How to send response from PHP to Ajax?

Question

This JavaScript code uses POST method to send data from form to PHP where PHP checks in database if data is true. But I don't know how to send response from PHP back to JS that fetching was successful. Can someone explain?

JS:

$('#submit-btn').on('click', function() {

  var dataString = 'username=' + document.getElementById('username').value + '&password=' + document.getElementById('password').value + '&rememberMe=' + document.getElementById('rememberMe').value;

  $.ajax({
    type: "POST",
    url: "ajaxsubmit.php",
    data: dataString,
    cache: false,
    success: function(){
      //check if what response is   
    } 
  });

ajaxsubmit.php:

<?php
session_start();

//connect

$username =$_POST['username'];
$password =$_POST['password'];  

$sql = "SELECT * FROM user WHERE email ='$username' OR username ='$username' AND password = '$password'";
$result = mysqli_query($conn, $sql);

if(!$row = mysqli_fetch_assoc($result)){     
    //response error
} else{
     //response success
}

?>

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, May 12 '17 at 18:46
**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, May 12 '17 at 18:47
You have to `echo` something in your PHP to get information returned to AJAX. — Jay Blanchard, May 12 '17 at 18:47

Danny · Accepted Answer · 2017-05-12T19:49:05.710

4

Whatever you echo out in the php will be sent back to the ajax.

if(!$row = mysqli_fetch_assoc($result)){
    echo 0;
}
 else{
     echo 1;
}

success: function(response){
    //check if what response is
    console.log( response );
}

edited May 12 '17 at 19:49

answered May 12 '17 at 18:49

Danny

1,185
2
12
33

`console.log()` will not give you a popup. – Jay Blanchard May 12 '17 at 19:28

score 0 · Answer 2 · edited May 23 '17 at 12:18

You have to echo something in your PHP to get something returned:

if(!$row = mysqli_fetch_assoc($result)){
    //response error
    echo 'there is a problem';
} else {    
     //response success
     echo 'yippee!';
}

Then you can log the return as follows:

$('#submit-btn').on('click', function() {

    var dataString = 'username=' + document.getElementById('username').value + '&password=' + document.getElementById('password').value + '&rememberMe=' + document.getElementById('rememberMe').value;
    $.ajax({
        type: "POST",
        url: "ajaxsubmit.php",
        data: dataString,
        cache: false,
        success: function(data){ // 'data' is the variable holding the return from PHP's echo
        //check if what response is   
           console.log(data);
     } 
});

Make sure to watch the AJAX request / response in the browser's developer tools. Make sure you included the jQuery library in the project. The console will reveal errors. AJAX requires a web server.

WARNING Little Bobby says your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string is not safe!

DANGER Never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. It is not necessary to escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.

score 0 · Answer 3 · answered Mar 21 '19 at 10:48

You can exit method with response parameters. like:

ajaxsubmit.php

if(!$row = mysqli_fetch_assoc($result)){     
    exit('error');  //exit with response 'error'
} else{
     exit('success'); //exit with response 'success'
}

JS

$('#submit-btn').on('click', function() {

  var dataString = 'username=' + document.getElementById('username').value + '&password=' + document.getElementById('password').value + '&rememberMe=' + document.getElementById('rememberMe').value;

  $.ajax({
    type: "POST",
    url: "ajaxsubmit.php",
    data: dataString,
    cache: false,
    success: function(response){
      //check if what response is   
      console.log(response);
    } 
  });

How to send response from PHP to Ajax?

3 Answers3