up vote 0 down vote favorite

Hello, I have 2 pages, one PHP and one Javascript. I'd like to pass the variable from this PHP script on one page:

$strFind="SELECT * FROM  cometchat_chatrooms_users WHERE userid=$curmemid";
$result=mysql_query($strFind) or die(mysql_error());
$row=mysql_fetch_array($result);
$room=$row['chatroomid'];

to this Javascript on another page:

var timestamp = 0;
var currentroom = $room;
var heartbeatTimer;
var minHeartbeat = 3000;
var maxHeartbeat = 12000;

How can I do this?

flag
29% accept rate
thanks for all the answers but none of this is working, I thought for sure the sessions one would work. – John Sims Jul 22 at 6:53
Or you can use an AJAX request or a hidden input. When you are using PHP sessions remember, that your JavaScript must be generated by PHP too. – H3llGhost Jul 22 at 7:21

6 Answers

up vote 6 down vote

Hello,

you can do this, when the Javascript is generated by PHP. Example given:

<?php
...
$strFind="SELECT * FROM  cometchat_chatrooms_users WHERE userid=$curmemid";
$result=mysql_query($strFind) or die(mysql_error());
$row=mysql_fetch_array($result);
$room=$row['chatroomid'];
...
?>
<script type="text/javascript">
var timestamp = 0;
var currentroom = <?php echo $room; ?>;
var heartbeatTimer;
var minHeartbeat = 3000;
var maxHeartbeat = 12000;
</script>
link|flag
That will just try to assign the value of the JavaScript variable $room (which is undefined) to currentroom. – David Dorward Jul 22 at 6:37
No, that will assign the JavaScript variable currentroom with the value of the PHP variable $room. – H3llGhost Jul 22 at 6:40
1  
@David Dorward: No, it wouldn't, this code is absolutely correct, $room is between <?php and ?> – nico Jul 22 at 6:41
1  
@nico — it has been edited since I made the comment. Previously it was just: var currentroom = $room. – David Dorward Jul 22 at 6:43
1  
Well, you can get the contents of js with file_get_contents(), parse it with PHP (you could have some placeholder in the original js like ROOM_PLACEHOLDER and str_replace() it). No problem. – Richard Knop Jul 22 at 7:55
show 8 more comments
up vote 2 down vote

Another option is that of PHP outputting a hidden element with the variable in it and then JS reading it.

For instance

<?php
echo '<input type="hidden" id="myvar" value='.$val.' />';
?>

and then in JS

 var v = document.getElementById("myvar");
 // do something with v.value

Of course this is easily spoofable by the client, so take 2 cautions:

1) use this only if it is not a problem for any user to be able to see the value of the variable (e.g. by looking at the source)

2) if the JS does anything that can be possibly "dangerous" e.g. does an asynchronous call to a PHP page that does something in the DB with that value, be sure to have proper checks in the second PHP page (NOT in the JS) to ensure that the value had not been tampered with

link|flag
1  
htmlspecialchars! htmlspecialchars! Whenever you put data that you don't know is safe into a document, use htmlspecialchars! We don't like XSS security holes! – David Dorward Jul 22 at 6:50
As for the two warnings … they apply to any data you end up asking the client to send back to you. There is nothing special about embedding it in the HTML. – David Dorward Jul 22 at 6:51
@David Dorward: sorry? Which part of the data are you assuming is not safe? As for the two warnings, my point is that the JS may be only doing something client-side, in which case data tampering problems are not an issue. If it's doing something server-side then you should do appropriate checks on the server, that's all. – nico Jul 22 at 6:57
$val, we have no idea what it is. – David Dorward Jul 22 at 8:49
@David Dorward: exactly, that's why I didn't sanitise it. If $val is a number you can just cast it to int, if it is pulled from the DB you can be sure is fine because you sanitised the input before putting it into the DB etc etc. It is really dependent from the situation, my whole point here was to use a hidden input. – nico Jul 22 at 14:48
up vote 1 down vote

for another page you can use $_SESSION

<script type="text/javascript">
var timestamp = 0;
var currentroom = <?php echo $_SESSION['room']; ?>;
var heartbeatTimer;
var minHeartbeat = 3000;
var maxHeartbeat = 12000;
</script>

For same file/script sequence- its very simple, no need of SESSION

   var currentroom = <?php echo $room; ?>;
link|flag
thanks for responding Sadat, the page this java script should go one is a .js page, <?php echo $_SESSION['room']; ?>; is not working. – John Sims Jul 22 at 6:44
This is a fairly terrible example. Sessions are relatively complicated beasts and can lead to things such as race conditions very easily. It might be slightly better if it bothered to mention that you have to create a session and store data in it before you can pull anything out of it! – David Dorward Jul 22 at 6:49
@Jhon, I know that well. According to your question, you need it in another page. Remember one thing, you cant execute php in JS file unless you permit it from core server configuration. – Sadat Jul 22 at 7:01
up vote 0 down vote

You cannot actually "pass" a variable anywhere. But only a scalar value. Frankly, you can pass only text data.
So, in case of javascript you have 2 options:

  1. To generate whole js code from PHP along with all it's variables. Much like to how you generate HTML.

  2. To request some variable from JS running in a browser, using AJAX technique.

link|flag
up vote 0 down vote

$strFind="SELECT * FROM cometchat_chatrooms_users WHERE userid=$curmemid"; $result=mysql_query($strFind) or die(mysql_error()); $row=mysql_fetch_array($result); $room=$row['chatroomid'];

?>

var timestamp = 0; var currentroom = ; var heartbeatTimer; var minHeartbeat = 3000; var maxHeartbeat = 12000;
link|flag
up vote -2 down vote

The code will work as is. When the output (html and javascript) is generated by your php it will already have done the substitution. So your value will be inserted there as a literal. If it is a string, you'll still have to quote it though.

var currentroom = '$room';

will become

var currentroom = 'myroom';

in output.

link|flag
No it won't work that way, see H3llGhost answer for how to do it properly – nico Jul 22 at 6:42

Your Answer

get an OpenID
or
never shown

Not the answer you're looking for? Browse other questions tagged or ask your own question.