Izrađujem igrice u JavaScriptu (2D jednostavne) pa sam došao do toga da mi je potrebno zapisati različita postignuća iliti napredak (score) u igricama. došao sam do jednog (php-mysql) rješenja no nisam siguran što još dodati kako ne bi ugrozio sigurnost. Nisam siguran ni da li je to rješenje prihvatljivo.
Znači čitanje postignuća radim preko ajax-a i fajla getscores.php u kojem se nalazi:
<?php
header('Access-Control-Allow-Origin: *');
$host="localhost"; // Host name
$username="hosting_score"; // Mysql username
$password="f8F?sta100ne500"; // Mysql password
$db_name="hosting_mygamescores"; // Database name
$tbl_name="patka_scores"; // Table name
// Connect to server and select database.
$link = mysqli_connect("$host", "$username", "$password")or die("cannot connect");
mysqli_select_db($link, "$db_name")or die("cannot select DB");
// Retrieve data from database
$sql="SELECT * FROM $tbl_name ORDER BY score DESC LIMIT 10";
$result=mysqli_query($link, $sql);
// Start looping rows in mysql database.
while($rows=mysqli_fetch_array($result)){
echo $rows['name'] . "|" . $rows['score'] . "|";
// close while loop
}
// close MySQL connection
mysqli_close($link);
?>
i drugi fajl koji zapisuje podatke a kojem također pristupam preko ajax-a
<?php
$db = "hosting_mygamescores";//Your database name
$dbu = "hosting_score";//Your database username
$dbp = "f8F?sta100ne500";//Your database users' password
$host = "localhost";//MySQL server - usually localhost
$tbl_name="patka_scores"; // Table name
$dblink = mysqli_connect($host,$dbu,$dbp);
$seldb = mysqli_select_db($dblink,$db);
if(isset($_GET['name']) && isset($_GET['score'])){
//Lightly sanitize the GET's to prevent SQL injections and possible XSS attacks
$name = strip_tags(mysqli_real_escape_string($dblink,$_GET['name']));
$score = strip_tags(mysqli_real_escape_string($dblink,$_GET['score']));
$sql = mysqli_query($dblink,"INSERT INTO `$db`.`$tbl_name` (`id`,`name`,`score`) VALUES ('','$name','$score');");
if($sql){
//The query returned true - now do whatever you like here.
echo 'Your score was saved. Congrats!';
}else{
//The query returned false - you might want to put some sort of error reporting here. Even logging the error to a text file is fine.
echo 'There was a problem saving your score. Please try again later.';
}
}else{
echo 'Your name or score wasnt passed in the request.';
}
mysqli_close($dblink);//Close off the MySQL connection to save resources.
?>
Fajlove sam na jednom serveru strpo u cgi-bin folder, dok na drugom hostingu netje da radi u cgi-bin folderu pa sam postavio u drugi.
Svaki komentar je dobro došao. Tnx