AJAX status 200 fires error on PHP echo of json_encode

Question

Everything works fine with following program, except AJAX error fires:

javascript:

var data = {
    email: 'me@gmail.com',
    password: 'secretword'
};

$.ajax({
    type: "POST",
    dataType: "application/json",
    url: "http://localhost/CFBserver/validateUser.php",
    data: data,
    success: function (response) {
        console.log(response.responseText);
    },
    error: function (response) {
        console.log(response.responseText);
    }
});

}

php:

    <?php

    $conn = mysqli_connect('localhost', 'root', '', 'cfbdata');
    if (mysqli_connect_errno($conn)) {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }
    $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING);
    $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);

    $sql = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";

    if (!mysqli_query($conn, $sql)) {
        die('Error: ' . mysqli_error($conn));
    }

    $result = mysqli_query($conn, $sql);
    $numrows = mysqli_num_rows($result);
    if ($numrows > 0) {
        $message = array('result' => 'found',
            'email' => $email,
            'password' => $password,
        );
    } else {
        $message = array('result' => 'Not found',
            'email' => $email,
            'password' => $password,
        );
    }
    header('Content-type: application/json');
    echo json_encode($message);

    mysqli_close($conn);
    ?>

This is what console displays:

<html>
    <head>
        <meta charset="UTF-8">
        <title></title>
    </head>
    <body>
        {"result":"found","email":"me@gmail.com","password":"secretword"}
    </body>
</html>

So php finds the record in the mysql database but on return to AJAX, error fires. Why is this?

your `error` and your `success` functions are identical so how do you know which is being trigged? — , Dec 05 '16 at 01:53
I do realize AJAX 'error' and 'success' fire the same code. But rest assured, I have confirmed 'error' is firing. Also, this is test code so I'm not concerned with security vulnerabilities at this stage of development. — dru37, Dec 05 '16 at 01:54
Out of curiosity, what happens if you change `dataType` to just `JSON`? Also, how do you know it's your error method firing when they both do exactly the same thing... — Darren, Dec 05 '16 at 02:12
how about removing the `header('Content-type: application/json');` — Veshraj Joshi, Dec 05 '16 at 04:06

score 0 · Answer 1 · edited May 23 '17 at 12:08

0

Your AJAX is expecting a JSON response, but is getting HTML. That's why the request returns status code 200 (= OK), but your JS won't work.

PHP's json_encode doesn't add HTML by itself, so you're probably outputting to a template (or you've wrapped your PHP in HTML).

As others have also mentioned, you're open to SQL injection. There is also no way to be sure your error method is firing, since both your AJAX' error and success do the same thing.

edited May 23 '17 at 12:08

Community

1
1

answered Dec 05 '16 at 02:12

Sébastien Vercammen

512
3
8

Right. But where do the html tags come from? I'm not adding them. – dru37 Dec 05 '16 at 02:21
@dru37 It says so in my answer: you're probably outputting to a template or you've wrapped your PHP in HTML. – Sébastien Vercammen Dec 05 '16 at 02:26
How do I avoid outputting to a template? I'mean not sure what that means. – dru37 Dec 05 '16 at 02:30

AJAX status 200 fires error on PHP echo of json_encode

1 Answers1