Search Unity

  1. Megacity Metro Demo now available. Download now.
    Dismiss Notice
  2. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

how query same field with several values in mysql from Unity's SendWebRequest

Discussion in 'Multiplayer' started by Tarrag, Dec 1, 2019.

  1. Tarrag

    Tarrag

    Joined:
    Nov 7, 2016
    Posts:
    215
    Hey all
    I'm trying to check from Unity if several names of a file exists in mysql db.

    I add several names with to query the same field name in the db, but only 1 gets picked up. How can I send to php file several names of the same field to be queried in mysql db?

    Thanks a bunch for your help

    This is my UnityWebRequest:
    Code (CSharp):
    1. WWWForm form = new WWWForm();
    2.         foreach (var name in existingDeviceImgNames)
    3.         {
    4.             form.AddField("nameArray", name);
    5.             Debug.Log("Added to form:" + name);
    6.         }
    7.  
    8.         using (UnityWebRequest www = UnityWebRequest.Post("https://example.com/CompareDeviceNamesVersusDB.php", form))
    9.         {
    10.             yield return www.SendWebRequest();
    11.  
    12.             if (www.isNetworkError || www.isHttpError)
    13.             {
    14.                 Debug.Log(www.error);
    15.             }
    16.             else
    17.             {
    18.                 Debug.Log("Form upload complete!");
    19.  
    20.                 string queryResult = www.downloadHandler.text;
    21.                 Debug.Log(queryResult);
    22.                 if (queryResult.Equals("No records found."))
    23.                     Debug.Log("No entries found");
    24.             }
    25.         }
    And this is the php to check the array of names in the db I've sent to server:

    Code (CSharp):
    1. $namesOnDevice=$_POST["nameArray"];
    2. echo "before - name passed " . count($_POST["nameArray"]);
    3.  
    4. $setTrue=1;
    5.  
    6. if(count($_POST["nameArray"])==0)
    7. {
    8.   echo "No records. Exiting.";
    9.   exit;
    10. }
    11.  
    12. if(count($_POST["nameArray"])==1)
    13. {
    14.   echo "Only 1 record to update in DB: " . $item;
    15.  
    16.   $updateExists = "UPDATE thisTable SET imgExists='$setTrue' WHERE name='$namesOnDevice'";
    17.  
    18.   if ($conn->query($updateExists))
    19.       echo "Record updated successfully";
    20.   else
    21.       echo "Error updating record: " . $conn->error;
    22. }
    23.  
    24. if(count($_POST["nameArray"])>1)
    25. {
    26.   foreach ($namesOnDevice as $item)
    27.   {
    28.     echo "name passed " . $item;
    29.  
    30.       $updateExists = "UPDATE thisTable SET imgExists='$setTrue' WHERE name='$item'";
    31.  
    32.         if ($conn->query($updateExists))
    33.           echo "Record updated successfully";
    34.         else
    35.           echo "Error updating record: " . $conn->error;
    36.   }
    37. }
     
  2. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,722
    SQL injection bugs in your PHP code!!!!!

    Do you have restrictions on your names? You could separate names using comma, then parse them accordingly in php.
     
  3. Tarrag

    Tarrag

    Joined:
    Nov 7, 2016
    Posts:
    215
    Thank you @Aurimas-Cernius , hadn't thought about passing them this way! And yes, I'm refactoring to pdo :)