Search Unity

  1. Megacity Metro Demo now available. Download now.
    Dismiss Notice
  2. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

CreateAccount problem with MySQL...

Discussion in 'Scripting' started by Slyrfecso1, Nov 18, 2015.

  1. Slyrfecso1

    Slyrfecso1

    Joined:
    Jul 16, 2012
    Posts:
    100
    Hi,

    I know PHP isn't Unity, but I'm sending data from Unity to MySQL.
    The login is working well, therefore I don't have database error.
    (I can insert new row in to DB manually and I can login with them,
    but from Uniy I can't insert new row.)

    If I create new account in Unity then I got back success, but nothing was inserted in DB.
    Maybe $SQL1 is a problem...

    Any idea would be helpful.
     
    Last edited: Nov 18, 2015
  2. Ostwind

    Ostwind

    Joined:
    Mar 22, 2011
    Posts:
    2,804
    I haven't used mysql for long time but you should not need to pass ID at all if its generator field and if the field is unique/pk it will fail on duplicate value which is now hard coded to zero?. What does the insert query return? is it false? mysql_error() should tell what went wrong.

    Also general suggestion, never trust the passed values directly and escape em or etc to prevent sql injection.
     
  3. Slyrfecso1

    Slyrfecso1

    Joined:
    Jul 16, 2012
    Posts:
    100
    I found a mistake but not enough. (ID and comma)
    I had used a single comma (') instead of the accent (`).

    $insert = "INSERT INTO `accounts` (`Fullname`, `User', `Email`, `Password`) VALUES ('" . $Fullname . "', '" . $User . "', '" . $Email . "', MD5('" . $Password . "'))";

    I tried with fix values, but it doesn't insert to DB.
    $insert = "INSERT INTO `accounts` (`Fullname`, `User', `Email`, `Password`) VALUES ('a', 'b', 'c', 'd')";

    Any idea?
     
  4. Slyrfecso1

    Slyrfecso1

    Joined:
    Jul 16, 2012
    Posts:
    100
    Hi,

    I got this from "echo mysql_error();"

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Email`, `Password`) VALUES ('a', 'a', 'a', MD5('a'))' at line 1Success
    UnityEngine.Debug:Log(Object)
     
  5. Suddoha

    Suddoha

    Joined:
    Nov 9, 2013
    Posts:
    2,824
    You're still using one apostrophe at the end of the user attribute which should also be a backtick:
    Also, just like @Ostwind stated, this is highly insecure as someone could send you values that terminate the actual query and put another one behind it, for example deleting all the entries or tables etc.
    Read up about SQL injection, stored procedures, parameterized queries and also restrict the MySQL users which you use to insert, update etc. accordingly to their use case. There are probably also some more ways to improve this but that's the minimum that should be taken into account. I'm no DB expert though.
     
  6. Slyrfecso1

    Slyrfecso1

    Joined:
    Jul 16, 2012
    Posts:
    100
    Thank you so much, I didn't see this little mistake.
    I hope this will help for other people.
    I'm very newbie in Unity and programming and I need to learn a lot.

    Thanks once more for everyone.