How does this POST request works?

Question

"Send a message as a POST request to a web service. The address must start with “http://”, and may optionally include the port number (default is 80) and the path to a specific web service. The notification message fills the body of the content part of the POSTed message, with no key=value form-style formatting – you just read the input stream directly."

The above is extracted from the Alien UHF RFID F800 manual. The mentioned request is used to send the RFID tags that are scanned by the reader to a web service. The domain name is myrfidtest.com and the path is /insertdb.php. Now the insertdb.php is set up to accept two parameters, for example, id and RFID tag number. So the complete URL is http://myrfidtest.com/insertdb.php?id=21&rfid=2eda1. This data then gets successfully inserted into my database.

Hence I understand how to insert data into the cloud-hosted database using the above URL. However, I do not understand the extract, and what is meant by "you just read the input stream directly"?

In addition, how do I change the insert.php script to accept the tags from the reader?

My insert.php scritp:

<?php
 class data_new
 {
    public $conn='';

    function __construct($id,$rfid)
    {
       $this->storeInDB($id,$rfid);
    }

    function storeInDB($id,$rfid)
    {
       $conn = new mysqli('localhost','user','password','db');
    
       // Check connection
       if ($conn->connect_error) 
       {
          die("Connection failed: " . $conn->connect_error);
       }
    
       $sql = "insert into cloud set id='".$id."', rfid='".$rfid."'";
    
       if ($conn->query($sql) === TRUE) 
       {
           echo "New record created successfully";
       } 

       else 
       {
          echo "Error: " . $sql . "<br>" . $conn->error;
       }
   }
    
 }


 if($_GET['id'] != '' and $_GET['rfid'] != '')
 {
    $data_new = new data_new($_GET['id'],$_GET['rfid']);
 }

?>

score 1 · Accepted Answer · answered Oct 11 '20 at 22:33

1

Normally when you post form data in a HTTP request, you (or your browser) puts the posted data into the body of the HTTP request, and formats it rather like a querystring e.g. field1=value1&field2=value2, so that the server receiving the request can tell the fields apart and know which value belongs to which field. I think the article is saying that in this particular request, the entire body of the request is simply a single field containing the notification data, without any name=value style formatting - because there's only one parameter in the body.

In PHP, posted data normally appears in the $_POST array, with one entry in the array per parameter in the data (so you'd end up with $_POST["field1"], $_POST["field2"], etc. But you can also read the raw input data using:

$postdata = file_get_contents("php://input");

instead. This would be useful in the case mentioned above where the data is just one big stream of text inside the request body, rather than being formatted.

P.S. I can't answer the second part of your question " how do I change the insert.php" because I don't know what script you're referring to, what it does or looks like, or what tags you're talking about. I suggest asking a second, separate question about that as it sounds like a different issue, and giving a clear example of what you mean, within the question text.

answered Oct 11 '20 at 22:33

ADyson

57,178
14
51
63

I have added my insert.php script. Before posting a new question can you first check the script and advise? – David Oct 12 '20 at 09:48
1

Thanks but I still don't know what you mean by "tags" exactly? P.S. That script is horrendously insecure. Are you familiar with what SQL Injection is? – ADyson Oct 12 '20 at 09:53
So by tags, I mean RFID tags. These tags when scanned will show a unique id, such as 145D. On the second point yes I am familiar with SQL injection. I have not done it in the above code because the data I am pushing the DB is just for testing. So I am not bothered if someone wants to steal it. There is no value to this data in terms of privacy. It is just for development. – David Oct 12 '20 at 09:59
1

Ok. And you won't ever be putting this code live? (P.S. It's a good habit to just use parameterised queries etc anyway whenever you write SQL code. It isn't really any more difficult than doing it the insecure way, and it can also help prevent other unexpected issues too.) – ADyson Oct 12 '20 at 10:00
1

Anyway, is this tag data being sent in the HTTP request from the device? It's not clear to me. Are they in the `rfid` parameter? Because it looks like you already know how to save that?? – ADyson Oct 12 '20 at 10:01
Definitely not! This is not meant for commercial purposes. I just want to see how to push the RFID tags data to my cloud. This cloud is also a free hosting service. So I am severly limited with what I can do. Like learning new things! – David Oct 12 '20 at 10:03
Yes, so I am going to connect a wifi dongle to the device (RFID reader). Then I am going to program the reader to connect to the wifi network. When the reader detects any RFID tags it will then send the tag data to the cloud via the POST request mentioned above. So all I have to do is to tell the reader where to "POST" this data to. This is where I am getting confused because if I don't say ?value=1254. Then how to I customize the software. – David Oct 12 '20 at 10:06
"Are they in the rfid parameter?" The request shown above ?id=121&rfid=457d, has nothing to do with the reader post request. I just used to the ?id=121&rfid=457d just to test that the data is actually being sent to the cloud database. I assume that the post request format required for the reader will not be ?id=121&rfid=457d but will not be something else. In addition, I assume I will also need to create a new .php script to accommodate the new parameter/s that will be recieved by the .php script. – David Oct 12 '20 at 10:15
1

_"I assume that the post request format required for the reader will not be"_ ...doesn't the manual for the device tell you what format it will send? I had assumed that the example you were giving was based on what you were expecting already. I can't tell you what your specific device will do. – ADyson Oct 12 '20 at 10:17
doesn't the manual for the device tell you what format it will send? yes it does in a way. However I do not understand how to implement it (just started learning this last week). All I know is how to insert data into the database using the field1=value1&field2=value2. But in the manual it says "with no key=value form-style formatting". So I am confused because if there is now key=value format then how is the data going to be captured on the database. Will my post just be: http://myrfidtest.com/insert_new.php?"3432\n5432\n4324\n" and how do I create a new.php to read this new data – David Oct 12 '20 at 10:26
"3432\n5432\n4324\n" that is how the string looks like of the RFID tags scanned. – David Oct 12 '20 at 10:27
1

Well, I must say it isn't 100% clear (at least not from the snippet you've quoted anyway - is there any more context in the manual at all?) but it seems to be implying that this data will be in the body of the request, unformatted. So in PHP you'd obtain it as a single string using the `$postdata = file_get_contents("php://input");` code I posted above. Have you tried that? Is that what is producing the `"3432\n5432\n4324\n"` string you've just mentioned? – ADyson Oct 12 '20 at 10:33
1

If that's the case then your URL would just be `http://myrfidtest.com/insert_new.php`. No querystring parameters would be needed, because the data would be in body of the request, not the querystring. (I assume, from the description, that the device will automatically generate the correct request and then post it to the URL you configure). – ADyson Oct 12 '20 at 10:35
1

YES. I think I am now starting to understand this! So basically I cannot just insert the data stored in $postdata into the database because it will just be nonsense that. So I need to write a bit more code that extracts each RFID tag number then push that to the database. Otherwise, the entire row of the database will just be "3432\n5432\n4324\n". Let me go and do more testing but I think I know the just of how to proceed! Thank you. – David Oct 12 '20 at 10:39
1

Also this makes your answer even more correct, now that I understand what you meant. – David Oct 12 '20 at 10:40
1

yes it looks like you could split the string into a list of individual values, using the newline characters (`\n`) as the separator (in PHP, the [explode function](https://www.php.net/manual/en/function.explode.php) makes this easy). And then you can just loop through the list and insert each one into the DB in a separate row. – ADyson Oct 12 '20 at 10:43
1

Demo of splitting the string: http://sandbox.onlinephpfunctions.com/code/34285d88838a75462fab29502b208d8e48a3c427 – ADyson Oct 12 '20 at 10:46
1

Ok. So are you happy with how to do it in PHP as well, now? Sorry I wasn't sure how a C# program was relevant to any of this. – ADyson Oct 12 '20 at 10:54
I think so. I need to do some testing on my side. The echo function will assist me to debug my code. So this will help me see where I am going wrong. The link you provided me with also has examples that will help. Is there any way of contacting you should I require assistance besides posting a comment? – David Oct 12 '20 at 10:59
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/222907/discussion-between-adyson-and-david). – ADyson Oct 12 '20 at 11:04

How does this POST request works?

1 Answers1