MQTT data to a mySQL to display data on public website

General
12

Ok, here's a solution I found to inject values into the MySQL DB on the web-hosted server.
I've used the HTTP Request node (POST) that calls in an API key found in a PHP script on the web-hosted server (e.g., URL: http://example.com/weather/post-data.php). Once the API key is verified, the PHP script injects the values into the DB. Not sure if this is a safe way to put values in the DB, but as shown on the screenshot below, it's creating the table. What are your thoughts on this?

Here's what the flow looks like:

Screenshot 2022-03-20 154502
Screenshot 2022-03-20 154502885×101 9.33 KB

Here's the change node setting:

Screenshot 2022-03-20 155605_1
Screenshot 2022-03-20 155605_1527×535 11 KB

The data being injected into the DB:

Screenshot 2022-03-20 160446
Screenshot 2022-03-20 160446974×445 53.5 KB

The PHP script used on the web-hosted server to inject values in the DB looks like this:

<?php

$servername = "localhost";

// REPLACE with your Database name
$dbname = "REPLACE_WITH_YOUR_DATABASE_NAME";
// REPLACE with Database user
$username = "REPLACE_WITH_YOUR_USERNAME";
// REPLACE with Database user password
$password = "REPLACE_WITH_YOUR_PASSWORD";

// Keep this API Key value to be compatible with the ESP32 code provided on the project page. If you change this value, the ESP32 sketch needs to match
$api_key_value = "tPmAT5Ab3j7F9";

$api_key = $value1 = $value2 = $value3 = $value4 = $value5 = $value6 = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $api_key = test_input($_POST["api_key"]);
    if($api_key == $api_key_value) {
        $value1 = test_input($_POST["value1"]);
        $value2 = test_input($_POST["value2"]);
        $value3 = test_input($_POST["value3"]);
        $value4 = test_input($_POST["value4"]);
        $value5 = test_input($_POST["value5"]);
        $value6 = test_input($_POST["value6"]);
        
        // Create connection
        $conn = new mysqli($servername, $username, $password, $dbname);
        // Check connection
        if ($conn->connect_error) {
            die("Connection failed: " . $conn->connect_error);
        } 
        
        $sql = "INSERT INTO Sensor (value1, value2, value3, value4, value5, value6)
        VALUES ('" . $value1 . "', '" . $value2 . "', '" . $value3 . "', '" . $value4 . "', '" . $value5 . "', '" . $value6 . "')";
        
        if ($conn->query($sql) === TRUE) {
            echo "New record created successfully";
        } 
        else {
            echo "Error: " . $sql . "<br>" . $conn->error;
        }
    
        $conn->close();
    }
    else {
        echo "Wrong API Key provided.";
    }

}
else {
    echo "No data posted with HTTP POST.";
}

function test_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}