1

I have a php function that's run when a build.php page is loaded and creates a $variable. I have save.php also, which is called via an ajax function in scripts.js (taking data sent through POST), but I need to use $variable in save.php.

Is there a good way to send further data through ajax without it being visible on the front end?

I thought of using a $_SESSION variable for this, which seems like it would work, but I understand it may not be totally reliable and is not always a good idea (though this might have been overstated where I was looking).

Is that the best way? Or is there some other way to get a PHP variable to another one via javascript without it being in the front end code?

Community
  • 1
  • 1
Damon
  • 10,493
  • 16
  • 86
  • 144
  • JS code is by definition front-end code. Anyone could open your JS code and find this "hidden" var. – Marc B Sep 20 '11 at 19:46
  • Yes I know there's no absolute way to block it off, but there could be ways of making it better hidden. Or just use session, if that's ok to do. – Damon Sep 20 '11 at 19:50

2 Answers2

0

if you were using JQuery, it's as easy as:

$.post({
   url: somurlhere,
   data: somedatahere
});
dqhendricks
  • 19,030
  • 11
  • 50
  • 83
  • I know how to do that, yeah. But the javascript file can only get data either from a database or what's been printed out to the page itself; in this case I want to pass a variable value from a script that's part of the page that loads the external js script. – Damon Sep 20 '11 at 19:35
  • @Damon I have to admit your question as well as this addendem are very hard to understand. in your question you say pass a PHP variable to another one (whatever "one" is). in your above comment you say you want to pas a js variable to another js script loaded in the page? I'm very confused. – dqhendricks Sep 20 '11 at 19:45
  • 1
    @Damon much clearer. yes sessions are the way to go it sounds like. session_start(); $_SESSION['keyname'] = $somevalue; – dqhendricks Sep 20 '11 at 19:53
0

Session variables exist only on the server, not on the client. For you to save a session variable that was originated by your javascript function in the browser you will need to pass it to the server somehow. And as you probably realize you don't have much control on what happens on the client side. They can pretty much change any post information you send over to the server - there are some programs that do that fairly easily.

Even if you use ajax, the client can still mess with your variables.

You could try to encrypt the information before sending it.

If in the other hand you want to pass variables between two scripts running on the server you can definitively do that using session variables.

Update

It seems that you are creating the variable in your first script and then there is a javascript function that calls the second script and you need the second script to access the variable created by the first script.

In the above scenario you can definitively use session variables. This is the main reason they exist. To allow you to pass information among different scripts.

First PHP script

session_start();
logic to create the variable
$_SESSION['myVar'] = $myVar;
rest of the script

Javascript

calls second script / does not change the value of the variable

Second PHP script

session_start();
$myVar = $_SESSION['myVar'];
execute second script

I hope this makes sense.

jdias
  • 5,572
  • 4
  • 22
  • 25
  • yeah that's what I'm doing.. the build.php generates a variable, which I need in the save.php, but the save.php is called via ajax and fed data with POST. From reading around it looked as though using session was not recommended, but I didn't see another way of doing it... – Damon Sep 20 '11 at 19:44
  • If the variable is created by the first script and you need to use it in the second script, than you can definitively use session variables. I updated my answer. – jdias Sep 20 '11 at 19:48