Passing URL variable via $_GET to Javascript

Question

I have a PHP page with the following URL:

http://xyz.com/dev/gallery.php?k=1&s=35

The following Javascript file is included on the PHP page:

<script type="text/javascript" src="js/some-js-file.php"></script>

The some-js-file.php needs to be filled dynamically using PHP:

jQuery(function($){$.supersized({

<?php 
$sql = "SELECT * FROM tbl WHERE id=".$_GET['s']." ORDER BY pos ASC"; 
$result = mysql_query($sql); 
    while($rs = mysql_fetch_row($result)){
    ...do some output here...
    }
?>

});
});

For some reason, $_GET['s'] is empty. Any ideas why? Thanks in advance for any help!

**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Oct 15 '13 at 13:49

score 1 · Accepted Answer · edited May 23 '17 at 12:05

1

Pass the parameter to the JavaScript file as well:

<script src="js/some-js-file.php?s=<?php print $_GET['s']; ?>"></script>

N.B.: Please pay attention to Quentin's comments and make sure that you use the approach securely.

edited May 23 '17 at 12:05

Community

1
1

answered Oct 15 '13 at 13:49

VisioN

143,310
32
282
281

2

**Danger**: This is vulnerable to [XSS](http://en.wikipedia.org/wiki/Cross-site_scripting) attacks. Never insert external data into HTML without sanitising it! Add `htmlspecialchars` to fix it. – Quentin Oct 15 '13 at 13:50

Passing URL variable via $_GET to Javascript

1 Answers1