you could just pass the name(string) of the session variable via AJAX.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

json_encode is the best way.

You need to use ' instead of " for href argument, and add JSON_HEX_APOS option to json_encode to escape any ' in JSON.

Use it like this:

<?php
    //objectClass = objectClass.php
    $obj = new objectClass();
?>    
<a href='javascript:getOutput(<?php echo $some_variable ?>,<?php echo json_encode ($obj, JSON_HEX_APOS) ?>);'></a>

or

<?php
    //objectClass = objectClass.php
    $obj = new objectClass();    
    echo "<a href='javascript:getOutput($some_variable, " . json_encode ($obj, JSON_HEX_APOS) . " );'></a>"
?>

EDIT: If you have jQuery, I recommend using jQuery.parse () to load JSON. If not, you can use JSON.parse (), but I don't know if it's compatible with archaic browsers. Anyway you should be fine without them (just check for XSS on your server-side).

Improve this answer

2 Comments

thanks for you repsonse - when I decoded the JSON it was always empty :(
That's weird. Because this code works: pastebin.com/TFTGckZE Maybe you're class is wrong

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.