0

I used

<?php     
$myArr =  "foo" => "bar",
          "bar" => "foo",; 
$myVar =  "Word!";

echo '<script type="text/javascript">alert("The $myVar is print_r($myArr) ");</script>';
?>

To show an alert on the page. I take it is wrong, whats the right way of doing so?

KingsInnerSoul
  • 1,373
  • 4
  • 20
  • 49
  • 1
    it doesn't work bc thats not valid php – Jay Harris May 07 '14 at 15:37
  • I suspect the real issue is the missing square brackets around the values of $myArr - see my edit to Paul's answer. That, and the fact that print_r() won't run inside that string. – TML May 07 '14 at 15:42
  • 1
    I actually copy+paste'd the array from http://us2.php.net/manual/en/language.types.array.php and didnt copy it all, only for demo here – KingsInnerSoul May 07 '14 at 16:00

3 Answers3

3

You should always JSON-encode data used in the context of JavaScript. This makes the data safe for use, so you don't have to worry about injection or escaping.

<script>
  <?php 
      $myArr = array(1, 2, 3, 4, 5);
      $myVar = 'Word!';
      echo 'var myArr = ', json_encode($myArr), ';'; // var myArray = [1, 2, 3, 4, 5];
      echo 'var myVar = ', json_encode($myVar), ';'; // var myVar = "Word!";
  ?>

  console.log(myArr);
</script>
Brad
  • 159,648
  • 54
  • 349
  • 530
  • 1
    Shouldn't the echoed `var` statements be inside the ` – War10ck May 07 '14 at 15:38
  • All true - but for the sake of the OP, consider actually including the requested `alert()` instead of a normally-invisible `console.log()` – Paul Roub May 07 '14 at 15:43
  • 1
    @PaulRoub I chose not to because it complicates things, since he wanted something equivalent to `print_r()`. I didn't want to confuse him with stringifying it for display. This way, he gets an example of an array and a string and learns how to properly debug all in one go. – Brad May 07 '14 at 15:44
  • But I cant just drop it in the PHP code. Will that be a good solution if I am to have multiple snippets like that? – KingsInnerSoul May 07 '14 at 16:26
  • @KingsInnerSoul What do you mean? You can put the code wherever you want/need. – Brad May 07 '14 at 16:27
  • The code I showed above was only meant to to be used as a general example. My actual PHP is full page with forms and etc. Should I encapsulate the entire PHP code with the ` – KingsInnerSoul May 07 '14 at 16:29
  • @KingsInnerSoul No, of course not. You can open/close PHP tags as you need, or simply echo the ` – Brad May 07 '14 at 16:31
  • Thanks. I tried to `echo` the above code but I am getting error. Probably because of wrong `"` or `'` notation. What is the right way to `echo` it out? – KingsInnerSoul May 07 '14 at 16:46
  • `echo '';` – Brad May 07 '14 at 16:47
0

Like sean9999's answer, this one avoids polluting the global namespace, but in a more straightforward way, without PHP short tags.

<?php $bar = "qux"; ?>

<script>
;(function () {
    var foo = <?php echo json_encode($bar); ?>;
    alert(foo);
}());
</script>
Community
  • 1
  • 1
alexsomeoddpilot
  • 200
  • 1
  • 12
-1

Here's how you might do it in a way that limits potential for polluting the global namespace

<?php
$myArr =  ["foo" => "bar", "bar" => "foo"]; 
$myVar =  "Word!";
?>
<script>
;(function(myArr,myVar){
  "use strict";
  alert( myVar + ' is ' + JSON.stringify(myArr) );
})(<?= json_encode($myArr) ?>,'<?= $myVar ?>');
</script>
code_monk
  • 9,451
  • 2
  • 42
  • 41
  • Even though `$myVar` is a string, you must still escape it. While that string contains "Word!" today, it certainly won't always. Even if you did want to use it as a string, it's missing quotes. `json_encode()` everything used in the context of JavaScript and you don't have to worry about this. – Brad May 07 '14 at 15:51