8 – Connect React/AJAX to custom module

Using AJAX to let the user arbitrarily insert data into your database via a custom PHP script seems like a really bad idea because it opens a backdoor into Drupal by circumventing Drupal’s security.

To do this the “Drupal” way, you can use the JSON:API module in core to handle CRUD operations. This is way too broad a topic to describe in depth here, but Drupalize.me has a good (paid) tutorial.

This allows you to use JSON:API do CRUD on Drupal entities (nodes, media, taxonomy terms, and so on) using the same access permissions as the Drupal website.

To use this approach, you will need to configure the entities within Drupal so that they receive the data correctly when updated via JSON:API.

Instead of using a custom PHP script, I would create a new JSON:API Resource, which lets you do whatever kind of processing you want via a custom JSON:API endpoint. By doing it this way, you get all the data sanitization benefits that are built into Drupal core.