Looking for an example of PHP Using mySQL Update command during game runtime. I been trying all night to get it working. I have Log-In and registration working fine. Thanks to some examples on this forum.
But their must be 9 different ways to write a php page that updates a mySQL data bases and I can’t get any of them working. :). I’m trying to use the players name and password to determine that the correct data is updated.
Thanxs
If you save the user’s ID (if you have a UserID coloumn) you could use that instead of name and password to keep track of the user and then update where UserID = $user , ect.
The Main Reason I’m not using the user ID is there are going to be a multitude of tables by the time we are done. You have no guarantee that if 50 people register at the same time that all of their Table user Id’s will match.
Also “UPDATE” and “Where” seem to be fairly common mySQL commands.
But I find it strange out of 17 Unity tutorials I found, Not a single one covers using the UPDATE command in your PHP file for your Unity game.
Last but not least I just switched to a Windows Server using IIS7 and there does seem to be multiple issues on Google about using form variables in mySQL commands in PHP.
I finally muddled through it and figured out the proper Syntax. PHP is not very forgiving to horrible typist like myself. 
Here is an example PHP function that updates an mySQL database:
function PutAbilitiez()
{
$gameName = $_POST[ 'gameName' ];
$playerPassword = $_POST[ 'playerPassword' ];
$sex = $_POST[ 'sex' ];
$bodyType = $_POST[ 'bodyType' ];
$skinType = $_POST[ 'skinType' ];
$firstName = $_POST[ 'firstName' ];
$lastName = $_POST[ 'lastName' ];
$age = $_POST[ 'age' ];
$playerEmail = $_POST[ 'playerEmail' ];
////////////////////////////////////////////////////////////////////////////
//
// ABILITY SCORES
//
////////////////////////////////////////////////////////////////////////////
$strength = $_POST[ 'strength' ];
$strengthMax = $_POST[ 'strengthMax' ];
$agility = $_POST[ 'agility' ];
$agilityMax = $_POST[ 'agilityMax' ];
$dexterity = $_POST[ 'dexterity' ];
$dexterityMax = $_POST[ 'dexterityMax' ];
$stamina = $_POST[ 'stamina' ];
$staminaMax = $_POST[ 'staminaMax' ];
$health = $_POST[ 'health' ];
$healthMax = $_POST[ 'healthMax' ];
$intelligence = $_POST[ 'intelligence' ];
$intelligenceMax = $_POST[ 'intelligenceMax' ];
$comprehension = $_POST[ 'comprehension' ];
$comprehensionMax = $_POST[ 'comprehensionMax' ];
$psyche = $_POST[ 'psyche' ];
$psycheMax = $_POST[ 'psycheMax' ];
$mana = $_POST[ 'mana' ];
$manaMax = $_POST[ 'manaMax' ];
$lastPosX = $_POST[ 'lastPosX' ];
$lastPosY = $_POST[ 'lastPosY' ];
$lastPosZ = $_POST[ 'lastPosZ' ];
////////////////////////////////////////////////
$anchorHead = $_POST[ 'anchorHead' ];
$anchorLeftHand = $_POST[ 'anchorLeftHand' ];
$anchorRightHand = $_POST[ 'anchorRightHand' ];
$anchorChest = $_POST[ 'anchorChest' ];
$anchorPelvis = $_POST[ 'anchorPelvis' ];
$anchorRightBicep = $_POST[ 'anchorRightBicep' ];
$anchorRightForeArm = $_POST[ 'anchorRightForeArm' ];
$anchorRightWrist = $_POST[ 'anchorRightWrist' ];
$anchorLeftBicep = $_POST[ 'anchorLeftBicep' ];
$anchorLeftForeArm = $_POST[ 'anchorLeftForeArm' ];
$anchorLeftWrist = $_POST[ 'anchorLeftWrist' ];
$anchorRightThigh = $_POST[ 'anchorRightThigh' ];
$anchorRightCalf = $_POST[ 'anchorRightCalf' ];
$anchorRightAnkle = $_POST[ 'anchorRightAnkle' ];
$anchorLeftThigh = $_POST[ 'anchorLeftThigh' ];
$anchorLeftCalf = $_POST[ 'anchorLeftCalf' ];
$anchorLeftAnkle = $_POST[ 'anchorLeftAnkle' ];
$defaultHair = $_POST[ 'defaultHair' ];
////////////////////////////////////////////////
$XPstrength = $_POST[ 'XPstrength' ];
$XPagility = $_POST[ 'XPagility' ];
$XPdexterity = $_POST[ 'XPdexterity' ];
$XPstamina = $_POST[ 'XPstamina' ];
$XPhealth = $_POST[ 'XPhealth' ];
$XPintelligence = $_POST[ 'XPintelligence' ];
$XPcomprehension = $_POST[ 'XPcomprehension' ];
$XPpsyche = $_POST[ 'XPpsyche' ];
$XPmana = $_POST[ 'XPmana' ];
////////////////////////////////////////////////
$hitPoints = $_POST[ 'hitPoints' ];
$hitPointsMax = $_POST[ 'hitPointsMax' ];
$basePhyAtk = $_POST[ 'basePhyAtk' ];
$basePhyDef = $_POST[ 'basePhyDef' ];
$baseShotAtk = $_POST[ 'baseShotAtk' ];
$baseMenAtk = $_POST[ 'baseMenAtk' ];
$baseMenDef = $_POST[ 'baseMenDef' ];
$speedMod = $_POST[ 'speedMod' ];
////////////////////////////////////////////////////////////////////////////
// The DATABASE NAME is fw
// $SQL = "SELECT * FROM players WHERE gameName = ' " . $gameName . " ' AND playerPassword = ' " . $playerPassword . " ';";
// mysql_query( $SQL ) or die( mysql_error() );
$query = "UPDATE players SET strength = '" . $strength . "', strengthMax = '" . $strengthMax . "',
agility = '" . $agility . "', agilityMax = '" . $agilityMax . "',
dexterity = '" . $dexterity . "', dexterityMax = '" . $dexterityMax . "',
stamina = '" . $stamina . "', staminaMax = '" . $staminaMax . "',
health = '" . $health . "', healthMax = '" . $healthMax . "',
intelligence = '" . $intelligence . "', intelligenceMax = '" . $intelligenceMax . "',
comprehension = '" . $comprehension . "', comprehensionMax = '" . $comprehensionMax . "',
psyche = '" . $psyche . "', psycheMax = '" . $psycheMax . "',
mana = '" . $mana . "', manaMax = '" . $manaMax . "',
lastPosX = '" . $lastPosX . "', lastPosY = '" . $lastPosY . "',
lastPosZ = '" . $lastPosZ . "', anchorHead = '" . $anchorHead . "',
anchorLeftHand = '" . $anchorLeftHand . "', anchorRightHand = '" . $anchorRightHand . "',
anchorChest = '" . $anchorChest . "', anchorPelvis = '" . $anchorPelvis . "',
anchorRightBicep = '" . $anchorRightBicep . "', anchorRightForeArm = '" . $anchorRightForeArm . "',
anchorRightWrist = '" . $anchorRightWrist . "', anchorLeftBicep = '" . $anchorLeftBicep . "',
anchorLeftForeArm = '" . $anchorLeftForeArm . "', anchorLeftWrist = '" . $anchorLeftWrist . "',
anchorRightThigh = '" . $anchorRightThigh . "', anchorRightCalf = '" . $anchorRightCalf . "',
anchorRightAnkle = '" . $anchorRightAnkle . "', anchorLeftThigh = '" . $anchorLeftThigh . "',
anchorLeftCalf = '" . $anchorLeftCalf . "', anchorLeftAnkle = '" . $anchorLeftAnkle . "',
defaultHair = '" . $defaultHair . "', XPstrength = '" . $XPstrength . "',
XPagility = '" . $XPagility . "', XPdexterity = '" . $XPdexterity . "',
XPstamina = '" . $XPstamina . "', XPhealth = '" . $XPhealth . "',
XPintelligence = '" . $XPintelligence . "', XPcomprehension = '" . $XPcomprehension . "',
XPpsyche = '" . $XPpsyche . "', XPmana = '" . $XPmana . "',
hitPoints = '" . $hitPoints . "', hitPointsMax = '" . $hitPointsMax . "',
basePhyAtk = '" . $basePhyAtk . "', basePhyDef = '" . $basePhyDef . "',
baseShotAtk = '" . $baseShotAtk . "', baseMenAtk = '" . $baseMenAtk . "',
baseMenDef = '" . $baseMenDef . "', speedMod = '" . $speedMod . "'
WHERE gameName = '" . $gameName . "' AND playerPassword = '" . $playerPassword . "'";
mysql_query( $query ) or die( mysql_error() );
}
If you use auto increment then they will not match.
Your PHP example is full of SQL injection holes. At the ‘very least’ you should be casting(cleansing) the variables into their correct expected datatypes.
Actually I’m eager to learn everything I can do to prevent security leaks. Any chance you can show us AbsoluteBreeze?
Well your passing variables directly into your sql - without even checking that they are what they say they are.
If your variable is expecting to be a float then cast it as such…
$lastPosX = (float) $_POST[ 'lastPosX' ];
$lastPosY = (float) $_POST[ 'lastPosY' ];
$lastPosZ = (float) $_POST[ 'lastPosZ' ];
If its text such as
$gameName = $_POST[ 'gameName' ];
Then you should make sure that only alphabetic characters are used and no apotrophes etc.
A function like this is minimal (Its untested - and not perfect)
function Wash($str) {
$str = @trim(stripslashes($str));
return mysql_real_escape_string($str);
}
could be called like $gameName = Wash($gameName);
Also using regular expressions to make sure things are formatted correctly (email addresses etc).
Its a whole subject and well worth spending a few days researching 
Thanxs that’s an excellent start. The Log-In code I used is a modified one from this forum :
http://forum.unity3d.com/threads/24721-Tutorial-Unity-and-PHP-login-script-simple-but-useful
I think it had some security which I am planning to port to the other PHP files.
I think the main rule with php (or any web app) is not to trust anything and check everything is exactly what it says it is.
Since you know a Lot more about this then I do, What do you think of the " anti_injection_login " function in the link I provided above? I was curious how secure it actually was. To be honest I’m not even sure all that it does. PHP is very new to me.
Its ok, and will do the job, I suspect there are much better scripts/functions online. Its definitely a good step forward for you though.
I’d also not use MD5 for passwords - and instead choose SHA1.
Why SHA1 ??
Because md5 is insecure. If any one managed to expose your data (through sql injection) then all you’re users passwords would be crackable by using the rainbow tables.
Thank you you have saved me a lot of time.
I can’t seem to find Unity code for SHA1 do you have a link? Looking for Java script and C# if possible.
I’ve only used it for PHP apps (I develop finance apps in my day job), but this should do it…
http://www.kindblad.com/2009/03/24/how-to-generate-the-sha-1-hash-of-a-string-using-c/
So, you store the encrypted hash as a password in your database, then when a user typesa password into your game, the web player encrypts the newly typed password with the hash and then compares it against the stored hash in your db.
Thanks Again.
Seems I might be out of luck as far as a java script version. Found a few online but they all give errors in Unity Editor.
Well I’m currently working on a leader board management system, I wasn’t intending on having it store passwords - but if I get time I’ll put some effort into a SHA1 routine (js) and give you a shout.
Probably wont be for a couple of weeks though.
That would be great !!! Because it would be near impossible for me to port it myself.
Well no promises - but I’ll take a shot at it