Hello ! I have put the results of an SQL query into a PHP array. I then pass on this array into a javascript array to manipulate these data in javascript (especially with google maps). But if I click on View source code, anayone can display the full content of this javascript array. How could I hide these data ? Thanks for your help !
You can't. Javascript needs to be sent to the browser for it to display on the screen. Anyone can see it.
OK thanks for your answer. So the only way is to keep using the php array, but I guess it will be difficult to integrate it to the client-side javascript coding I use afterwards for graphical reasons ?
Well, it depends what you need to do. You could use AJAX and just call the bits of data one at a time. Is the database that sensitive?
'sensitive' : actually one of the fields contains the email of my users, and I would like to prevent spammers from collecting automatically those emails by capturing the source code.
Are you implying I should not retrieve this email field ? Actually I am using the google maps API and it appeared to me easier to manipulate javascript variables. When you click on an info window, you could then contact the user by clicking on his email address.
If I could jump into this, I would say whether or not you should retrieve and include the email address in the javascript data depends entirely on what you are trying to accomplish. However, if you are doing so without requiring people to be logged in, then stop doing that. If you are passing all the information to any logged in user, stop doing that right now. If you have not yet, you will soon deliver all their email addresses into the hands of criminals and spammers. And, believe me, crooks and spammers do take the time to manually join forums and other websites in the pursit of data which can be used to advance their "businesses".
Yeah, I agree. I'd make it so that when they click on the user's name they get taken to another screen where they can fill in a form to send an email. All you need is to pass a member id number and the rest can be handled backstage without sending the email address to the clients.