How to secure the php code?

I created now a Javascript Code that get the php variable into javascript code, my issue that the php variable is important and I don't want any can see this variable is there is any way to do that by the way I tried to use obfuscator but it doesn't work because of the PHP code inside the Javascript code, let's say this is my Code,

$var = "this is impotant";
<script type="text/javascript">
    var javaScriptVar = "<?php echo $var; ?>";

So, is there any way to use PHP variables in Javascript code or hide the result of the PHP code?



who wants to get the value, will get it. but you can

  • dynamically inject them via ajax
  • encode (base64 etc.) the value
  • obfuscate the code

Nobody sees the PHP code. But if you expose values into Javascript, they are not secret anymore. There is no way to deal with this. You cannot use the value in Javascript and NOT reveal it.

If you want to keep process data secret on the server, and available for the next request of that user, use a session.


People will only see the value of the variable. They wont know what it is or how important it is supposed to be. Nobody will see the variable name because the PHP code is executed BEFORE the page is sent to the client. Therefore there is no need to obfuscate the value, and you cant anyway since you need the value.

An example. if I use this PHP code in my file

<p>Hello Mr <?php echo $MY_SUPER_SECRET_VARIABLE ?></p>

the only thing people will be able to see in the source when the page loads is

<p>Hello Mr Bond</p>

The same rule applies if it is placed in Javascript


First you need to understand that Javascript is executed on the client side, every piece of code and variable are in some way accessible by someone with some programming background.

Although you can obfuscate the source code and encrypt the variable to make it harder to read, there is no 100% protection when things happen on client side.


PHP files will be interpreted into static (like html or xml format) file, means that all variables will be replaced with certain values.What users see is static, no php code displayed but just interpreted text.


Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us Javascript

©2020 All rights reserved.