Saving a leaderboard using PHP and C#.

Hello all. I’m trying to save my leaderboard to a MySQL database. I’m using the XAMPP package and am running Apache and MySQL as I type. The php file is located in E:\xampp\htdocs\hunted_vr\scores.php. The database contains one table (score_details) and three columns. player_id (an AI primary key), player_name and player_score.

The scores.php reads:

<?php

 $pn = $_REQUEST['player_name'];
 
 $ps = $_REQUEST['player_score'];
 
 @ $db = new mysqli('localhost', 'root', 'root', 'bot');
			if (mysqli_connect_errno()) {
				echo 'Error: Could not connect to database.  Please try again later.';
				exit;
			}
	$q1 = "INSERT INTO `leaderboard`.`score_details` (`player_id`, `player_name`, `player_score`) VALUES (NULL, '$pn', '$ps');";	

?>

My C# is attached to an empty game object in my scene. It is located in my game folder, which is somewhere in E:\Documents\Hunted_VR\Game Assets\Scripts\

It reads:

using UnityEngine;
using System.Collections;

public class SendScore : MonoBehaviour {

	// Use this for initialization
	void Start () {

        PostScore("Test", 100);
	}

    private void PostScore(string name, int score)
    {
        string url = "localhost/hunted_vr/scores.php";

        WWWForm form = new WWWForm();
        form.AddField("name", name);
        form.AddField("score", score.ToString());
        WWW www = new WWW(url, form);

        StartCoroutine(WaitForRequest(www));
    }
	
    IEnumerator WaitForRequest(WWW www)
    {
        yield return www;
 
    // check for errors
        if (www.error == null)
        {
            Debug.Log("WWW Ok!: " + www.text);
        } 
        else 
        {
            Debug.Log("WWW Error: "+ www.error);
        }
    }  
}

Any and all help appreciated. Currently the game compiles and runs, and my C# check for errors returns ‘WWW Ok!’ but the php and C# do not seem to be communicating together.

Hi,
Did you include the crossdomain.xml file at the root of your server?
Read about it on http://docs.unity3d.com/Manual/SecuritySandbox.html

I think you are missing the Execution of the Query. You created a Query but never executed it.

It’s also worth mentioning, that you should do some more validation on the Data.
use htmlentities or htmlspecialchars to strip away characters that could allow Injection. You should probably also read a few articles about Code Injection in php/MYSQL. Could help you to keep your Database safe. Though Prepared Statements are already a Huge help. And you should really use them. Very important for Security.

<?php
 
  $pn = $_REQUEST['player_name'];
  
  $ps = $_REQUEST['player_score'];
  
  @ $db = new mysqli('localhost', 'root', 'root', 'bot'); // "localhost","my_user","my_password","my_db"
             if (mysqli_connect_errno()) {
                 echo 'Error: Could not connect to database.  Please try again later.';
                 exit;
             }
     $q1 = "INSERT INTO `leaderboard`.`score_details` (`player_id`, `player_name`, `player_score`) VALUES (NULL, '$pn', '$ps')"; // removed the ; inside SQL Command   

     mysqli_query($db, $q1); // Query it using the connection you've made and the Query you've constructed.
 ?>