PDO search query help! [unity3D]

Question

PHP dispdb.php

<?php
    // Configuration
    $hostname = '1(Ignore this)';
    $username = '1(Ignore this)';
    $password = '1(Ignore this)';
    $database = '1(Ignore this)';

    $secretKey = "1(Ignore this)";

    try {
        $dbh = new PDO('mysql:host='. $hostname .';dbname='. $database, $username, $password);
    } catch(PDOException $e) {
        echo '<h1>An error has occurred.</h1><pre>', $e->getMessage() ,'</pre>';
    }

    $realHash = md5($_GET['search'] . $secretKey); 

    if($realHash == $hash){
       $sth = $dbh->query('SELECT * FROM `oidevstool` WHERE `id` =:search ORDER BY `id`');
       $sth->setFetchMode(PDO::FETCH_ASSOC);

       $result = $sth->fetchAll();

       if(count($result) > 0) {
           foreach($result as $r) {
               echo $r['id'] . "/" . $r['title'] . "/" . $r['priority'] . "/" . $r['deadline'] . "/" . $r['comment'];
            }
       }
    }
?>

database.cs

using UnityEngine;
using System.Collections;

public class database : MonoBehaviour {
    private string secretKey = "1(Don't mid this)"; // Edit this value and make sure it's the same as the one stored on the server
    public string addScoreURL = "1(Don't mid this)"; //be sure to add a ? to your url
    public string highscoreURL = "http://example.com/dispdb.php?";
    public string dataRetrieved;
    public string search;

    public string Md5Sum(string strToEncrypt)
    {
        System.Text.UTF8Encoding ue = new System.Text.UTF8Encoding();
        byte[] bytes = ue.GetBytes(strToEncrypt);

        // encrypt bytes
        System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
        byte[] hashBytes = md5.ComputeHash(bytes);

        // Convert the encrypted bytes back to a string (base 16)
        string hashString = "";

        for (int i = 0; i < hashBytes.Length; i++)
        {
            hashString += System.Convert.ToString(hashBytes[i], 16).PadLeft(2, '0');
        }

        return hashString.PadLeft(32, '0');
    }

    // Get the scores from the MySQL DB to display in a GUIText.
    // remember to use StartCoroutine when calling this function!
    IEnumerator GetScores()
    {
        string hash = Md5Sum(search + secretKey);

        string post_url = highscoreURL + "search=" + search + "&hash=" + hash;

        WWW hs_post = new WWW(post_url);
        WWW hs_get = new WWW(highscoreURL);
        yield return hs_get;

        if (hs_get.error != null)
        {
            print("There was an error getting the high score: " + hs_get.error);
        }
        else
        {
            dataRetrieved = hs_get.text;    
        }
    }

    void OnGUI()
    {
        GUI.Box(new Rect(0, 0, 800, 800), dataRetrieved);
        search = GUI.TextField(new Rect(805, 0, 200, 30), search);

        if(GUI.Button(new Rect(805, 35, 200, 30), "Search"))
        {
            StartCoroutine(GetScores());
        }
    }
}

i've looking ways to fix but i couldn't find any help for some reason this doesn't work whenever i pressed searched on Unity3D it didn't even show the "success", eventhough i made when hash are correct get data

any chance of someone going to help me? that't will be very appreciated

Thankyou. Best Regards

Answer 1

You are using a named placeholder :search in query() .

Use prepare() then either bind :search and execute() or use "lazy" binding by passing data into execute().

See PDO info for more