Mysql cannot Update my Saved Game Account? NEED HELP! (been stuck for months)

Archived Forums Questions & Answers
1

this has stumped the development of my game for months, looked around on forums and haven’t been able to get help. for some reason I cannot Update my MYSQL Database when i try to unlock a ship in unity. No Errors in the debug of unity everything appears to work fine but nothin changes in my Database.

(use the same MYSQL query for my other scripts jus chance it to gold -X or Res - X)

PHP:

<?

	require_once("./inc/phpsql_dbinfo.php");

	// Create connection
	$mysqli = new mysqli($server, $serverUser, $serverPass, $database);
	if ($mysqli->connect_error) {
	    die('Connect Error ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
	}

$Username = $_POST['user'];
$quary = ("UPDATE tbl_user SET Item03 = '+1' WHERE txtUsername = $Username");
    
    $result = $mysqli->query($query);  //    <<=== THIS IS WHAT YOU ARE MISSING

    // Create response array
    $response = array();
    $mysqli->close();



	echo json_encode($response);

?>

C#:

using UnityEngine;
using System.Collections;
using UnityEngine.UI;

public class UnlockButton : MonoBehaviour {

	public GameObject Settings;
	public Text Username;
	public string UnlockShipURL = "";
	public string UnlockGOLDURL = "";
	public string UnlockRESURL;

	//Unlock 03------------------------------------------------------
	private string Unlock03 = "http://mysite.club/unlock03.php";
	private string Unlock03Gold = "http://mysite.club/unlock03gold.php";

	//Unlock 04------------------------------------------------------
	private string Unlock04 = "http://mysite.club/unlock04.php";
	private string Unlock04Gold = "http://mysite.club/unlock04gold.php";

	//Unlock 05------------------------------------------------------
	private string Unlock05 = "http://mysite.club/unlock05gold.php";
	private string Unlock05Gold = "http://mysite.club/unlock05gold.php";



	//Unlock 06------------------------------------------------------
	private string Unlock06 ="http://mysite.club/unlock06.php";
	private string Unlock06Gold = "http://mysite.club/unlock06gold.php";
	private string Unlock06RES = "http://mysite.club/unlock06res.php";



	//Unlock 001------------------------------------------------------
	private string Unlock001 = "http://mysite.club/unlock001.php";
	private string Unlock001Gold = "http://mysite.club/unlock001gold.php";
	private string Unlock001RES = "http://mysite.club/unlock001res.php";


	//Unlock 002------------------------------------------------------
	private string Unlock002 = "http://mysite.club/unlock002.php";
	private string Unlock002Gold = "http://mysite.club/unlock002gold.php";
	private string Unlock002RES = "http://mysite.club/unlock002res.php";





	//Unlock 0001------------------------------------------------------
	private string Unlock0001 =  "http://mysite.club/unlock0001.php";
	private string Unlock0001Gold = "http://mysite.club/unlock0001gold.php";
	private string Unlock0001RES = "http://mysite.club/unlock0001res.php";

	//Unlock 0002------------------------------------------------------
	private string Unlock0002 = "http://mysite.club/unlock0002.php";
	private string Unlock0002Gold =  "http://mysite.club/unlock0002gold.php";
	private string Unlock0002RES =  "http://mysite.club/unlock0002res.php";




	//Unlock 00001------------------------------------------------------
	private string Unlock00001 = "http://mysite.club/unlock00001.php";
	private string Unlock00001Gold = "http://mysite.club/unlock00001gold.php";
	private string Unlock00001RES = "http://mysite.club/unlock00001res.php";




	//Unlock 00002------------------------------------------------------
	private string Unlock00002 = "http://mysite.club/unlock00002.php";
	private string Unlock00002Gold = "http://mysite.club/unlock00002gold.php";
	private string Unlock00002RES = "http://mysite.club/unlock00002res.php";




	//Unlock 000001------------------------------------------------------
	private string Unlock000001 =  "http://mysite.club/unlock000001.php";
	private string Unlock000001Gold = "http://mysite.club/unlock000001gold.php";
	private string Unlock000001RES = "http://mysite.club/unlock000001res.php";

	//Unlock 000002------------------------------------------------------
	private string Unlock000002 =  "http://mysite.club/unlock000002.php";
	private string Unlock000002Gold = "http://mysite.club/unlock000002gold.php";
	private string Unlock000002RES = "http://mysite.club/unlock000002res.php";

	public string user;

	public int shipnumber;
	public int CostSG;
	public int CostRS;
	public int CostLVL;
	public int RequiredSG;
	public int RequiredRS;
	public int RequiredLVL;

	public bool Small;
	public bool Medium;
	public bool Heavy;
	public bool Capital;
	public bool Science;

	public GameObject NotEnogh;
	public GameObject ShipUnlocked;
	public RefreshAccount Refresh;
	public UserSettingsEAO SettingsSC;

	public void LateUpdate (){
		user = Username.text.ToString();
	}

	public void Unlock (){

		SettingsSC = Settings.gameObject.GetComponent<UserSettingsEAO> ();
		Refresh = Settings.gameObject.GetComponent<RefreshAccount> ();

		user = Username.text.ToString();


		//------------------------------------------------------
		if (Small == true) {

			if (shipnumber == 3) {
				UnlockShipURL = Unlock03;
				UnlockGOLDURL = Unlock03Gold;
				UnlockRESURL = null;
			}

			if (shipnumber == 4) {
				UnlockShipURL = Unlock04;
				UnlockGOLDURL = Unlock04Gold;
				UnlockRESURL = null;
			}

			if (shipnumber == 5) {
				UnlockShipURL = Unlock05;
				UnlockGOLDURL = Unlock05Gold;
				UnlockRESURL = null;
			}

		}

		//------------------------------------------------------

		if (Medium == true) {

			if (shipnumber == 1) {
				UnlockShipURL = Unlock001;
				UnlockGOLDURL = Unlock001Gold;
				UnlockRESURL = Unlock001RES;
			}

			if (shipnumber == 2) {
				UnlockShipURL = Unlock002;
				UnlockGOLDURL = Unlock002Gold;
				UnlockRESURL = Unlock002RES;
			}
		}

		//------------------------------------------------------

		if (Heavy == true) {

			if (shipnumber == 1) {
				UnlockShipURL = Unlock0001;
				UnlockGOLDURL = Unlock0001Gold;
				UnlockRESURL = Unlock0001RES;
			}

			if (shipnumber == 2) {
				UnlockShipURL = Unlock0002;
				UnlockGOLDURL = Unlock0002Gold;
				UnlockRESURL = Unlock0002RES;
			}
		}

		//------------------------------------------------------

		if (Capital == true) {

			if (shipnumber == 1) {
				UnlockShipURL = Unlock00001;
				UnlockGOLDURL = Unlock00001Gold;
				UnlockRESURL = Unlock00001RES;
			}

			if (shipnumber == 2) {
				UnlockShipURL = Unlock00002;
				UnlockGOLDURL = Unlock00002Gold;
				UnlockRESURL = Unlock00002RES;
			}
		}

		//------------------------------------------------------

		if (Science == true) {

			if (shipnumber == 1) {
				UnlockShipURL = Unlock000001;
				UnlockGOLDURL = Unlock000001Gold;
				UnlockRESURL = Unlock000001RES;
			}

			if (shipnumber == 2) {
				UnlockShipURL = Unlock000002;
				UnlockGOLDURL = Unlock000002Gold;
				UnlockRESURL =	Unlock000002RES;
			}
		}

		//------------------------------------------------------








			if (CostSG >= RequiredSG && CostRS >= RequiredRS && CostLVL >= RequiredLVL) {
				StartCoroutine (UnlockShip (user));
				StartCoroutine (UnlockShipGold (user));
				StartCoroutine (UnlockShipRES (user));

			} else {
				NotEnogh.SetActive (true);
			}
			}
			







	IEnumerator UnlockShip(string user) {
		WWW wwwUnlock = new WWW (UnlockShipURL + "?user=" + user);
		yield return wwwUnlock;
		if (wwwUnlock.error == null) {
			Debug.Log ("Ship Unlocked" + wwwUnlock.text); // show me the echo
			ShipUnlocked.SetActive(true);

		} else {
			Debug.Log ("Error" + wwwUnlock.text); // show me the echo
		}
	}



	IEnumerator UnlockShipGold(string user) {
		WWW wwwUnlockGOLD = new WWW (UnlockGOLDURL + "?user=" + user);
		yield return wwwUnlockGOLD;
		if (wwwUnlockGOLD.error == null) {
			Debug.Log ("Ship Unlocked" + wwwUnlockGOLD.text); // show me the echo
			ShipUnlocked.SetActive(true);

		} else {
			Debug.Log ("Error" + wwwUnlockGOLD.text); // show me the echo
		}
	}



	IEnumerator UnlockShipRES(string user) {
		WWW wwwUnlockRES = new WWW (UnlockRESURL + "?user=" + user);
		yield return wwwUnlockRES;
		if (wwwUnlockRES.error == null) {
			Debug.Log ("Ship Unlocked" + wwwUnlockRES.text); // show me the echo
			ShipUnlocked.SetActive(true);

		} else {
			Debug.Log ("Error" + wwwUnlockRES.text); // show me the echo
		}
	}

}
2

You have a typo in your PHP file “$quary” is not the same as “$query”.

Apart from that you echo an empty array encoded as json. So the result will always be

[]

Also you don’t seem to check what is actually returned. This seems like something unfinished at a very early state.

Also your approach is extremely dangerous. First of all everybody can simply invoke that URL in a browser or “HTTP requester” and unlock things for any username.

Second you have no input validation whatsoever. You know i can request your URL with the username

"dummy; drop table tbl_user"

And your table will be gone for good. Hopefully those are just a few offline tests. If you plan to use code like this you’re server will be taken over within the first hour ^^.

Even if PHP only allows a single query per request, one could still send:

"dummy or '1' == '1'"

which would “unlock” that item for everyone in the database. Also “probing” with sub selects is also possible.

You should look up SQL injection, badly.

3

looks like this will neb stuck in development hell forever