Drupal 6 parse incoming POST data

Question

I have an Excel file that I need to send data from to my Drupal MySql database. To do that, I am using an HTTP POST from within the VBA of my Excel sheet as follows:

Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
        URL = "http://localhost:8082/acquia-drupal/node/2"
        objHTTP.Open "POST", URL, False
        objHTTP.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
        objHTTP.send ("string=testdata")

I want to use a Drupal page that will parse out the POST data and write it to a table in the Drupal MySql database.

Here is what I have started with,

<?php
if (isset($_POST['string']))
{
  $trans = $_POST['string'];
  db_query("INSERT INTO {excel} (ExcelData) VALUES (%d')",
  $trans);
}

Is this the right direction to go in? Also, could someone provide some code snippet guidance on parsing out the POST data correctly?

Answer 1

At the moment, it looks as if you're simply writing this code in a page with PHP filter on.

If this is indeed the case, that's not a good idea. At the very least, write a custom module, perhaps with some POST-parsing code in a hook_view (or just a simple custom function), and with a hook_menu to set the page address.

As for POST parsing, it's a PHP key=>value array... I haven't found a Drupal-ish way to use it, and some popular modules certainly use it as-is.

Answer 2

Processing incoming $_POST data the way you're outlining is a bit like hand-rolling your own web service. It's not a bad thing, necessarily, and sometimes it's the best way to get things talking to each other.

I'd STRONGLY emphasize that you're responsible for your own security, data scrubbing, and SQL injection protection if you use code like that in the snippet you posted, though.

Also, as noted in Eli's comment, it appears that you might be putting this into a node. That's a relatively dangerous way to do it, since anyone could easily pop that node open and start firehosing $_POST data into your database. Creating a module, using hook_menu() to define a url path for your import code, and putting some access control restrictions on that particular url will make things a bit safer.