Something went wrong with PHP and Ajax

Question

I have this ajax code. data consists of login credentials.

$.ajax({
        url: "app/php/login.php",
        type: "GET",
        data: data,
        dataType: 'json',
        async: true,
        success: function(response){
            blah blah
        }
})

and here is my login.php. Everytime i sent a request, an alert pops up with the message Something Went Wrong. Am i doing this right? Forgive me for using GET method in a login

header('Content-Type: application/json');

$dbconn = mysqli_connect("localhost","root","","alumni_tracker") or die("Could not connect to database!"); //host, username, password, db
mysqli_select_db($dbconn,"alumni_tracker");
$student_no = $_GET["student_no"];
$password = $_GET["password"];
$query = "SELECT * FROM user WHERE student_no= '$student_no' AND password=MD5('$password')";
$res = mysqli_query($dbconn, $query);

if(empty($res)){
    $data = "1";
}
else if(!empty($res) && $student_no == "111111111"){
    $data = "2";
}
else{
    while($row = mysqli_fetch_array($res)){
        $data = array('student_no'=>$row['student_no'],'password'=>$row['password']);
    }
}
return json_encode($data); 
exit();

*"Something Went Wrong"* - where's that coming from? where's the html for this and I hope you're not live or wanting to go live with this. — Funk Forty Niner, Feb 06 '17 at 17:30
no prepared statement and using MD5 is a sure fire way of getting hacked. — Funk Forty Niner, Feb 06 '17 at 17:32
add in an error section and see what happens error: function (response) { alert(response); } — dsadnick, Feb 06 '17 at 17:34
Check your server error logs to see where the issue may lie. — aynber, Feb 06 '17 at 17:34
***You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)*** and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Feb 06 '17 at 17:44
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Feb 06 '17 at 17:44
@JayBlanchard thanks for the advice, will do it after i get this log in to work. — markhamknight, Feb 07 '17 at 02:46

score 1 · Accepted Answer · answered Mar 01 '17 at 15:19

1

disregarding the security issues, the fix was to use echo instead of return in json_encode($data)

answered Mar 01 '17 at 15:19

markhamknight

365
2
3
15

Something went wrong with PHP and Ajax

1 Answers1