1
我是MySQL系統的新手。我必須存儲在數據庫中:將變量從C#發送到MySQL for MySQL(Unity)
用戶名; 得分; 資源。
對於發送的用戶名,得分和資源我沒有任何問題,但whene我嘗試從數據庫中獲取的資源,我有此錯誤:
</style>
</head>
<body>
<h1>Bad request!</h1>
<p>
Your browser (or proxy) sent a request that
this server could not understand.
</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:[email protected]">webmaster</a>.
</p>
<h2>Error 400</h2>
<address>
<a href="/">localhost</a><br />
<span>Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.1.1</span>
</address>
</body>
</html>
UnityEngine.Debug:Log(Object)
<SetPlayerName>c__Iterator1:MoveNext() (at Assets/Scripts/DataBase/MySQL/DBLoader.cs:67)
UnityEngine.SetupCoroutine:InvokeMoveNext(IEnumerator, IntPtr)
這是我的PHP文件:
<?php
$servername = "host";
$username = "name";
$password = "";
$dbname = "game_name";
$coinsname = (isset($_REQUEST['coinsnameGet']) ? $_REQUEST['coinsnameGet'] : null);
//Create Connection
$connection = new mysqli($servername, $username, $password, $dbname);
//Check Connection
if(!$connection) {
die("Connection Failed. " . mysqli_connect_error());
}
$sql = "SELECT Coins FROM score WHERE Name = '" . $coinsname . "'";
$result = mysqli_query($connection, $sql);
while($row = mysqli_fetch_array($result, MYSQLI_BOTH) {
echo $row['Coins'];
}
?>
我必須檢查名稱是否爲本地數據庫名稱然後獲取資源。 本地數據庫是用sqlite創建的。
這是我的連接類:
private DataBase dbLocal;
WWW userData;
WWW scoreData;
WWW coinsData;
public Text Coins;
private string[] dbUsers;
private string[] dbScores;
private string dbCoins;
private string postCoinsData = "http://host/game_name/UsercoinsData.php";
public GameObject scorePrefab;
public Transform scoreParent;
public GameObject rankValue;
public GameObject nameValue;
public GameObject scoreValue;
// Use this for initialization
IEnumerator Start() {
dbLocal = (DataBase)FindObjectOfType(typeof(DataBase));
userData = new WWW("http://host/game_name/UsernameData.php");
scoreData = new WWW("http://host/game_name/UserscoreData.php");
yield return userData;
yield return scoreData;
string textUserData = userData.text;
dbUsers = textUserData.Split(';');
string textScoreData = scoreData.text;
dbScores = textScoreData.Split(';');
scoreParent.transform.localPosition = new Vector3(0, 0, 0);
dbLocal.Connection();
StartCoroutine(SetPlayerName());
GenerateScore();
}
IEnumerator SetPlayerName()
{
string setName = postCoinsData + "coinsnameGet = " + WWW.EscapeURL(dbLocal.GetName());
WWW dataCoins = new WWW(setName);
Debug.Log(dbLocal.GetName());
yield return dataCoins;
string textDataCoins = dataCoins.text;
Coins.text = textDataCoins;
Debug.Log(Coins.text); //This log the error
}
如果我改變了:
$sql = "SELECT Coins FROM score WHERE Name = '" . $coinsname . "'";
與此:
$sql = "SELECT Coins FROM score WHERE Name = 'PlayerName'";
在布勞爾我看比分。
Thx提前!
您是大開[SQL注入(http://php.net/manual/en/security.database.sql-injection.php ),並且應該真正使用[Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)而不是串聯您的查詢。特別是因爲你沒有逃避用戶輸入!這不僅僅是一個安全問題,但是如果輸入包含一個'''' - 字符或者反斜槓,你的查詢就會失敗。 –