-4

I would like to wrap my Jquery/javascript in PHP out of security reason, I think PHP is much more difficult to access then client-side script. I Googled for this subject but there is really not much info, some examples which really don't specify and that's it. I really need just a starting idea in order to work on my actual script. So for example lets say I have this:

<script>
    $("p").click(function () {
      $(this).slideUp();
    });
</script>

Would it suffice like this:

<?php

<script>
    function click{
            $("p").click(function () {
              $(this).slideUp();
            }); 
    }
        </script> 
?>

    echo click()

I'm asking for a basic understanding of this since I get nothing out of google. An anwser regarding my code would be appreciated.

Youss
  • 4,196
  • 12
  • 55
  • 109
  • 5
    This will not add any security. Moreover it won't work – cjds Jan 30 '13 at 10:01
  • 2
    You cannot execute javascript from within PHP, it always needs to be exposed into html so the browser can execute the code. – DonSeba Jan 30 '13 at 10:03
  • JS is something you print out to a client, you can't just 'hide' it, you need to pass it to client-side – KennyPowers Jan 30 '13 at 10:03
  • JavaScript is client side, php is server side...so what you are trying wont work... – Fraser Jan 30 '13 at 10:03
  • what security reason ?? you have no reason whatsoever to put any sensible information in your javascript code; if you scare that people copy your code to reuse it, well since you don't make the difference between client & server script i would not worry about it too much ! – mikakun Jan 30 '13 at 10:07
  • Thank you guys. I think I got the idea because I once saw Javascript in php WITHOUT THINKING about the output in browser... – Youss Jan 30 '13 at 10:08
  • By the way I dont think this question should be closed as it can help other newbies... – Youss Jan 30 '13 at 10:09
  • Why so many downvotes? What's wrong with how this question is asked? – Kos Jan 30 '13 at 10:16

7 Answers7

7

You can't hide jQuery code from the user. It will always be part of the HTML page that is sent to the user's browser and he can always open the source code view and have a look at it. It has to be this way, because jQuery is JavaScript and that is executed by the browser, not the server. If you don't tell the browser what to do, it can't do it. Simple as that.

Obviously you can use PHP to generate jQuery code, but in the end it will be transmitted to the user's browser just the same.

Till Helge
  • 9,253
  • 2
  • 40
  • 56
3

What you are trying to do is pointless. Eventually your jquery code will be at the client side. You can not hide it. PHP can not add security to JS since JS run at client-side while PHP run at server-side.

Client side programming includes any coding or computation or effects or annimation or any sort of interaction your website performs with the user via browser. But server side programming is that which performs all the task in the server only. So the user is unaware of that.

For example, PHP is used for server side programming. You design a website with HTML and use JavaScript in it to take some input from user and modify it in anyway. To be more specific, if you created a blog website and you want to specify that the user can post a max of 5000 characters. Then you do some client side programming with JavaScript to count the number of characters and any filtering or anything. But then you need to send those posts to the server. The server then performs some server side task, may be with PHP, to sanitize the input for SQL Injection and saves it into a database.

User will only know what happened in the browser but not what happened in the server. Those are background tasks.

Read more

Community
  • 1
  • 1
Techie
  • 44,706
  • 42
  • 157
  • 243
1

PHP will not in any way be useful for adding security to your javascript. The javascript is run client side. You can not do anything to make it run serverside.

Clarence
  • 2,944
  • 18
  • 16
1

Your JS has to anyway reach the browser to execute. There is no way around this.

The best option you have is probably obfuscating it. JS cannot be protected without loopholes.

techfoobar
  • 65,616
  • 14
  • 114
  • 135
1

No, the script would still be displayed. If you wanted to write your Javascript in a PHP file, you'd need to echo each line of the script:

<?php
    echo '<script>';
    echo 'function click({';

and so on.

However, this will still display the Javascript on the page without hiding anything - you can't hide Javascript on your site since it needs to be downloaded to the client's browser to be able to run (for the same reason you can't hide any HTML on a page).

If you really want to make it difficult for people to understand your Javascript code, you can try minifying or obfuscating it, but that still won't stop copying and pasting.

whostolemyhat
  • 3,107
  • 4
  • 34
  • 50
1

You can:

This compiler allows you to obscurify and minify your code, making it pretty hard to read what you are doing. Base64 encoding makes it a little harder.

Though, it makes your code hard to read, you can't hide javascript completely.

Tim S.
  • 13,597
  • 7
  • 46
  • 72
0

This is what you're looking for:

<?php
echo "<script>";
echo "$(\"p\").click(function () {";
echo "$(this).slideUp();";
echo "});";
echo "</script>";
?>

You want to use PHP "echo" statements to deliver your JavaScript. Be sure to "escape" any quotes inside your JavaScript with slashes before them, or the PHP processor will interpret the quotes as part of the PHP "echo" statement.

The reason you might want to use PHP to deliver your JavaScript is that you can handle security in PHP. That way, if the user isn't properly authenticated, the PHP script will simply deliver nothing at all. Here's an example:

<?php
if ( $_COOKIE['password'] > '') {
    echo "<script>";
    echo "$(\"p\").click(function () {";
    echo "$(this).slideUp();";
    echo "});";
    echo "</script>";
}
else {
    echo "Password not set";
}
?>
Anonymous
  • 1