Everything works fine with following program, except AJAX error fires:
javascript:
var data = {
email: 'me@gmail.com',
password: 'secretword'
};
$.ajax({
type: "POST",
dataType: "application/json",
url: "http://localhost/CFBserver/validateUser.php",
data: data,
success: function (response) {
console.log(response.responseText);
},
error: function (response) {
console.log(response.responseText);
}
});
}
php:
<?php
$conn = mysqli_connect('localhost', 'root', '', 'cfbdata');
if (mysqli_connect_errno($conn)) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$sql = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
if (!mysqli_query($conn, $sql)) {
die('Error: ' . mysqli_error($conn));
}
$result = mysqli_query($conn, $sql);
$numrows = mysqli_num_rows($result);
if ($numrows > 0) {
$message = array('result' => 'found',
'email' => $email,
'password' => $password,
);
} else {
$message = array('result' => 'Not found',
'email' => $email,
'password' => $password,
);
}
header('Content-type: application/json');
echo json_encode($message);
mysqli_close($conn);
?>
This is what console displays:
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
{"result":"found","email":"me@gmail.com","password":"secretword"}
</body>
</html>
So php finds the record in the mysql database but on return to AJAX, error fires. Why is this?
Your AJAX is expecting a JSON response, but is getting HTML. That's why the request returns status code 200 (= OK), but your JS won't work.
PHP's json_encode doesn't add HTML by itself, so you're probably outputting to a template (or you've wrapped your PHP in HTML).
As others have also mentioned, you're open to SQL injection. There is also no way to be sure your error method is firing, since both your AJAX' error and success do the same thing.