Timeline for Is it good practice to echo PHP code into inline JS?
Current License: CC BY-SA 4.0
3 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 5, 2021 at 12:14 | audit | First posts | |||
| Mar 5, 2021 at 12:14 | |||||
| Feb 8, 2021 at 13:35 | comment | added | Greg Burghardt | In addition, (btw this answers the OP's question most directly) PHP is a loosely-typed language. While the convention might be that $SESSION['member_id'] is an integer, the PHP language makes no such guarantee. It is probably safe to echo an int directly as JavaScript, but only if you can guarantee it is an int. And you can't in this case, so htmlspecialchars(...) it is. | |
| Feb 8, 2021 at 7:27 | history | answered | Lie Ryan | CC BY-SA 4.0 |