3

I want to use a PHP variable as a javascript variable - specifically I want to user the PHP variable session_id(); and use this as a javascript variable. 

<?php
$php_var = session_id();
?>
<script language="JavaScript" type="text/javascript">
js_var = <?php echo($php_var ?>;
</script>

This seems like it should work for me but it doesnt can anyone suggest a better way?

Improve this question
1

4 Answers 4

Reset to default
13

The best method i can think of looks like this:

<?php
$php_var = session_id();
?>
<script type="text/javascript">
    var js_var = <?php echo json_encode($php_var); ?>;
</script>

PHP's json_encode-function is always producing valid JavaScript, which is not ensured if you are simply outputting random values. If you decide not to use json_encode(), you should at least enclose the php-value with quotes to prevent syntax errors. Be aware of escaping!

<?php
$php_var = session_id();
?>
<script type="text/javascript">
   var js_var = "<?php echo $php_var; ?>";
</script>
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

+1 for json_encode. That's what it's there for. Don't ever use the raw-echo version. You risk bugs and XSS security holes.
What do you mean by "Be aware of escaping!"? You don't seem to escape anything in your code example....? Thanks!
@JDelage: My first example escapes everything properly (that is what json_encode() does while serializing). The second example does not. That is why I recommend using the first technique. The second technique is only ever usable when dealing with already-escaped values or values that are impossible to cause invalid JavaScript, but it really does not make a lot of sense to use, since the first one covers all cases.
3

That's just fine. Be sure that if the variable you're echoing is a string that you put quotes around it and escape any quotes, newlines, etc. inside it -- e.g., make sure it really gets output as a valid JavaScript string literal. Also, don't forget the var before js_var.

Improve this answer

Comments

2

It seems you have opened a parenthesis in the echo call, but didn't close it. Also, you should place a semicolon after it. You've also forgotten the quotes (as Gordon says in the comment below).

<?php
$php_var = session_id();
?>
<script language="JavaScript" type="text/javascript">
js_var = "<?php echo($php_var); ?>";
</script>

P.S.You can use less code by replacing echo with the '=' character:

js_var="<?=$php_var?>";

Improve this answer

2 Comments

Funny how people upvote this answer the most although it misses the quotes around the php block and advertises using the shorthand syntax, which is widely regarded as bad practise.
I didn't know that using the shorthand syntax is bad... thanks for the link. And you're right about the quotes... I've already changed it. I don't really know why did I forget about them...
1

It doesn't work because your snippet contains errors, it should be:

<?php
$php_var = session_id();
?>
<script language="JavaScript" type="text/javascript">
js_var = <?php echo $php_var ?>;
</script>
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.