客户端脚本中的服务器端变量
[英]Server-side variables within client-side scripts
问题描述
I had to render a chart using javascripts. 
我不得不使用JavaScript绘制图表。 But the data for the chart is in the server. 但是图表的数据在服务器中。 After googling I found out that this can be done by using server-side scrpting languages like php and client-side languages javascript or jquery. 谷歌搜索后,我发现这可以通过使用服务器端的搜寻语言来完成,例如php和客户端语言的javascript或jquery。
var php_data= $.parseJSON('<?php echo json_encode($chart_data); ?>');
The above code is working perfectly and I can get the data in server to the client side. 上面的代码运行正常,我可以将服务器中的数据发送到客户端。
But I'm curious that how this can be done because we are reading server-side variables in client-side and we are not using AJAX here. 但是我很好奇这是如何实现的,因为我们正在客户端读取服务器端变量,而这里没有使用AJAX。 This is really confusing because php code is running in the server and javascript is running in the client. 这确实令人困惑,因为php代码在服务器中运行,而javascript在客户端中运行。 Does anyone know the theory behind this? 有人知道这背后的理论吗? How a javascript can access to the server? JavaScript如何访问服务器?
If we can access to any variable in php script with a javascript we'll have to explicitly take some actions to confirm the security of the php script. 如果我们可以使用javascript访问php脚本中的任何变量,我们将必须明确采取一些措施来确认php脚本的安全性。
2 个解决方案
解决方案1
3 已采纳 2015-09-27 18:04:36
It's because of the order in which it executes. 这是因为它执行的顺序。 The server-side script executes first (on the server) and generates the outout sent to the client. 服务器端脚本首先执行(在服务器上)并生成发送到客户端的中断。 You can therefore dynamically generate part of all of your client side scripts on the server using the server-side code. 因此,您可以使用服务器端代码在服务器上动态生成所有客户端脚本的一部分。 This is essentially what you are doing here. 这基本上就是您在这里所做的。
Going the other way - passing data from the slient side back to the server side requires AJAX or similar, because the server-side script has already run when the client-side script runs. 换种方式-将数据从平滑端传递回服务器端需要AJAX或类似方法,因为在客户端脚本运行时服务器端脚本已经运行。
In terms of security, the only server-side variables that are available in javascript are those you explicitely render as javascript variables/objects. 在安全性方面,javascript中唯一可用的服务器端变量是您显式呈现为javascript变量/对象的变量。 (Or those you expose via an API/AJAX call of course). (或者当然是通过API / AJAX调用公开的内容)。 In this case you exposed the $chart_data variable in javascript by saying: 在这种情况下,您可以通过说出javascript公开$chart_data变量:
var php_data= $.parseJSON('<?php echo json_encode($chart_data); ?>');
If you look at the source of the page generated, it won't mention $chart_data , it will be something like 如果您查看生成的页面的源代码,它不会提及$chart_data ,它将类似于
var php_data= $.parseJSON('[{"a": "1"}, {"b": "2"}]');
You haven't given access to the PHP variable, but simply printed the contents of it (at this point - any changes made after this point to $chart_data in your PHP script will not be reflected in the version in javascript) as a javascript variable. 您尚未授予对PHP变量的访问权限,而只是将其内容(作为JavaScript的版本显示在此点-此点之后,PHP脚本中对$chart_data任何更改都不会反映在javascript版本中) 。
解决方案2
1 2015-09-27 18:02:01
RESTFul API's are what your looking for. RESTFul API是您的所需。 The example provided uses the Zend PHP Framework but you can really do the same using a simple router and exporting to JSON for the JS to parse. 提供的示例使用Zend PHP Framework,但您实际上可以使用简单的路由器并导出到JSON以供JS解析来完成相同的操作。
One a side note I would recommend you possibly move to a newer method of DOM rendering using client side routing with a RESTFul API & XMLHttpRequests; 附带说明一下,我建议您可能会转向使用带有RESTFul API和XMLHttpRequests的客户端路由的DOM呈现的新方法。 some great frameworks for quick prototyping are angular, knockout, backbone etc . 快速原型的一些很好的框架是有角的,敲除的,骨架的 。
The upside is that the client is handling the page rendering vs. the server which leaves the server's memory consumption for more important tasks. 好处是客户端要处理页面渲染而不是服务器,这将使服务器的内存消耗留给更重要的任务。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.