0

I'm working on something with Unity3d MySQL Db. I am passing values through $_GET PHP method but I'm having trouble with strings with white spaces when I store them into the assigned tables.

Let's say I have an InputField which gets the string I need. Then, I pass the string through the $_GET method, like this:

public InputField myInput;
public string a;

void StoreData()
{
     a = myInput.text;
     StartCoroutine(store(a));
}

IEnumerator store(string str)
{
     WWW connection = new WWW("http://localhost/route/store_company.php?name=" + str);
     yield return(connection);
}

So, after connecting to the DB, in the php file I have:

$name = $_GET['name'];
$query = "INSERT INTO company(id, name) VALUES (NULL, '$name')";
$get_query = mysqli_query($connection, $query);
echo '101';

If I type "Example" in the InputField, the VARCHAR column called name will have "Example". But if I type "This is an example", the VARCHAR column just stores the first word ("This") missing the rest of the sentence.

I've sat the VARCHAR to 70 (Length). Pretty new using MySQL. ¿How I capture the whole sentence and why don't work if I am passing a string variable?

Sean Sabe
  • 79
  • 9
  • `name` is a MySQL keyword, so you either need to changethe column name or back tick it when using in queries. – Jay Blanchard Nov 09 '16 at 18:30
  • For query strings you need to use `htmlentities()` on the value before trying to store.Furthermore you should learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Nov 09 '16 at 18:31
  • I have them in spanish and don't work. – Sean Sabe Nov 09 '16 at 18:35
  • Have what in Spanish and what doesn't work? – Jay Blanchard Nov 09 '16 at 18:36
  • You know that spaces are not allowed in URL query strings, right? – Jay Blanchard Nov 09 '16 at 18:44
  • 1
    Replace the spaces with urlencoded string, str = WWW.EscapeURL(str); This defaults to UTF8 encoding which can be overriden with the second parameter. https://docs.unity3d.com/ScriptReference/WWW.EscapeURL.html – Landern Nov 09 '16 at 19:02
  • @Jay The name of the columns and tables are in spanish. I had forgotten about the spaces in URL. But I need to pass the whole string somehow. – Sean Sabe Nov 09 '16 at 19:09
  • Then you have to modify the URL to have the %20 space character. – Jay Blanchard Nov 09 '16 at 19:14
  • @JayBlanchard How I do that or where can I learn how? Also, I tried what Landern said and it works in some fields and don't work in others. – Sean Sabe Nov 09 '16 at 19:17
  • @Landern That solved the problem. Imma check about how to override the enconding. – Sean Sabe Nov 09 '16 at 19:41

0 Answers0