views:

194

answers:

6

-I have read about json being a simple way but also read its a bad practice to use eval() once the data is retrieved. So I don't know how so use the data returned.

-The only way i've been able to retrieve data from php scripts is if I echo the results already formatted (which is not very convenient). Also if there is a redirect in the php script the whole redirected pages html gets passed back to javascript.

Can somebody please recommend a way to send variables or arrays back to javascript from php?

+1  A: 

I don't think there's any other serialization method available that would be significantly better than JSON. You're not forced to use eval() with it. There are parsers available, like this one from Douglas Crockford.

Reinis I.
+3  A: 

jQuery can safely parse JSON for you. You can either use the .ajax() function with the appropriate parameters, or the .getJSON() function.

jQuery.getJSON( url, data, callback )

You should be able to find a PHP library to convert data structures to JSON through a google search, though I am not able to recommend any specifically.

Mike
+2  A: 

With jQuery you can use JSON data and you are pretty secure, more important if you load data from the same domain i can't see security flaws.

That said in PHP (starting from version 5.2.0) you have native functions to convert PHP data to JSON and viceversa. The function are json_encode and json_decode

For example:

$result = array();
$result['data1'] = "askdjaksd";
$result['data2'] = array(1,2,3);

echo(json_encode($result));

And PHP does all the work for you. It's also pretty fast being a native extension.

wezzy
if i want my pages to work the with javascript disabled is there a better way than sending an extra variable with the ajax request to let the script know its an ajax request and echos the json data and if the request is not made and no extra variable passed, the php script would not echo the encoded json?
chris
+1  A: 

Since JavaScript has a same-domain policy for XmlHttpRequests, unless you have a man in the middle attack or your server is compromised (in either case you and your clients have bigger problems), you shouldn't need to worry about eval'ing a JSON string from the server (since you control that data).

As others have said, there are alternative interpreters available. Also, you can send the data back as XML if you really want.

To answer your comment in another answer: If you want your site to work with and without JavaScript, I suggest storing a flag in the session instead of passing it around all over the site.

Justin Johnson
+1  A: 

Like everyone else has mentioned, same-domain policy would protect you against the evils of eval()ing json sent from the server....

Answering you comment to another answer:

Jquery sends this header with every ajax request

HTTP_X_REQUESTED_WITH= "XMLHttpRequest"

So on the PHP script you can do something like

if(isset($_SERVER["HTTP_X_REQUESTED_WITH"]) &&
   ($_SERVER["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest")){
   //do stuff assuming javascript is enabled
}else{
  //do stuff assuming javascript is disabled
}
pǝlɐɥʞ
+1  A: 

jQuery

$.post('somewhere.php',{ file: file, text: text },function(data) { //do stuff you can tell it to call a function or w/e you need to do },"json");

To access the data it's simple the function(data) { allows you to access the json encode by data.var }

The PHP

$file = $_POST['file'];
$text = $_POST['text'];

// do w/e you want with theses
// when your done and want to pass the vars back

echo json_encode("file" => $file,"text" => $text,"mynewvar" => $somevar);

Now when you want to access that data a simple example would be, within the function(data):

function(data) {  
  var mynewvar = data.mynewvar;
  var file = data.file;
  var text = data.text;
  //do w/e
}

Hope that gives you some direction on how to handle it.

Dreamcube