I need to know if is possible consultation in mysql data base using only unity script in C#?
I already did this consultation an turn, using unity4 and SQLServer, i put here script, an IP, an username, an password and data base name, and i not forget to get an dll “system.data” to using how library, and finaly i got this consultation.
But now, I try to consultation in another data base, in mySQL, and i not know if is possible, and how i get it ?
please help me.
PS1:I dont like the ideia it, for comunication with database Mysql, i need another script in another language of programation for get information in data base. I say this why, i read arround it, for got it, is necessary that an scrit in another language(for example PHP), whose function, is consultation in data base, to communicate to script C# in unity for works.
PS2: i’m brazilian, and my english is not one of the best, please try understand my question. In portuguese brazil it has been very hard to get more information in unity.
I appreciate any help,
(I think I did write it a bit unclear in the comment, so here’s a full explanation)
WWWForms with a PHP Script Validating the Data is already the most secure way without a dedicated Server. You only need to run a few checks before your PHP Script writes into the Database.
Including a MYSQL Connector (like rlharper suggested) is over the top and even worse Security wise, because you should never ever let a Client directly talk to the Database. You’d need to do the Validation inside your Game and even leave the password to the database there. Believe me it’s pretty easy to decompile any .Net Application. So basicly you would give your Database Password to anyone out there in the World.
Of Course that changes when using a Dedicated Server, that first Validates all inputs and then speaks to the Database, but again, that’s a bit over the Top.
The only Problem with WWWForms is (and that’s the same for all communication between Client and Server/Database):
You can’t trust the Data that is sent by the User.
They could simply intercept any Packages sent, modify it and send something completely different to your Database.
So what you would need to check in your PHP Scripts are at least the following things:
- Use prepared Statements (MySqli)
- Check the incoming Data for Characters that shouldn’t be there, like ,.?!()^ and so on.
- If you want to make it a bit harder for cheaters (for example if you are doing a Highscore List) then encrypt your data. Though if decompiled, one would still be able to change the Values sent.
(1) Prepared Statements are already a very good way to disallow injection of sql code. (See here)
(2) By striping dangerous Chars like the Question Mark (?) and so on, you minimize the danger of php injection. (See here). If the data doesn’t need to be case sensitive, you could also cast all input to lowercase after removing the special chars (Just an easy additional Layer).
You might want to read yourself even more into PHP Security. But I think thats a good start.
You could try my approach, here at http://islesofdulst.com/iod/c-odbc/.