My server side php doesn't get the data from my client side AJAX requiest

Question

Here is my AJAX code:

 $("#loginbutton").click(function(){
              var email = $('#email').val();
              var password = $('#password').val();
              $.ajax({
               url: 'login.php',
               type: 'POST',
               dataType: 'json',
               data: { email:email, password:password},
               success: function(data){
                 $("#samplediv").innerHTML ="Welcome";
                }
              });
             });

And this is my PHP:

 <?php
 session_start();
 $conn = mysqli_connect("localhost", "root", "", "getpet");
 if(isset($_POST['email'])){
   echo $_POST['email'];
 }
?>

As you can see it will be a login system, but the php doesn't write out the $_POST['email'] variable. I think it is probably a syntax mistake, just I am too blind. I would really appreciate it if somebody can help me.

UPDATE: Here is my whole php code, i think it's not relevant, but this is ther reason, why i use dataType: json.

 <?php
 session_start();
 $conn = mysqli_connect("localhost", "root", "", "getpet");
 if(isset($_POST['email'])){
   echo $_POST['email'];
 }/*
 $results = array(
   'success' => false,
   'user_id' => "azaz",
   'fname' => "",
   'lname' => ""
 );
 if(!empty($_POST['email']) && !empty($_POST['password'])){
        $email = $_POST['email'];
        $password = md5($_POST['password']);
        $sql= "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
        $rowsql = mysqli_query($conn, $sql);
        $row = mysqli_fetch_array($rowsql, MYSQLI_BOTH);
        if(mysqli_num_rows($rowsql) == "1"){
            $_SESSION['user_id'] = $row['user_id'];
            $_SESSION['fname'] = $row['fname'];
            $_SESSION['lname'] = $row['lname'];

      $results['success'] = true;
      $results['user_id'] = $row['user_id'];
      $results['fname'] = $row['fname'];
      $results['lname'] = $row['lname'];
      }
    }

            //echo json_encode($results);*/
 ?>

Your code is wide open to SQL-injection. Have you tried to use get instead of post? — SuperDJ, Apr 16 '17 at 11:31
I don't see how this is wide open to SQL-injection. There is a `mysqli_connect` with static credentials, and that's all - no query is being run at all. — Imanuel, Apr 16 '17 at 11:34
I don't really understand what's the difference between the POST and GET ajax requests. Can it help me? — Howard Fring, Apr 16 '17 at 11:35
Yes i use Json objects, but it is not relevant. If you want, i can show the rest of the php code. — Howard Fring, Apr 16 '17 at 11:36
Ok, now with the rest of the code, I agree with SuperDJ. Your code IS wide open to SQL-injection. Please use prepared statements with parameter binding, or at least escape your email. — Imanuel, Apr 16 '17 at 11:45
@Pharaoh this is nice to know, but not relevant for the a solution here — TypedSource, Apr 16 '17 at 11:54
I removed the dataType, but the php doesn't echo anything yet. — Howard Fring, Apr 16 '17 at 11:54
@HowardFring open your browser dev tools (F12 Key in most browsers) and have a look into the console. 90% cross origin problem. — TypedSource, Apr 16 '17 at 11:55
@TypedSource obviously i always watch the console, it is empty — Howard Fring, Apr 16 '17 at 12:27

score 2 · Answer 1 · answered Apr 16 '17 at 11:36

2

In your data object, your keys are not strings, but the variables that you have defined. Do it like that to have email and password taken literally:

data: { 'email':email, 'password':password},

answered Apr 16 '17 at 11:36

Imanuel

3,596
4
24
46

Nothing happened. :( – Howard Fring Apr 16 '17 at 11:41
it's okay if it is not string because it's a `key` of an object, `data` is an object remember – Jrey Apr 16 '17 at 11:45
Won't it use the contents of the variable of the same name? – Imanuel Apr 16 '17 at 11:46

score 0 · Answer 2 · answered Apr 16 '17 at 11:51

i think this is a cross origin problem, but normaly this is shown in console. append a error ouput to your json and look for it, if it's a php error you will get noticed now.

$.ajax({
    url: 'login.php',
    type: 'POST',
    dataType: 'json',
    data: { email:email, password:password},
    success: function(data){
        $("#samplediv").innerHTML ="Welcome";
    },
    error: function (jqXHR, textStatus, errorThrown) {{
        console.error('ajax response failed');
        console.log(jqXHR.responseText);
    }
});

score 0 · Answer 3 · edited Jun 20 '20 at 09:12

-> make sure you call jQuery though :) -> added document ready -> added prevent default -> use input instead of button is only my convenience

<script type="text/javascript">

$(document).ready( function() { /* only when everything is set up */

$("#loginbutton").click(function(e){
e.preventDefault();

          var email = $('#email').val();
          var password = $('#password').val();
          $.ajax({
           url: "login.php",
           method: "POST", /* changed to `method` */
           data: "email="+email+"&password="+password, /* MODIFIED */
           success: function(data){
             alert(data);
             $("#samplediv").html("Welcome !");
            },
           error: function (request, status, error) { /* added error handling */
           alert(request.responseText);
           }
          });
         });
  });
</script>

<div id="samplediv"></div>

<form action="#" id="form" method="post">
<p><input type="text" name="email" id="email" value="" /> email</p>
<p><input type="text" name="password" id="password" value="" /> pwd</p>
<input type="submit" id="loginbutton" value="GO" />
</form>

of course, make the input password type !

As I don't know why you connect (possible select ?) with DB, I just made php file simple, as follows :

<?php
/* login.php */
error_reporting(E_ALL); ini_set('display_errors', 1);

$email = $_POST['email'];
$pwd = $_POST['password'];

echo"[ email > $email / pwd : $pwd ]"; /* for example only, of course, not with real credentials  */

?>

after edit of the original question, I saw php code and I would recommand

NOT using MD5 anymore but password_hash / password_verify

you should really consider using PPS : Prepared Parameterized Statements. This will help Preventing SQL injection

score 0 · Answer 4 · answered Apr 16 '17 at 12:05

$("#samplediv").innerHTML ="Welcome"; is wrong

you have a jquery element here and try to access with vanilla functions.

$("#samplediv").text("Welcome");
// or 
$("#samplediv")[0].innerHTML = "Welcome";

if you open your browsers dev tools it should show you the error:

innerHTML is not a function of ...

My server side php doesn't get the data from my client side AJAX requiest

4 Answers4