PHP value not being caught by AJAX

Question

I have some code that sends a variable (pin) to php via AJAX the database is then queried and if a result is found the php echo's a value of 1. Everything is working fine, except that the Ajax does not recognise the value returned by the php.

Here is my code

$(document).ready(function () {
    $("form.submit").submit(function () {
        var pin = $(this).find("[name='pin']").val();

        // ...

        $.ajax({
            type: "POST",
            url: "http://www.example.com/pin.php",
            data: {
                pin : pin,
            },
            success: function (response) {
                if (response == "1") {
                    $("#responsecontainer").html(response);

                    window.location.href = "home.html?user=" + user;
                    // Functions
                } else { // Login failed
                    alert("LOGIN FAILED");
                }
            }
        });

        this.reset();

        return false;
    });
});

And here is my PHP code, I know that the code below returns a value of 1. When Ajax is triggered it returns a value that generates a login fail message. Is there a way to see what Ajax is sending, if i swap out the ajax and directly submit the for to the server it also returns a 1 on the php echo.

 $pin = $_GET["pin"];
 $db = new PDO("mysql:host=localhost;dbname=xxxxx;charset=utf8", "xxxx", "xxxx");
 $count = $db->query("SELECT count(1) FROM users WHERE pin='$pin'")->fetchColumn();
 echo $count;

You send ajax request in POST, so you must use `$_POST` instead `$_GET` in your PHP script to be able to retreive request parameters — TiTnOuK, Apr 24 '18 at 21:00
Your code is vulnerable to [SQL injection](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [mysqli](https://secure.php.net/manual/en/mysqli.prepare.php) or [PDO](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [this post](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — , Apr 25 '18 at 07:34

TiTnOuK · Answer 1 · 2018-04-25T08:15:43.150

0

It's recommended to return JSON data as result for an ajax request.

So try this :

Edit: I've updated the php code to make the sql query with PDO prepare() method taking into account @Dominik's commentary

$pin = $_POST['pin'];
$db = new PDO('mysql:host=localhost;dbname=xxxxx;charset=utf8', 'xxxx', 'xxxx');
$stmt = $pdo->prepare('SELECT count(1) FROM users WHERE pin = :pin');
$stmt->execute(array('pin' => $pin));
return json_encode([
  "count" => $stmt->fetchColumn()
]);

And in your ajax success callback :

...
success: function(response) {
  var count = JSON.parse(response).count;
  if (count == "1") {
    $("#responsecontainer").html(response);
    window.location.href = "home.html?user="+ user;
  } else {// Login failed
    alert("LOGIN FAILED");
  }
},
error: function(error) {
  ...
}

Hope it's helps you :)

edited Apr 25 '18 at 08:15

answered Apr 24 '18 at 21:13

TiTnOuK

174
1
9

do i add the var count section instead of the success section in the AJAX – Stan Williams Apr 24 '18 at 21:42
Thanks for the edit, i am getting the issue of unexpected end of input now on the end of the Javascript code, and can not seem to resolve it – Stan Williams Apr 25 '18 at 19:40
You can see this stackoverflow [question](https://stackoverflow.com/questions/3983088/javascript-error-uncaught-syntaxerror-unexpected-end-of-input) to try to resolve your new issue – TiTnOuK Apr 25 '18 at 19:58
thanks that helped, i had searched but hadnt' found that one. When i run the code above i am getting a 500 error for the php? – Stan Williams Apr 25 '18 at 20:20
no, it just returns a 500 error, nothing in console, no error reporting, its weird. – Stan Williams Apr 25 '18 at 21:53

PHP value not being caught by AJAX

1 Answers1