Home/ Questions/Q 8725961
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T08:09:28+00:00

I can’t seem to find an almost exact question so I might as well

  • 0

I can’t seem to find an almost exact question so I might as well ask away.

Is it really a standard practice to send variables from Javascript to PHP? I’m planning to send array to PHP after some several assessment within Javascript – passing variables here and there…only to be combined again as an array, and as I’ve said, will be passed to PHP. Am I missing something? I hardly see any tutorials to do this, mostly the other way around – that is, PHP array to Javascript. Makes me think, maybe it just isn’t being advised to do Javascript to PHP due to security reasons.

Simply put, will sending Javascript array to PHP that will later on be saved to database be dangerous? I haven’t really FULLY read how to do it, just scanned the very few that I could find…json stringify, $_POST, json encode, json decode. If it is fine to do JS to PHP passing, and since it is related to my question anyway, can someone point me which of those mentioned is best for better security? Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Security isn’t really an issue at this point: JavaScript runs on client side, so anything that could go wrong here could be easily faked by an attacker. You can’t trust the client anyway, as @Jan puts it in the comments above. Also, everything you do on the JavaScript end can be eavesdropped and manipulated by the client – that’s why you can’t do a password check in JavaScript, for example. So, the environment JavaScript operates in is fundamentally insecure, anyway.

    Security comes into play when the server accepts and uses the data. You need to have all necessary protections in place so the data can’t harm your server – for example, remove any SQL injections by using escaping or prepared statements, deal properly with invalid input characters, etc.

    Two exceptions to the rule come to mind:

    • If you are on a SSL (https://) connection, make sure your JavaScript sends the data that way too

    • Sending the browser to a new location with sensitive GET parameters:

      http://www.domain.com/newpage?username=pekka&password=superman85069

      is less secure than POSTing a form, because the URL may be cached.

    • 0