Unity Android Project how to implement server-side to write/read from mysql external db

Hi,
I start from this documentation http://wiki.unity3d.com/index.php?title=Server_Side_Highscores
about creating a server side with Php/mySQL that make possible to write and read data from mySql with Unity project (Android).

I can read data from mysql but I can’t write…in this days I’m around this problem…
My big doubt is about the md5sum check …that onestly I really don’t totally understand…
So if anyone have a solution about that please answwer!! :slight_smile:

Server-side PhpMysql
php file:

<?php 
        $db = mysql_connect('mysql_host', 'mysql_user', 'mysql_password') or die('Could not connect: ' . mysql_error()); 
        mysql_select_db('my_database') or die('Could not select database');
 
        // Strings must be escaped to prevent SQL injection attack. 
        $latitude = mysql_real_escape_string($_GET['Latitude'], $db); 
        $longitude = mysql_real_escape_string($_GET['Longitude'], $db);
        $altitude = mysql_real_escape_string($_GET['Altitude'], $db);
        $desc = mysql_real_escape_string($_GET['Desc'], $db); 
        $hash = $_GET['hash']; 
 
        $secretKey="mySecretKey"; # Change this value to match the value stored in the client javascript below 

        $real_hash = md5($latitude . $longitude . $altitude . $desc . $secretKey); 
        if($real_hash == $hash) { 
            // Send variables for the MySQL database class. 
            $query = "insert into geoLog values (NULL, '$latitude', '$longitude', '$altitude', '$desc');"; 
            $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
        } 
?>

Unity C# code
That’s the method that I call to write on mysql:

using UnityEngine;
using UnityEngine.UI;
using System.Collections;
using UnityEngine.EventSystems;

public class HSController : MonoBehaviour
{
	private string secretKey = "mySecretKey"; // Edit this value and make sure it's the same as the one stored on the server
	public string addSqlURL = "http://www.myserver.com/unity_test/add2sql.php?"; //be sure to add a ? to your url

	//UI VARS

	public Button sendBtn;


	void Start()
	{


		//BUTTON ACTION
		sendBtn.onClick.AddListener(() => { Runset();  });



	}
	
	void loadResult(){

	}
	void Runset(){

		StartCoroutine(PostScores("41.12564","12.01564","0","mydesc come va"));

		}


	
	// remember to use StartCoroutine when calling this function!
	IEnumerator PostScores(float latitude, float longitude , float altitude , string desc)
	{
		//This connects to a server side php script that will add the name and score to a MySQL DB.
		// Supply it with a string representing the players name and the players score.
		string hash = MD5Test.Md5Sum(latitude + longitude + altitude + desc + secretKey);
		
		string post_url = addSqlURL + "latitude=" + latitude + "&longitude=" + longitude + "&altitude=" + altitude + "&desc="+WWW.EscapeURL(desc)+ "&hash=" + hash;
		Debug.LogWarning (post_url); 
		
		// Post the URL to the site and create a download object to get the result.
		WWW hs_post = new WWW(post_url);
		yield return hs_post; // Wait until the download is done

		
		if (hs_post.error != null)
		{
			print("There was an error posting to the SQL: " + hs_post.error);
		}
	}

	
}

That is the md5 class that I call on the previous method:

using UnityEngine;
using System.Collections;

public class MD5Test : MonoBehaviour {

// Use this for initialization
public static string Md5Sum(string strToEncrypt)
{
	System.Text.UTF8Encoding ue = new System.Text.UTF8Encoding();
	byte[] bytes = ue.GetBytes(strToEncrypt);
	
	// encrypt bytes
	System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
	byte[] hashBytes = md5.ComputeHash(bytes);
	
	// Convert the encrypted bytes back to a string (base 16)
	string hashString = "";
	
	for (int i = 0; i < hashBytes.Length; i++)
	{
		hashString += System.Convert.ToString(hashBytes*, 16).PadLeft(2, '0');*
  •   }*
    
  •   return hashString.PadLeft(32, '0');*
    
  • }*
    }

I solved!

was an error on the query and in some syntax variables on the php server-side.

<?php 
        $db = mysql_connect('myHost', 'myuser', 'mypassword') or die('Could not connect: ' . mysql_error()); 
        mysql_select_db('mydbname') or die('Could not select database');
 
        // Strings must be escaped to prevent SQL injection attack. 
        $latitude = mysql_real_escape_string($_GET['latitude'], $db); 
        $longitude = mysql_real_escape_string($_GET['longitude'], $db); 
		$altitude = mysql_real_escape_string($_GET['altitude'], $db);
		$desc =  mysql_real_escape_string($_GET['desc'], $db); 
        $hash = $_GET['hash']; 
 
        $secretKey="mySecretKey"; # Change this value to match the value stored in the client javascript below 

       $real_hash = md5($latitude . $longitude . $altitude . $desc . $secretKey); 
        if($real_hash == $hash) { 
            // Send variables for the MySQL database class. 
            $query = "INSERT INTO `geoLog` (`id`, `Latitude`, `Longitude`, `Altitude`, `Desc`) VALUES (NULL,'$latitude', '$longitude' , '$altitude', '$desc');"; 
            $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
        } 
		else{
			die('HASH ERROR'); 
			 }
?>