I was reading about SQL for Unity and ran across this phrase:
Since it’s using a local file for the database, it is NOT possible to use it for Web Player applications
While breathing hysterically I have come across someone who said:
also you would never access a regular webhosted database (oracle, mssql, mysql) this way as you do not want to make wildcard remote accounts for users to directly connect and hack in no time due to the login details being sent over to by them and stored in the client.
You would instead use client ↔ php / asp ↔ database
Is it true or are there any recent changes that allow me to use SQL directly in Mono from a web player?
The reason I need a database is mainly UserID and easy variable updating (like urls, coordinates and points and stuff).
Thanks!
I just want to clarify some points:
- In this question i suggested to use SQLite for standalone builds since it doesn’t require the user to install a database server. SQLite is an embedded SQL system which doesn’t have a client-server structure. It works on database-files but allows you to use SQL to read / write data. Because SQLite works with local files it can’t be used in the Webplayer due to security restrictions.
- If you want to create a webbuild you usually host your game on a webserver. In this case it’s the easiest to use php & Mysql on the webserver.
- Usually you NEVER allow direct access to a database server from the internet. Unity builds can easily be decompiled and therefore your username / password aren’t safe. Everybody can manipulate your whole database. That’s why you usually allow only local access to the database and let PHP verify and perform the SQL stuff on the server.
I guess you could use any 100% managed SQL connector even from the webplayer, but you have to think about the crossdomain.xml to actually allow the socket connection. But, as already said, everybody can read your access data if you direct connect to a database.
Unity can not directly access databases (at least not without additional assemblies) but it CAN access web-pages using the System.Net classes and it’s own WWW classes.
So why not make PHP/ASP or other similar web pages that interact with your web-server? That way you could then access pages that take data from and to your database.
Even better, you don’t expose the database to the world - it’s safely behind your web pages so you can validate and sanity check the incoming data.
Posting my code for others to reference:
function checkPassword(){
//set the WWWForm to send to the PHP page
var sendLoginInfo : WWWForm = new WWWForm();
sendLoginInfo.AddField("Username",Username);
sendLoginInfo.AddField("Password",Password);
//send the WWWForm via WWW
var getdata : WWW = new WWW("www.saxum.co/Citta/DataBase/GetUserInfo.php",sendLoginInfo);
yield getdata; //Wait for the data to return
canLogin=getdata.text; //Check if the data contains the TRUE flag
//if TRUE >> Load level
if(canLogin=="true") {
Application.LoadLevel("citta loading");
login=true;
}
}
and the PHP code:
<?php
$con = mysql_connect("host","username","password");
if (!$con){
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dbname", $con);
$insertedUsername=$_REQUEST['Username'];
$insertedPassword=$_REQUEST['Password'];
$sqlCheckPassword="SELECT Password FROM Users WHERE Username = '$Username'";
$query=mysql_query($sqlCheckPassword,$con);
if (!$query){
die('Error: ' . mysql_error());
}
$Password=mysql_fetch_row($query);
if ($insertedPassword==$Password[0]){
echo "true";
}
mysql_close($con);
?>