ajax call and validate email in php

Question

I'm trying to "transform" a form action into an ajax call. My form:

 <!-- <form method="POST" onSubmit="return doSubmitLogic()" action="action.scripts.php" >
<input type="hidden" name="actiune" value="login" />
<div>
    <label> Email </label>
    <input type="email" name = "email" id="email" /><span id="emailErr"></span >
</div>
<div>
    <label> Password </label>
    <input type="password" name = "password" id="password" /> <span  id="passErr"></span >
</div>

<div>
    <input id ="submitBtn" type="submit" name="button" value="Send"/>
</div>

And what I tried to do with my ajax:

$(document).ready(function(){
$("#submitBtn").click(function(e){

    e.preventDefault();  

    $.ajax({
        type: "POST",
        url: "functions.php",
        data: {
               Email: $("#email").val(),
               Password: $("#password").val(),
              },

        success: function(result){   
            alert(result);
        },
        error: function (error){
            alert("Error");
        }

   });
 });
 });

Also my piece of code "functions.php" is composed by many checking if the action has a specific value and if so to do something.So:

  if ($_POST['actiune']==="login") {
    $email = $_POST['email'];
    $password = $_POST['password'];
    $encript_pass = md5($password);

    $query = "select * from user where email='$email' and password='$encript_pass'"; 
    $result = mysql_query($query) or die ("Error in query: $query " . mysql_error()); 
    $row = mysql_fetch_array($result); 



    if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
        echo("$email is a valid email address");
    } else {
        echo("$email is not a valid email address");
    }   
 }

when I run it it give me an alert saying error. Any syggestions?

Your first and biggest error is, that you put the posted email unfiltered into you sql statement! That is very insecure to do so! And what does your errors say? — eisbehr, Jul 19 '16 at 14:47
Nothing. it says just error. I think it s from the error from the ajax — chi, Jul 19 '16 at 14:48
***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jul 19 '16 at 14:55
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Jul 19 '16 at 14:55
***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jul 19 '16 at 14:56

score 2 · Answer 1 · answered Jul 19 '16 at 14:53

Just replace your code with this, notice the "actiune" under the Email & Password

    $(document).ready(function(){
$("#submitBtn").click(function(e){

    e.preventDefault();  

    $.ajax({
        type: "POST",
        url: "functions.php",
        data: {
               Email: $("#email").val(),
               Password: $("#password").val(),
               actiune: $('input[name="actiune"]').val()
              },

        success: function(result){   
            alert(result);
        },
        error: function (error){
            alert("Error");
        }

   });
 });
 });

jeanj · Answer 2 · 2016-07-19T14:54:26.340

1

You need to pass actiune with your datas too.

 data: {
      email: $("#email").val(),
      password: $("#password").val(),
      actiune: 'login'
 },

I also removed the uppercases from the field you pass since you require password and email in your php not Password and Email

edited Jul 19 '16 at 14:54

answered Jul 19 '16 at 14:49

jeanj

2,106
13
22

and how to do that? – chi Jul 19 '16 at 14:49
give your element an id and pass its value as another additional parameter in your "data" dictionary in the ajax call – Trickzter Jul 19 '16 at 14:53

ajax call and validate email in php

2 Answers2