Why does a simple ajax call to php exhibit such strange behavior?

Question

I am making a call to a jQuery Mobile form to a simple PHP mailing file. I have tested the PHP file using the same data I am passing from the ajax call, which works just fine. However, when using ajax, the email is not sent and the address bar contains the query string. I really need more sets of eyes looking a this, since my mine seem permanently crossed.

Form Excerpt

        <form id="hipaa-form" name="hipaa-form" autocomplete="on" data-ajax="false">
            <p data-role="fieldcontain">
                <label for="name">Name:<span class="smallred">*</span></label>
                <input type="text" name="name" id="name" autofocus required placeholder="Full Name">
            </p>
            <p>
                <input type="submit" name="send" id="send" style="cursor:pointer" value="Submit">
            </p>
        </form>

JavaScript

$('#hipaa-form').on('submit', function (e) {
    var data = $(this).serialize();
    $.ajax({
        type: "GET",
        url: email.php,
        data: data,
        dataType: "text",
        success: function (result) { alert(result); },
        error: function(xhr, status, error) {
                  var err = eval("(" + xhr.responseText + ")");
                  alert("Error: " + +err.Message)
               }
    });
});

Note the data variable is set correctly, and is the string that winds up in the address bar. The alert from the success function displays the entire web page, but again the email is not sent. I tried setting custom error handlers in PHP, but they were no help at all.

PHP

    $body = "Full Name: " . $_GET["name"] . "\r\n";
    $body = $body . "email: " . $_GET["email"] . "\r\n";
    $body = $body . "Phone: " . $_GET["phone"] . "\r\n";
    $body = $body . "website: " . $_GET["Website-URL"] . "\r\n";
    $body = $body . "app. type: " . $_GET["pgm-type"] . "\r\n";
    $body = $body . "uses DB: " . $_GET["uses-db"] . "\r\n";
    $body = $body . "saves data: " . $_GET["stores-patient-data"] . "\r\n";
    $body = $body . "db vendor: " . $_GET["database-vendor"] . "\r\n";
    if (isset($_GET["db-other"]))
        $body = $body . "other db: " . $_GET["db-other"] . "\r\n";

    $to = "contact.us@bunkerhill.com";
    $subject = "HIPAA Form Submission";

    mail($to, $subject, $body, "From: contact.us@text.bunkerhill.com");
    echo "Form Submitted"

?>

My test site is : http://test.bunkerhill.com/

TIA

add a return false to your ajax call for the submit to not submit the form instead the ajax will submit. (after the ajax call) — Cayce K, Mar 06 '15 at 18:35
Thanks. That got rid of the address bar issue, but the email is still not sent and the entire html page is shown in the success alert. — ron tornambe, Mar 06 '15 at 18:41
Well your're actually doing `alert(result)`, that's the reason your entire html page is shown in alert :) Coming to mail issue, did you check if your mail code is working ? It should be some issue in PHP side — Arkantos, Mar 06 '15 at 18:44
What should it be instead of alert(result)? I vhae checked the PHP side and it works correctly. — ron tornambe, Mar 06 '15 at 18:46
It depends on what you want to do with the html response :) If you just need to update the view, then replace the html of some div container like `$('#main-div').html(result);` — Arkantos, Mar 06 '15 at 18:58
The site is on a shared server. I am not sure how to view the PHP error logs. I'll check with the hosting company. Thanks. — ron tornambe, Mar 06 '15 at 18:59
Got it.. url in your ajax definition should be `'email.php'` in quotes, without that it's just sending a call to `http://test.bunkerhill.com/` and your PHP code sending `email` is never invoked at all :) — Arkantos, Mar 06 '15 at 19:09

Matt · Answer 1 · 2015-03-06T19:00:30.533

4

You need to block the form from being submitted with preventDefault();

$('#hipaa-form').on('submit', function (e) {
    e.preventDefault();
...
}

Your ajax request should use querystring parameters with a GET or, change to type: "POST" and adjust your PHP to use $_POST

Example:

type: "GET",
url: "page.php?foo=x&bar=y"

Or

type: "POST",
url: "page.php",
data: data

Lastly, I'm a little worried about this example including HIPAA information. You might want to consider an approach where you store the information in a secure location and simply send an email that says, "Hey a new message is available. Click here to authenticate against our secure system to read it." Not that there is anything absolutely wrong with your approach but it feels like there is additional HIPAA related liabilities to consider.

edited Mar 06 '15 at 19:00

answered Mar 06 '15 at 18:35

Matt

5,315
1
30
57

the line containing `+err.Message)` could be messing it up too, but that isn't very likely. – Cayce K Mar 06 '15 at 18:38
Thanks, but that didn't solve the problems. The email isn't sent and the success alert shows the entire page? +1 for pointing this out though – ron tornambe Mar 06 '15 at 18:42
Anything in the PHP error log? I also updated my answer to explain GET vs POST. – Matt Mar 06 '15 at 18:54
As understand it, POST should only be used if the call changes the state of the server, like updating a database. Since I am just sending an email, GET seems appropriate. – ron tornambe Mar 06 '15 at 19:02
POST and GET can both be used for updating a db or emailing or any other action. Check out this post for more explanation on the differences: http://stackoverflow.com/questions/504947/when-should-i-use-get-or-post-method-whats-the-difference-between-them When sending sensitive information you should almost absolutely be using POST. In your instance, the changes are very minimal. Simply change all `GET` to `POST`. – Matt Mar 06 '15 at 19:09
That is a very good point. The site will ultimately reside in AWS and I will make use of secure SES. I will also change GET to POST – ron tornambe Mar 06 '15 at 19:17

score 0 · Accepted Answer · answered Mar 06 '15 at 19:12

0

url param in your Ajax definition should be 'email.php' in quotes, so change

url: email.php

to

url: 'email.php'

Without that it's just sending a call to http://test.bunkerhill.com/ and your PHP code sending email is never invoked at all :)

answered Mar 06 '15 at 19:12

Arkantos

6,530
2
16
36

Thanks so much. I knew a sharp pair of eyes was needed. – ron tornambe Mar 06 '15 at 19:13
Glad to be of help :) – Arkantos Mar 06 '15 at 19:13

Why does a simple ajax call to php exhibit such strange behavior?

2 Answers2