How do I pass variables and data from PHP to JavaScript?

Question

I have a variable in PHP, and I need its value in my JavaScript code. How can I get my variable from PHP to JavaScript?

I have code that looks like this:

<?php
$val = $myService->getValue(); // Makes an API and database call

On the same page, I have JavaScript code that needs the value of the $val variable to be passed as a parameter:

<script>
    myPlugin.start($val); // I tried this, but it didn't work
    <?php myPlugin.start($val); ?> // This didn't work either
    myPlugin.start(<?=$val?>); // This works sometimes, but sometimes it fails
</script>

score 1030 · Accepted Answer · edited Dec 28 '22 at 18:43

1030

There are actually several approaches to do this. Some require more overhead than others, and some are considered better than others.

In no particular order:

Use AJAX to get the data you need from the server.
Echo the data into the page somewhere, and use JavaScript to get the information from the DOM.
Echo the data directly to JavaScript.

In this post, we'll examine each of the above methods, and see the pros and cons of each, as well as how to implement them.

1. Use AJAX to get the data you need from the server

This method is considered the best, because your server side and client side scripts are completely separate.

Pros

Better separation between layers - If tomorrow you stop using PHP, and want to move to a servlet, a REST API, or some other service, you don't have to change much of the JavaScript code.
More readable - JavaScript is JavaScript, PHP is PHP. Without mixing the two, you get more readable code on both languages.
Allows for asynchronous data transfer - Getting the information from PHP might be time/resources expensive. Sometimes you just don't want to wait for the information, load the page, and have the information reach whenever.
Data is not directly found on the markup - This means that your markup is kept clean of any additional data, and only JavaScript sees it.

Cons

Latency - AJAX creates an HTTP request, and HTTP requests are carried over network and have network latencies.
State - Data fetched via a separate HTTP request won't include any information from the HTTP request that fetched the HTML document. You may need this information (e.g., if the HTML document is generated in response to a form submission) and, if you do, will have to transfer it across somehow. If you have ruled out embedding the data in the page (which you have if you are using this technique) then that limits you to cookies/sessions which may be subject to race conditions.

Implementation Example

With AJAX, you need two pages, one is where PHP generates the output, and the second is where JavaScript gets that output:

get-data.php

/* Do some operation here, like talk to the database, the file-session
 * The world beyond, limbo, the city of shimmers, and Canada.
 *
 * AJAX generally uses strings, but you can output JSON, HTML and XML as well.
 * It all depends on the Content-type header that you send with your AJAX
 * request. */

echo json_encode(42); // In the end, you need to `echo` the result.
                      // All data should be `json_encode`-d.

                      // You can `json_encode` any value in PHP, arrays, strings,
                      // even objects.

index.php (or whatever the actual page is named like)

<!-- snip -->
<script>
    fetch("get-data.php")
        .then((response) => {
            if(!response.ok){ // Before parsing (i.e. decoding) the JSON data,
                              // check for any errors.
                // In case of an error, throw.
                throw new Error("Something went wrong!");
            }

            return response.json(); // Parse the JSON data.
        })
        .then((data) => {
             // This is where you handle what to do with the response.
             alert(data); // Will alert: 42
        })
        .catch((error) => {
             // This is where you handle errors.
        });
</script>
<!-- snip -->

The above combination of the two files will alert 42 when the file finishes loading.

Some more reading material

2. Echo the data into the page somewhere, and use JavaScript to get the information from the DOM

This method is less preferable to AJAX, but it still has its advantages. It's still relatively separated between PHP and JavaScript in a sense that there is no PHP directly in the JavaScript.

Pros

Fast - DOM operations are often quick, and you can store and access a lot of data relatively quickly.

Cons

Potentially Unsemantic Markup - Usually, what happens is that you use some sort of <input type=hidden> to store the information, because it's easier to get the information out of inputNode.value, but doing so means that you have a meaningless element in your HTML. HTML has the <meta> element for data about the document, and HTML 5 introduces data-* attributes for data specifically for reading with JavaScript that can be associated with particular elements.
Dirties up the Source - Data that PHP generates is outputted directly to the HTML source, meaning that you get a bigger and less focused HTML source.
Harder to get structured data - Structured data will have to be valid HTML, otherwise you'll have to escape and convert strings yourself.
Tightly couples PHP to your data logic - Because PHP is used in presentation, you can't separate the two cleanly.

Implementation Example

With this, the idea is to create some sort of element which will not be displayed to the user, but is visible to JavaScript.

index.php

<!-- snip -->
<div id="dom-target" style="display: none;">
    <?php
        $output = "42"; // Again, do some operation, get the output.
        echo htmlspecialchars($output); /* You have to escape because the result
                                           will not be valid HTML otherwise. */
    ?>
</div>
<script>
    var div = document.getElementById("dom-target");
    var myData = div.textContent;
</script>
<!-- snip -->

3. Echo the data directly to JavaScript

This is probably the easiest to understand.

Pros

Very easily implemented - It takes very little to implement this, and understand.
Does not dirty source - Variables are outputted directly to JavaScript, so the DOM is not affected.

Cons

Tightly couples PHP to your data logic - Because PHP is used in presentation, you can't separate the two cleanly.

Implementation Example

Implementation is relatively straightforward:

<!-- snip -->
<script>
    var data = <?php echo json_encode("42", JSON_HEX_TAG); ?>; // Don't forget the extra semicolon!
</script>
<!-- snip -->

Good luck!

edited Dec 28 '22 at 18:43

Sebastian Simon

18,263
7
55
75

answered May 19 '14 at 14:37

Madara's Ghost

172,118
50
264
308

15

What about the significant overhead and code complexity asynchronousity introduces when making an AJAX request? When working on a JavaScript light website - making an AJAX request is tedious and not best practices. – Benjamin Gruenbaum May 19 '14 at 14:44
What's your opinion of using some kind of templating system which doesn't necessarily depend on PHP? For example, `` in your template, and `$my_template->bind('my_variable', 42); $my_template->display();` in your PHP. Later, you decide to switch to say C# and get a C# library for your particular template system, and nothing in the template is altered. Now your codebehind reads `myTemplate.Bind("my_variable", 42); myTemplate.Display();` – Brian S May 19 '14 at 16:13
1

It's not much different from approach 3 except it's not as flexible. @Brian – Madara's Ghost May 19 '14 at 16:15
Could you elaborate? Assuming you have a robust template engine with available libraries in multiple languages, I don't think any of the cons you've listed in #3 apply. (Admittedly, I'm not aware of a good engine available in multiple languages in the real world, but speaking theoretically.) I can see "less flexible," as you would be limited to the template engine's capabilities, rather than a full-featured language... but that can also help you avoid traps of business logic in your presentation. Of course user input could be a problem, but sanitizing user input is _always_ a problem. – Brian S May 19 '14 at 16:24
@BrianS just a side note - if your run PHP in .net and then access it via C# if you want. – Benjamin Gruenbaum May 19 '14 at 16:43
@SecondRikudo In method 2, in the example, the data is printed into the node value of an HTML text node. Problems are: (i.) whitespaces and newlines could be messed up (at least that's what jQuery says about [`.text()`](http://api.jquery.com/text/#text)) (may be undesirable). (ii.) Search engines would think that it is content and display it in SERPs (may be undesirable). Not sure if printing the data into HTML node attributes (e.g. HTML5 `data-*`) can solve (i.), but it can definitely solve (ii.). – Pang May 21 '14 at 02:18
1

@SecondRikudo Anyway I suggest you to break method 2 into 2a (use text node value) and 2b (use node attribute) and list all pros & cons (unless one is definitely better than the other). – Pang May 21 '14 at 02:19
9

@SecondRikudo In method 3, that example can kill the website. Example: `'; echo json_encode($output); ?>`. See [this question](http://stackoverflow.com/q/20942452/1402846) for details. Solution: Use [`JSON_HEX_TAG`](http://www.php.net/manual/en/json.constants.php#constant.json-hex-tag) to escape `<` and `>` (requires PHP 5.3.0). – Pang May 21 '14 at 02:23
@SecondRikudo One more "con" you can add. For method 1, the search engines won't see the data because they don't execute Javascript (mostly), so if content is presented from those data, your web page is going to appear to have less content to search engines than to Javascript-enabled browsers. Same goes for method 3, because the data is within in the Javascript tags. For method 2, the data may look garbled, but they are at least visible to search engines. – Pang May 22 '14 at 01:03
2

Google executes JavaScript. So that argument had little merit. @Pang – Madara's Ghost May 22 '14 at 06:01
1

@Ryan Well, it's hard to find out what's wrong with it with that kind of comment. If you feel you can do better, please answer. If it's better than this one, I'll move the accept mark to you. – Madara's Ghost Apr 14 '15 at 07:07
"Potentially Unsemantic Markup": People don't use any more. data-* attributes are appropriate and not unsemantic. "Dirties Up the Source": If you need to use AJAX anyway, then that may be true, but if it's relevant to the context then it has to go somewhere. "Harder to get structured data": Not really true. Whether it's JSON in a HTTP request or a data-* attribute doesn't make much difference. But true for binary data. "Tightly couples PHP to your data logic" Data has to be coupled to the view somehow. And decoupling has overhead in terms of performance and complexity. – Ryan Apr 14 '15 at 07:47
3

"People don't use X anymore", you'd be surprised. HTML is for content, not data. data-* attributes are almost always abused today to break the separation of concerns. How do you test code that was generated server-side? How do you mock the data for demonstration purposes? – Madara's Ghost Apr 14 '15 at 08:10
var data = ; no longer seems to work. It returns an "unexpected token <" error. Any hints on the proper syntax here? – Atlas Mar 22 '16 at 19:34
Found the answer: see http://www.abeautifulsite.net/passing-data-from-php-to-javascript/ – Atlas Mar 22 '16 at 20:16
Note: method 3 is insecure if you're outputting user-inputted data. You _must_ either add `/* <![CDATA[ */` before and `/* ]]> */` after the code, or use the `JSON_HEX_TAG` parameter in `json_encode`; otherwise, it opens up your website to attack. [As Pang noted](http://stackoverflow.com/questions/23740548/how-to-pass-variables-and-data-from-php-to-javascript#comment36558044_23740549), if `"42"` is instead `" – Hutch Moore Jun 28 '16 at 15:38
@HutchMoore Adding CDATA was a requirement when we still used XHTML, it holds no meaning in HTML5, isn't required, and won't have any security benefits. [What does <![CDATA[ in XML mean?](https://stackoverflow.com/q/2784183) – Madara's Ghost Jun 29 '16 at 06:59
@MadaraUchiha whoops, you're right. I'm not sure what I was thinking there. (That would've prevented that attack in XHTML, though, right?) My latter point with `JSON_HEX_TAG` still stands, though. – Hutch Moore Jun 29 '16 at 14:30
"The world beyond, limbo, the city of shimmers, and Canada." That is where all data goes, my dudes. Canada. Anyway, my only problem with this is that this implies that the data we want in the first example a asynchronous. However, if we're generating jQuery for page styling, the last usage scenario is the easiest. The second example is a cleaner, and robust method versus the third, due to it inherently being easy to read. To the end user, they can't see it, so mugging the waters 2 miles ahead, the viewer won't see but the front of what they're glancing. End analogy. – Christopher 'Solidus' DeJong Jul 11 '16 at 17:39
4

One big problem with the third approach is that it breaks if you have a CSP policy that does not permit `unsafe-inline` for `script-src`. This is a primary driver for wanting to do one of the other two approaches, though Using ajax to retrieve single values (that you probably have in-hand at the time the page's PHP is run) is wasteful and inefficient, meaning that the second approach is the easiest to live with. An easy way to handle larger data items is to put data in a `script` element with an `application/json` type, which won't break CSP. – Synchro Aug 11 '17 at 08:06
1

This article also recommends to print data in the DOM instead of using AJAX and uses `json_encode($data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES);` https://mathiasbynens.be/notes/json-dom-csp – baptx Aug 27 '18 at 18:13
2

A 4th solution would be to generate dynamically an external JavaScript file, it would have the advantage to separate HTML code from the data, avoid unnecessary DOM operations and be compatible with CSP (like @Synchro wrote) but it comes with an additional HTTP request. I am not sure if it is the best solution though. Someone wrote an answer about this solution here: https://stackoverflow.com/questions/23740548/how-to-pass-variables-and-data-from-php-to-javascript/30312028#30312028 – baptx Aug 27 '18 at 18:48
Inside a ``js`` ``function`` in a separate file, last method gives ``Unexpected token '<'`` error, and if ``";`` is used then data is not retrieved! – quanta May 10 '20 at 04:17
@quanta If the JavaScript is written within PHP, this sort of thing can solve the problem: `echo ''` – CubicInfinity Dec 20 '21 at 19:54
1

The high score and number of comments this excellent answer has received emphasize how unsatisfactory JavaScript is in relation to the issue raised by the question. What makes it even worse is that instructing Ajax to be synchronous is now deprecated (https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/open). It seems that the enthusiasm for the wonders of asynchronous code have blinded people to the fact that some (or perhaps most?) algorithms need to be executed in a defined order. I think it is ridiculous to put invisible data into HTML but probably the best available option. – user3425506 Jul 16 '22 at 15:11
Another variation is to simply embed XML in a – Tod Harter Oct 18 '22 at 19:39
1 is the best option, except that the variable exists only inside the function but we can pass it as a parameter to other functions – wings77 May 05 '23 at 12:20

score 114 · Answer 2 · edited Aug 23 '21 at 16:18

114

I usually use data-* attributes in HTML.

<div
    class="service-container"
    data-service="<?= htmlspecialchars($myService->getValue()) ?>"
>

</div>

<script>
    $(document).ready(function() {
        $('.service-container').each(function() {
            var container = $(this);
            var service = container.data('service');

            // Var "service" now contains the value of $myService->getValue();
        });
    });
</script>

This example uses jQuery, but it can be adapted for another library or vanilla JavaScript.

You can read more about the dataset property here: https://developer.mozilla.org/en-US/docs/Web/API/HTMLElement.dataset

edited Aug 23 '21 at 16:18

miken32

42,008
16
111
154

answered May 22 '14 at 17:14

Hayley

2,977
3
18
16

5

I agree, not wanting to over-analyze and implement a fancy solution for a simple problem. This method separates PHP from Javascript, so that PHP still generates the HTML only, while Javascript can be external to the PHP file. – alds Jul 30 '14 at 16:32
2

I agree this is the best option. It solves all the security issues, without the latency. You can keep JS entirely out of your HTML pages. HTML needs to be served by the application server, but JS (and CSS) does not. It's also more semantic. – Ryan Apr 14 '15 at 02:26
This will break if the data includes `"` characters. You need to escape data for HTML before dumping it into an attribute value. – Quentin Aug 19 '15 at 14:23
1

@Quentin You should escape ALL output, unless the output is HTML itself. – Hayley Oct 28 '15 at 23:57
2

@asdasd — Well yes, I was just addressing the specific problem with the code in your answer rather than the general case. – Quentin Oct 28 '15 at 23:59
If the data echoed by PHP can be manipulated by the user, you'll need to use the [htmlspecialchars() function](http://php.net/manual/en/function.htmlspecialchars.php) to make sure the HTML is valid. Take the scenario where `$myService->getValue()` returns the malicous string `"> ` – hostingutilities.com Dec 16 '16 at 00:34
This looks the best solution to me, like other people are saying in their comments. Now is there any difference or preference to use other tags like `script` or `meta` this way, instead of `div`? I wonder if there is any best practice for this kind of tag usage. – kanji Feb 12 '18 at 13:13
1

@kanji – there's no best practice; `div` is fine, but you can use any tag you like; has to be in the `body` though. – Timm Oct 11 '18 at 23:09
1

Just remember to hide the service container: `
<\div>`.
– Timm Oct 11 '18 at 23:58
One of the best solution but of course not only the solution – Saurabh Chandra Patel May 25 '19 at 18:45
@yuikonnu ¿How can i adapt this code to vanilla javascript? ¿May you help me please? My plan is like your example: Print a value with php on a tag,take that value with JS(ajax),send it to the .php file where i make a query to a bd and then send the result to a
– luis Jan 03 '21 at 15:38

score 100 · Answer 3 · edited Dec 05 '22 at 23:37

I'm going to try a simpler answer:

Explanation of the problem

First, let's understand the flow of events when a page is served from our server:

First PHP is run, it generates the HTML that is served to the client.
Then, PHP "dies" (i.e. it literally stops running) as that HTML is delivered to the client. I'd like to emphasize that once the code leaves the server, PHP has stopped being part of the page load, and the server has no access access to it anymore.
Then, when the HTML with JavaScript reaches the client, that can then execute the JavaScript on that HTML, provided it is valid Javascript.

So really, the core thing to remember here is that HTTP is stateless. Once a request left the server, the server can not touch it. So, that leaves our options to:

Send more requests from the client after the initial request is done.
Encode what the server had to say in the initial request.

Solutions

That's the core question you should be asking yourself is:

Am I writing a website or an application?

Websites are mainly page based, and the page load times needs to be as fast as possible (for example - Wikipedia). Web applications are more AJAX heavy and perform a lot of round trips to get the client fast information (for example - a stock dashboard).

Website

Sending more requests from the client after the initial request is done is slow as it requires more HTTP requests which have significant overhead. Moreover, it requires asynchronousity as making an AJAX request requires a handler for when it's complete.

I would not recommend making another request unless your site is an application for getting that information from the server.

You want fast response times which have a huge impact on conversion and load times. Making Ajax requests is slow for the initial uptime in this case and unneeded.

You have two ways to tackle the issue

Set a cookie - cookies are headers sent in HTTP requests that both the server and client can read.
Encode the variable as JSON - JSON looks very close to JavaScript objects and most JSON objects are valid JavaScript variables.

Setting a cookie is really not very difficult, you just assign it a value:

setcookie("MyCookie", $value); // Sets the cookie to the value, remember, do not
                               // Set it with HTTP only to true.

Then, you can read it with JavaScript using document.cookie:

Here is a short hand rolled parser, but the answer I linked to right above this has better tested ones:

var cookies = document.cookie.split(";").
    map(function(el){ return el.split("="); }).
    reduce(function(prev,cur){ prev[cur[0]] = cur[1]; return prev },{});
alert(cookies["MyCookie"]); // Value set with PHP.

Cookies are good for a little data. This is what tracking services often do.

Once we have more data, we can encode it with JSON inside a JavaScript variable instead:

<script>
    var myServerData = <?=json_encode($value)?>; // Don't forget to sanitize
                                                 //server data
</script>

Assuming $value is json_encodeable on the PHP side (it usually is). This technique is what Stack Overflow does with its chat for example (only using .NET instead of PHP).

Application

If you're writing an application - suddenly the initial load time isn't always as important as the ongoing performance of the application, and it starts to pay off to load data and code separately.

My answer here explains how to load data using AJAX in JavaScript:

function callback(data){
    // What do I do with the response?
}

var httpRequest = new XMLHttpRequest;
httpRequest.onreadystatechange = function(){
    if (httpRequest.readyState === 4) { // Request is done
        if (httpRequest.status === 200) { // successfully
            callback(httpRequest.responseText); // We're calling our method
        }
    }
};
httpRequest.open('GET', "/echo/json");
httpRequest.send();

Or with jQuery:

$.get("/your/url").done(function(data){
    // What do I do with the data?
});

Now, the server just needs to contain a /your/url route/file that contains code that grabs the data and does something with it, in your case:

<?php
$val = myService->getValue(); // Makes an API and database call
header("Content-Type: application/json"); // Advise client of response type
echo json_encode($val); // Write it to the output

This way, our JavaScript file asks for the data and shows it rather than asking for code or for layout. This is cleaner and starts to pay off as the application gets higher. It's also better separation of concerns and it allows testing the client side code without any server side technology involved which is another plus.

Postscript: You have to be very aware of XSS attack vectors when you inject anything from PHP to JavaScript. It's very hard to escape values properly and it's context sensitive. If you're unsure how to deal with XSS, or unaware of it - please read this OWASP article, this one and this question.

Nitpick: There is no such thing as a "JSON object" (aside from the one that has the `parse` and `stringify` methods). JSON is by definition a sequence of characters. — cHao, May 20 '14 at 01:47
@cHao more generally - encodings are defined as a sequence of characters and the existence of conceptual objects is a philosophical one. However, there are such things as JSON objects and they are defined by the JSON grammar. `{}` is a valid JSON object - see http://json.org — Benjamin Gruenbaum, May 20 '14 at 03:12
If you're using that definition, though, then *all* "JSON objects" are valid in JS. — cHao, May 20 '14 at 05:21
@cHao note the subtlety: JavaScript has its [notion of object](http://es5.github.io/#x8.6) and JSON has its [notion of object](http://tools.ietf.org/html/rfc4627#section-2.2) - they are not the same. When people misuse the term "JSON object" they mean a JS object, where in JavaScript land - JSON is used as a data serialization format and JSON objects appear inside _strings_ (kind of like SQL queries in server-side languages). However, in this answer the JSON method relies on the fact that _most_ JSON objects are also valid JavaScript object so we write a JSON object into JavaScript code. — Benjamin Gruenbaum, May 20 '14 at 06:02
JSON is a strict subset of JS's syntax for literals. If it's valid JSON as text, then by definition, it's already valid JS when echoed as code. — cHao, May 20 '14 at 13:42
@cHao JSON is _really not_ a strict subset of JS's syntax for literals, however - yes, that's the trick :) — Benjamin Gruenbaum, May 20 '14 at 13:43
OK, you need to show off this valid JSON that would be invalid JS. Cause i certainly haven't seen it. — cHao, May 20 '14 at 14:45
@cHao Ah, but I've foreseen this moment yesterday :) http://stackoverflow.com/questions/23752156/are-all-json-objects-also-valid-javascript-objects — Benjamin Gruenbaum, May 20 '14 at 14:45
OK, you got me there. :) It's still safe, though; PHP's default behavior is to escape such characters (along with other non-ASCII chars), so they never make their way into the output except as `\u2028` etc. You'd have to explicitly tell it not to do that. — cHao, May 20 '14 at 15:02
why I have to sanitize the data? I am sending it from server and I am fully aware what it is, then why sanitize? — avi, Jun 28 '14 at 11:38
@avi: Trusting incoming data means putting huge amounts of faith in its source. And by "source", i don't mean just your server's ajax handler script -- i also mean the code that stored the data being used, and any user that might have input data that's being used, and (unless you're using HTTPS) even the routers between the user and your server that forward the data along. If you can prove that there is absolutely no way injection can occur, sanitizing might be overkill. But that level of certainty is pretty rare. — cHao, Aug 14 '14 at 23:18

Jessé Catrinck · Answer 4 · 2017-01-18T18:23:31.670

54

<script>
  var jsvar = <?php echo json_encode($PHPVar); ?>;
</script>

json_encode() requires:

PHP 5.2.0 or more
$PHPVar encoded as UTF-8, Unicode.

edited Jan 18 '17 at 18:23

answered Jul 18 '14 at 22:00

Jessé Catrinck

2,227
19
20

score 33 · Answer 5 · answered Apr 13 '15 at 18:59

33

Simply use one of the following methods.

<script type="text/javascript">
var js_variable  = '<?php echo $php_variable;?>';
<script>

OR

<script type="text/javascript">
    var js_variable = <?php echo json_encode($php_variable); ?>; 
</script>

answered Apr 13 '15 at 18:59

Nishant Mendiratta

760
13
25

5

What value does this add over existing answers? – Benjamin Gruenbaum Apr 13 '15 at 18:59
8

Keeping it simple and straight. For all users who do have much time to dig into deep explaination – Nishant Mendiratta Apr 13 '15 at 19:06
May be this is a silly question, but I am absolutely new to PHP world. Once we write the above code in .php file, how do I access the "js_variable" in my JavaScript file or my "index.html" file? – Ankit Prajapati Jun 25 '18 at 15:07
@AnkitPrajapati Try to access it by checking document ready state. Using following script. `document.onreadystatechange = () => { if (document.readyState === 'complete') { // document ready alert(js_variable) } };` – Nishant Mendiratta Jun 26 '18 at 06:42

score 13 · Answer 6 · edited Jul 16 '19 at 00:10

I quite like the way the WordPress works with its enqueue and localize functions, so following that model, I wrote a simple class for putting a scripts into page according to the script dependencies, and for making additional data available for the script.

class mHeader {

    private $scripts = array();

    /**
     * @param string $id        Unique script identifier
     * @param string $src      Script src attribute
     * @param array  $deps       An array of dependencies ( script identifiers ).
     * @param array  $data       An array, data that will be json_encoded and available to the script.
     */
    function enqueue_script($id, $src, $deps = array(), $data = array()) {
        $this->scripts[$id] = array('src' => $src, 'deps' => $deps, 'data' => $data);
    }

    private function dependencies($script) {
        if ($script['deps']) {
            return array_map(array($this, 'dependencies'), array_intersect_key($this->scripts, array_flip($script['deps'])));
        }
    }

    private function _unset($key, &$deps, &$out) {
        $out[$key] = $this->scripts[$key];
        unset($deps[$key]);
    }

    private function flattern(&$deps, &$out = array()) {

        foreach($deps as $key => $value) {
            empty($value) ? $this->_unset($key, $deps, $out) : $this->flattern( $deps[$key], $out);
        }
    }

    function print_scripts() {

        if (!$this->scripts)
            return;

        $deps = array_map(array($this, 'dependencies'), $this->scripts);
        while ($deps)
            $this->flattern($deps, $js);

        foreach($js as $key => $script) {
            $script['data'] && printf("<script> var %s = %s; </script>" . PHP_EOL, key($script['data']), json_encode(current( $script['data'])));
            echo "<script id=\"$key-js\" src=\"$script[src]\" type=\"text/javascript\"></script>" . PHP_EOL;
        }
    }
}

The call to the enqueue_script() function is for adding script, setting the source and dependencies on other scripts, and additional data needed for the script.

$header = new mHeader();

$header->enqueue_script('jquery-ui', '//ajax.googleapis.com/ajax/libs/jqueryui/1.10.4/jquery-ui.min.js', array('jquery'));
$header->enqueue_script('jquery', '//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js');
$header->enqueue_script('custom-script', '//custom-script.min.js', array('jquery-ui'), array('mydata' => array('value' => 20)));

$header->print_scripts();

And, print_scripts() method of the above example will send this output:

<script id="jquery-js" src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js" type="text/javascript"></script>
<script id="jquery-ui-js" src="//ajax.googleapis.com/ajax/libs/jqueryui/1.10.4/jquery-ui.min.js" type="text/javascript"></script>
<script> var mydata = {"value":20}; </script>
<script id="custom-script-js" src="//custom-script.min.js" type="text/javascript"></script>

Regardless the fact that the script 'jquery' is enqueued after the 'jquery-ui', it is printed before because it is defined in 'jquery-ui' that it depends on 'jquery'. Additional data for the 'custom-script' are inside a new script block and are placed in front of it, it contains mydata object that holds additional data, now available to 'custom-script'.

score 12 · Answer 7 · edited Jul 16 '19 at 00:04

12

Try this:

<?php
    echo "<script> var x = " . json_encode($phpVariable) . "</script>";
?>

--

-After trying this for a while

Although it works, however it slows down the performance. As PHP is a server-side script while JavaScript is a user side.

edited Jul 16 '19 at 00:04

Peter Mortensen

30,738
21
105
131

answered Sep 02 '14 at 10:04

Yosra Nagati

780
2
8
26

4

*We're looking for long answers that provide some explanation and context. Don't just give a one-line answer; explain why your answer is right, ideally with citations. Answers that don't include explanations may be removed.* This is written on the question. – Madara's Ghost Sep 02 '14 at 10:09
5

nothing much to explain write down your php variable in a – Yosra Nagati Sep 02 '14 at 10:42
6

Are you sure? Have you seen the top answer to this question? It explains quite a bit. Not to mention that your solution is not secure. `$phpVariable = '42"; alert("I am evil!");';` – Madara's Ghost Sep 02 '14 at 10:43
1

is echo added here to print it on web page having this php code in it or is it just the part of syntax to put data into js variable.@YosraNagati – Sumit Singh Apr 11 '15 at 08:20
it is here to enable javascript to access it – Yosra Nagati Apr 14 '15 at 12:47

score 11 · Answer 8 · edited Sep 01 '21 at 19:19

11

I have come out with an easy method to assign JavaScript variables using PHP.

It uses HTML5 data attributes to store PHP variables and then it's assigned to JavaScript on page load.

Example:

<?php
    $variable_1 = "QNimate";
    $variable_2 = "QScutter";
?>
    <span id="storage" data-variable-one="<?php echo $variable_1; ?>" data-variable-two="<?php echo $variable_2; ?>"></span>
<?php

Here is the JavaScript code

var variable_1 = undefined;
var variable_2 = undefined;

window.onload = function(){
    variable_1 = document.getElementById("storage").getAttribute("data-variable-one");
    variable_2 = document.getElementById("storage").getAttribute("data-variable-two");
}

edited Sep 01 '21 at 19:19

miken32

42,008
16
111
154

answered Jan 19 '15 at 15:04

qnimate

511
3
9

4

While data attributes are a reasonable solution to the problem, you end up with a similar problem to the original question if you don't escape the data in them. It's just you need to escape them for HTML instead of JS. – Quentin Aug 19 '15 at 14:22
This strategy was already detailed in [another answer](https://stackoverflow.com/a/23813274/1255289). – miken32 Sep 01 '21 at 19:20

score 10 · Answer 9 · edited Jan 28 '19 at 12:35

Convert the data into JSON
Call AJAX to recieve JSON file
Convert JSON into Javascript object

Example:

STEP 1

<?php

   $servername = "localhost";
   $username = "";
   $password = "";
   $dbname = "";
   $conn = new mysqli($servername, $username, $password, $dbname);

   if ($conn->connect_error) {
      die("Connection failed: " . $conn->connect_error);
   } 

   $sql = "SELECT id, name, image FROM phone";
   $result = $conn->query($sql);

   while($row = $result->fetch_assoc()){ 
      $v[] = $row;    
   }

  echo json_encode($v);

  $conn->close();
?>

STEP 2

function showUser(fnc) {
   var xhttp = new XMLHttpRequest();

   xhttp.onreadystatechange = function() {
      if (this.readyState == 4 && this.status == 200) {
         // STEP 3    
         var p = JSON.parse(this.responseText);
      }
   }
}

score 9 · Answer 10 · edited Jul 16 '19 at 00:01

myPlugin.start($val); // Tried this, didn't work

It doesn't work because $val is undefined as far as JavaScript is concerned, i.e. the PHP code did not output anything for $val. Try viewing the source in your browser and here is what you'll see:

myPlugin.start(); // I tried this, and it didn't work

And

<?php myPlugin.start($val); ?> // This didn't work either

This doesn't work because PHP will try to treat myPlugin as a constant and when that fails it will try to treat it as the string 'myPlugin' which it will try to concatenate with the output of the PHP function start() and since that is undefined it will produce a fatal error.

And

 myPlugin.start(<?=$val?> // This works sometimes, but sometimes it fails

While this is most likely to work, since the PHP code is producing valid JavaScript with the expected arguments, if it fails, chances are it's because myPlugin isn't ready yet. Check your order of execution.

Also you should note that the PHP code output is insecure and should be filtered with json_encode().

EDIT

Because I didn't notice the missing parenthesis in myPlugin.start(<?=$val?> :-\

As @Second Rikudo points out, for it to work correctly $val would need to contain the closing parenthesis, for example: $val="42);"

Meaning that the PHP will now produce myPlugin.start(42); and will work as expected when executed by the JavaScript code.

JSON encode your data: `myPlugin.start(=json_encode($val)?>);` — kingprawn, Jan 30 '15 at 08:57

score 6 · Answer 11 · edited Jul 16 '19 at 00:25

6

Here is is the trick:

Here is your 'PHP' to use that variable:

<?php
    $name = 'PHP variable';
    echo '<script>';
    echo 'var name = ' . json_encode($name) . ';';
    echo '</script>';
?>

Now you have a JavaScript variable called 'name', and here is your JavaScript code to use that variable:
```
<script>
     console.log("I am everywhere " + name);
</script>
```

edited Jul 16 '19 at 00:25

Peter Mortensen

30,738
21
105
131

answered Jul 13 '17 at 15:36

Ramin Taghizada

125
2
9

Is there any way to get it so that it doesnt actually print into the source code? I have a massive array that I am passing, and it clogs up the source. – William Howley Aug 12 '17 at 18:06
1

Can you provide an example test case ? – Ramin Taghizada Aug 15 '17 at 13:22
1

Isn't this same as "3. Echo the data directly to JavaScript" in [this answer](https://stackoverflow.com/a/23740549/1646699)? That one looks even better. – kanji Feb 12 '18 at 12:04

score 3 · Answer 12 · edited Jul 16 '19 at 00:30

Let's say your variable is always integer. In that case this is easier:

<?PHP
    $number = 4;

    echo '<script>';
    echo 'var number = ' . $number . ';';
    echo 'alert(number);';
    echo '</script>';
?>

Output:

<script>var number = 4;alert(number);</script>

Let's say your variable is not an integer, but if you try above method you will get something like this:

<script>var number = abcd;alert(number);</script>

But in JavaScript this is a syntax error.

So in PHP we have a function call json_encode that encode string to a JSON object.

<?PHP
    $number = 'abcd';

    echo '<script>';
    echo 'var number = ' . json_encode($number) . ';';
    echo 'alert(number);';
    echo '</script>';
?>

Since abcd in JSON is "abcd", it looks like this:

<script>var number = "abcd";alert(number);</script>

You can use same method for arrays:

<?PHP
    $details = [
    'name' => 'supun',
    'age' => 456,
    'weight' => '55'
    ];

    echo '<script>';
    echo 'var details = ' . json_encode($details) . ';';
    echo 'alert(details);';
    echo 'console.log(details);';
    echo '</script>';
?>

And your JavaScript code looks like this:

<script>var details = {"name":"supun","age":456,"weight":"55"};alert(details);console.log(details);</script>

Console output

score 1 · Answer 13 · edited Jul 16 '19 at 00:24

I'll assume that the data to transmit is a string.

As other commenters have stated, AJAX is one possible solution, but the cons outweigh the pros: it has a latency and it is harder to program (it needs the code to retrieve the value both server- and client-side), when a simpler escaping function should suffice.

So, we're back to escaping. json_encode($string) works if you encode the source string as UTF-8 first in case it is not already, because json_encode requires UTF-8 data. If the string is in ISO-8859-1 then you can simply use json_encode(utf8_encode($string)); otherwise you can always use iconv to do the conversion first.

But there's a big gotcha. If you're using it in events, you need to run htmlspecialchars() on the result in order to make it correct code. And then you have to either be careful to use double quotes to enclose the event, or always add ENT_QUOTES to htmlspecialchars. For example:

<?php
    $myvar = "I'm in \"UTF-8\" encoding and I have <script>script tags</script> & ampersand!";
    // Fails:
    //echo '<body onload="alert(', json_encode($myvar), ');">';
    // Fails:
    //echo "<body onload='alert(", json_encode($myvar), ");'>";
    // Fails:
    //echo "<body onload='alert(", htmlspecialchars(json_encode($myvar)), ");'>";

    // Works:
    //echo "<body onload='alert(", htmlspecialchars(json_encode($myvar), ENT_QUOTES), ");'>";
    // Works:
    echo '<body onload="alert(', htmlspecialchars(json_encode($myvar)), ');">';

    echo "</body>";

However, you can't use htmlspecialchars on regular JavaScript code (code enclosed in <script>...</script> tags). That makes use of this function prone to mistakes, by forgetting to htmlspecialchars the result when writing event code.

It's possible to write a function that does not have that problem, and can be used both in events and in regular JavaScript code, as long as you enclose your events always in single quotes, or always in double quotes. Here is my proposal, requiring them to be in double quotes (which I prefer):

<?php
    // Optionally pass the encoding of the source string, if not UTF-8
    function escapeJSString($string, $encoding = 'UTF-8')
    {
        if ($encoding != 'UTF-8')
            $string = iconv($encoding, 'UTF-8', $string);
        $flags = JSON_HEX_TAG|JSON_HEX_AMP|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_UNESCAPED_SLASHES;
        $string = substr(json_encode($string, $flags), 1, -1);
        return "'$string'";
    }

The function requires PHP 5.4+. Example usage:

<?php
    $myvar = "I'm in \"UTF-8\" encoding and I have <script>script tags</script> & ampersand!";
    // Note use of double quotes to enclose the event definition!
    echo '<body onload="alert(', escapeJSString($myvar), ');">';
    // Example with regular code:
    echo '<script>alert(', escapeJSString($myvar), ');</script>';
    echo '</body>';

score 1 · Answer 14 · edited Jul 16 '19 at 00:31

After much research, I found the easiest method is to pass all kinds of variables easily.

In the server script, you have two variables, and you are trying to send them to the client scripts:

$php_var1 ="Hello world";
$php_var2 ="Helloow";
echo '<script>';
echo 'var js_variable1= ' . json_encode($php_var1) . ';';
echo 'var js_variable2= ' . json_encode($php_var2) . ';';
echo '</script>';

In any of your JavaScript code called on the page, simply call those variables.

score 1 · Answer 15 · answered Nov 30 '19 at 16:02

PHP

$fruits = array("apple" => "yellow", "strawberry" => "red", "kiwi" => "green");
<script>
    var color = <?php echo json_encode($fruits) ?>;
</script>
<script src="../yourexternal.js"></script>

JS (yourexternal.js)

alert("The apple color is" + color['apple'] + ", the strawberry color is " + color['strawberry'] + " and the kiwi color is " + color['kiwi'] + ".");

OUTPUT

The apple color is yellow, the strawberry color is red and the kiwi color is green.

Tsquare07 · Answer 16 · 2022-10-11T16:38:34.050

This is what works for me in 2022, I used this solution to get the email of the current user

I create a shortcode using PHP and added it to PHP .function:

function my_get_current_user_email(){
    $current_user = wp_get_current_user();
    $email = $current_user->user_email;
    return $email;  
} 
add_shortcode( 'get_email', 'my_get_current_user_email');

Then use a div to wrap the shortcode:

 <div id="target-content" style="display: none;">
[get_email]
 </div>

Finally, access the content of the Div with JavaScript:

const databox = document.getElementById("target-content");
const dataContent = databox.textContent;
console.log(dataContent)

This work perfectly for what I wanted and I hope it will work for you too.

score 0 · Answer 17 · answered Jun 22 '23 at 12:37

I don't have much idea of other solutions but if your data does't consist of any sensitive information then you can use it in this way

get data in to a HTML tag and give it an ID
set that tag visibility to hidden & fetch data to Javascript

here it how I used it

1.

<p id="YourID"> <?php echo $variableName ?> </p>

<script>
   document.getElementById("YourID").style.visibility = "hidden";
   let VariableName = document.getElementById("YourID").textContent;
</script>

Remember if you use this method then user can see variable value from inspect(Devloper) Mode and they can even modify it !

score -2 · Answer 18 · edited Jul 16 '19 at 00:15

-2

As per your code

<$php
     $val = $myService->getValue(); // Makes an API and database call
     echo '<span id="value">'.$val.'</span>';
$>

Now you can get value using DOM, use innerHTML of span id, in this case you don't need to do any call to server, or Ajax or another thing.

Your page will print it using PHP, and you JavaScript will get value using DOM.

edited Jul 16 '19 at 00:15

Peter Mortensen

30,738
21
105
131

answered Apr 15 '15 at 11:14

Amit Shah

1,380
1
10
19

This code is vulnerable to XSS, because it doesn't escape characters like `<` and `>`. Also, similar solutions have already been suggested. – Michał Perłakowski Apr 18 '17 at 10:26

score -2 · Answer 19 · edited Nov 19 '19 at 16:25

-2

<?php

    $val = $myService->getValue(); // Makes an API and database call

    echo "
        <script>
            myPlugin.start({$val});
        </script> ";

?>

edited Nov 19 '19 at 16:25

Nico Haase

11,420
35
43
69

answered Aug 14 '19 at 16:37

antelove

3,216
26
20

Mohammad Zaer · Answer 20 · 2022-10-25T09:53:58.387

-2

we can do it using php heredoc:

<?php
    
$inPhpVar = "i am php var";

$ScriptInline = <<<JS
<script>
alert('{$inPhpVar} that used in js code');
</script>
JS;

echo $ScriptInline;

?>

edited Oct 25 '22 at 09:53

answered Dec 03 '21 at 06:18

Mohammad Zaer

638
7
9

How do I pass variables and data from PHP to JavaScript?

20 Answers20

1. Use AJAX to get the data you need from the server

Pros

Cons

Implementation Example

get-data.php

index.php (or whatever the actual page is named like)

Some more reading material

2. Echo the data into the page somewhere, and use JavaScript to get the information from the DOM

Pros

Cons

Implementation Example

index.php

3. Echo the data directly to JavaScript

Pros

Cons

Implementation Example

Explanation of the problem

Solutions

Am I writing a website or an application?

Website

Application

Linked

Related