First Time Setting Up a SQL Database with PHP

TheIvoryDisaster · July 25, 2020, 2:51am

Username (e.g. epiz_XXX) or Website URL

mangos.epizy.com
(please specify the website or account you are asking about)

Error Message

Could not select database, error 403
(please share the FULL error message you see)

Other Information

So here is what I’m trying to do:
I am creating a database and post request to fill it up in order to store information from a video game / research application. I have all of my hosting set up finally and am using a script on my website here, SendData.php, and a class in my application called ServerManager.cs (C#) to handle the post request.

I am really new to this and could be making all kinds of mistakes, but it looks like I’m just having an issue with authentication in my post request. I’m gonna share the php script and the link to connect to it so you can see what I’m talking about and I’m also going to share the C# script. If you have any tips on how to improve my situation I’d really appreciate the help.

Post Request example:
http://mangos.epizy.com/SendData.php?sex=male&age=20-30&race=caucasian&sleep=7&black_correct=10&black_incorrect=5&color_correct=10&color_incorrect=5&equation_correct=10&equation_incorrect=5&hash=a35da8d967492144a869b5591f9e5c59
The above data is not sensitive

SendData.php (sensitive data has been replaced with ‘XXXXX’)

<?php 
        $db = mysqli_connect('sql106.epizy.com', 'epiz_XXXXX', 'XXXXX') or die('Could not connect: ' . mysql_error()); 
        $selected = mysqli_select_db('epiz_26340998_number_research', $db) or die('Could not select database, burp, mooooorty');
 
        // Strings must be escaped to prevent SQL injection attack. 
        $sex = mysqli_real_escape_string($_GET['sex'], $db); 
        $age = mysqli_real_escape_string($_GET['age'], $db); 
        $race = mysqli_real_escape_string($_GET['race'], $db); 
        $sleep = mysqli_real_escape_string($_GET['sleep'], $db); 
        $black_correct = mysqli_real_escape_string($_GET['black_correct'], $db); 
        $black_incorrect = mysqli_real_escape_string($_GET['black_incorrect'], $db); 
        $color_correct = mysqli_real_escape_string($_GET['color_correct'], $db); 
        $color_incorrect = mysqli_real_escape_string($_GET['color_incorrect'], $db); 
        $equation_correct = mysqli_real_escape_string($_GET['equation_correct'], $db); 
        $equation_incorrect = mysqli_real_escape_string($_GET['equation_incorrect'], $db); 
        $hash = $_GET['hash']; 
 
        $secretKey="handbanana"; # Change this value to match the value stored in the client javascript below 

        $real_hash = md5($sex . $age . $race . $sleep . $black_correct . $black_incorrect . $color_correct . $color_incorrect . $equation_correct . $equation_incorrect . $secretKey); 
        if($real_hash == $hash) { 
            // Send variables for the MySQL database class. 
            $query = "insert into scores values (NULL, '$sex', '$age', '$race', '$sleep', '$black_correct', '$black_incorrect', '$color_correct', '$color_incorrect', '$equation_correct', '$equation_incorrect');"; 
            $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
        } 
?>

ServerManager.cs

using System;
using UnityEngine;
using System.Collections;

public class ServerManager : MonoBehaviour
{
    private string
        secretKey = "handbanana"; // Edit this value and make sure it's the same as the one stored on the server

    private string dbSendData = "http://mangos.epizy.com/SendData.php?"; //be sure to add a ? to your url
    // public string dbURL = "http://localhost/Number_Mangos/display.php";

    public string sex;
    public string age;
    public string race;
    public int sleep;
    public int black_correct;
    public int black_incorrect;
    public int color_correct;
    public int color_incorrect;
    public int equation_correct;
    public int equation_incorrect;

    // remember to use StartCoroutine when calling this function!
    IEnumerator PostData()
    {
        //This connects to a server side php script that will add the name and score to a MySQL DB.
        // Supply it with a string representing the players name and the players score.
        string hash = Utility.Md5Sum(sex + age + race + sleep.ToString() + black_correct.ToString() +
                                     black_incorrect.ToString() + color_correct.ToString() +
                                     color_incorrect.ToString() + equation_correct.ToString() +
                                     equation_incorrect.ToString() + secretKey);
        
        Debug.Log($"Hash generated: {hash}");
        Debug.Log(dbSendData);
        string post_url =
            $"{dbSendData}sex={WWW.EscapeURL(sex)}&age={WWW.EscapeURL(age)}&race={WWW.EscapeURL(race)}&sleep={sleep}&black_correct={black_correct}&black_incorrect={black_incorrect}&color_correct={color_correct}&color_incorrect={color_incorrect}&equation_correct={equation_correct}&equation_incorrect={equation_incorrect}&hash={hash}";
        Debug.Log(post_url);
        
        // Post the URL to the site and create a download object to get the result.
        WWW hs_post = new WWW(post_url);
        yield return hs_post; // Wait until the download is done

        if (hs_post.error != null)
        {
            print($"There was an error posting the high score: {hs_post.error}");
        }
    }

    public void Start()
    {
        Debug.Log("Hello world!");
        StartCoroutine("PostData");
    }
}

There are some things to optimize in the C# code but I’m still playing with the classes that will interact with it. I really just want to get the base case working. Any help is greatly appreciated

(other information and details relevant to your question)

anon19508339 · July 25, 2020, 6:25am

HaydenANG · July 25, 2020, 9:50am

Also, I am not sure that C Sharp code is allowed, but if you say it works, Also try using

private string dbSendData = “SendData.php”;

Rather than the full URL, also you have a questionmark at the end of SendData.php, so remeber to use the local file name, or else the security system will block it, an example is;

http://mangos.epizy.com/SendData.php Will get ?i=1 put on the end
WHEREAS
SendData.php when it is in the same folder will not have?i=1 put on.

anon19508339 · July 25, 2020, 9:52am

It shouldn’t work either. We do not support any backend lang other than PHP, so it means this code is external and external codes cannot fetch data from our servers

HaydenANG · July 25, 2020, 9:56am

Oh, And i just noticed it says ensure to add a ? to the url, I never really got into C/C Sharp, I only ever used visual design, however ServerManager.cs does not exist, and it returns 404/WP Error

TheIvoryDisaster · July 25, 2020, 1:40pm

ServerManager.cs is in my C# solution in the app. It informs the system of how to call the php script. I’ll try adding the script to the solution too instead of hosting it and seeing if that works.

Admin · July 26, 2020, 9:34am

Calling API scripts on our hosting from automated tools is not possible, and neither is interacting directly with the MySQL database from the internet.

Please note that we provide free website hosting, not API hosting or database hosting.

system · August 10, 2020, 9:34am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.