Can this AJAX + PHP code be improved in terms of security, performance, etc.?

I would like to know if this code follows the practices and standards recommended for AJAX / PHP calls.

ajax.js:

getTableData () function
const xmlhttp = new XMLHttpRequest ();
xmlhttp.onreadystatechange = function () {
if (this.readyState === 4 && this.status === 200) {
document.querySelector (# test-table tbody #); innerHTML = this.responseText;
}
}
xmlhttp.open ("GET", "ajax.php", true);
xmlhttp.send ();
}

$ (document) .ready (function () {
getTableData ();
});

ajax.php:

<? php
$ data = prepareDataForTable ();
$ data_length = count ($ data);
$ columns = 4;

for ($ row = 0; $ row <$ data_length; $ row + = $ columns) {
echo & # 39;& # 39 ;;
for ($ col = 0; $ col <$ columns && ($ col + $ row) <$ length_data; $ col ++) {
echo & # 39;& # 39 ;. $ data[$col + $row] . & # 39;& # 39 ;;
}
echo & # 39;& # 39 ;;
}
?>

ajax.html:

I especially want to know if there is a good way to return information to the client – by running loops and returning an output.