Jump to content


Photo

GmMySQL - Update: Help is now included


  • Please log in to reply
32 replies to this topic

#1 h0bbel

h0bbel

    GMC Member

  • New Member
  • 252 posts

Posted 03 August 2010 - 12:42 PM

GmMySQL 1.00

A game maker DLL to interact with a MySQL database.

Features:

* Retrieving fields and rows
* Retrieving insert id and affected rows
* Retrieving error string
* Escaping strings

Update: Help file is now included

It's best not to save passwords inside your application.
Use this in applications where the user has to enter his own MySQL username and password.


(link removed)

Edited by h0bbel, 19 September 2013 - 06:53 PM.

  • 0
The empty archive bug should be fixed on my site.
Please use the "report bug" button on my site to report bugs, makes things clearer.

#2 2DLuis

2DLuis

    Graphic Designer

  • GMC Member
  • 2527 posts
  • Version:GM8

Posted 03 August 2010 - 03:36 PM

Hm, it looks like it is GMSQL's reincarnation, (just that it was made by you ;))

Is this a direct connection to the database... It's pretty unsecure if that's the case..
  • 0

#3 Manuel777

Manuel777

    InvaderGames

  • GMC Member
  • 3578 posts
  • Version:GM:Studio

Posted 03 August 2010 - 04:12 PM

Zip is corrupted? :\
  • 0

@MEtchegaray7

gplussignature.png

May this signature be frozen on the old GMC until the end of times. Or YoYo takes it down.


#4 Revel

Revel

    ɹǝqɯǝɯ ɔɯƃ

  • GMC Member
  • 4935 posts
  • Version:GM8

Posted 03 August 2010 - 04:34 PM

...h0bbel? Haven't seen you in a while..

Finally another mysql dll. I have no need for it, but nice release!


Is this a direct connection to the database... It's pretty unsecure if that's the case..

Exactly why all other mysql DLL's have failed.

Edited by Revel, 03 August 2010 - 04:36 PM.

  • 0

#5 TheMagicNumber

TheMagicNumber

    GMC Member

  • GMC Member
  • 5247 posts
  • Version:Unknown

Posted 03 August 2010 - 04:39 PM

If you know what you're doing, you shouldn't have security problems. Simply don't give out your database information.
  • 0

#6 Manuel777

Manuel777

    InvaderGames

  • GMC Member
  • 3578 posts
  • Version:GM:Studio

Posted 03 August 2010 - 04:46 PM

Errmmm, thats why i use Netread to manage mysql databases in my games, simply write everything in a PHP and forget about troubles!
  • 0

@MEtchegaray7

gplussignature.png

May this signature be frozen on the old GMC until the end of times. Or YoYo takes it down.


#7 Revel

Revel

    ɹǝqɯǝɯ ɔɯƃ

  • GMC Member
  • 4935 posts
  • Version:GM8

Posted 03 August 2010 - 04:48 PM

If you know what you're doing, you shouldn't have security problems. Simply don't give out your database information.


How? If your connecting to a database using this DLL, that means your passing your mysql DB credentials to the DLL. There are many ways for someone to get these credentials:
1) decompile the game and look for the DLL call.
2) Make a "spoof" dll that runs a simple MessageBox() to show the credentials the user passed to the DLL
3) If the game is somehow getting the credentials from a server, all it takes is a simple packet editor or memory editor to get the credentials (any of the above methods would work for this too).

just to name a few of the simple ones.

The only way this DLL is safe, is if your using it for a GML-based server.

Edited by Revel, 03 August 2010 - 04:50 PM.

  • 0

#8 Seamonster

Seamonster

    Meow!

  • New Member
  • 743 posts

Posted 03 August 2010 - 05:04 PM

The only way this DLL is safe, is if your using it for a GML-based server.


Which is exactly what you should use it for.
  • 0

#9 TheMagicNumber

TheMagicNumber

    GMC Member

  • GMC Member
  • 5247 posts
  • Version:Unknown

Posted 03 August 2010 - 05:17 PM

The only way this DLL is safe, is if your using it for a GML-based server.

Which is exactly what you should use it for.

Exactly, I think h0bbel should have a warning to them, such as "if your database gets hacked it's not my fault."
  • 0

#10 h0bbel

h0bbel

    GMC Member

  • New Member
  • 252 posts

Posted 03 August 2010 - 06:52 PM

I'm sorry I was not aware of another MySQL DLL.
I saw a request on the forum and made a DLL for it.

I've added a warning about saving passwords inside your game.
  • 0
The empty archive bug should be fixed on my site.
Please use the "report bug" button on my site to report bugs, makes things clearer.

#11 h0bbel

h0bbel

    GMC Member

  • New Member
  • 252 posts

Posted 03 August 2010 - 06:54 PM

Zip is corrupted? :\

I've had problems before on the old site, but I thought the downloads were working correctly now.
What internet browser were you using ?
  • 0
The empty archive bug should be fixed on my site.
Please use the "report bug" button on my site to report bugs, makes things clearer.

#12 Manuel777

Manuel777

    InvaderGames

  • GMC Member
  • 3578 posts
  • Version:GM:Studio

Posted 03 August 2010 - 09:14 PM

Zip is corrupted? :\

I've had problems before on the old site, but I thought the downloads were working correctly now.
What internet browser were you using ?

Google chrome, bu i use IDM to manage downloads
  • 0

@MEtchegaray7

gplussignature.png

May this signature be frozen on the old GMC until the end of times. Or YoYo takes it down.


#13 Onibubu

Onibubu

    GMC Member

  • New Member
  • 10 posts

Posted 05 September 2010 - 09:06 PM

I dont know where your security problem is...
The server program is the only program that needs to interact with the db... the client itself interacts with the server...

For example:
Client:
Player A wants to build a stonemine.
He sends x and y coordinates of the field and his ID to the server program.

Server:
He gets Data from player A and makes an sql query for the field (what type is is ect) and the player (if he has enough gold).
If everything is fine the server writes everything neccecary into the Database and sends the new field data to the client (so its displayed proberly).

It's only unsecure if every CLIENTPROGRAM connects to the Database but thats not logical.
It has a purpose that we have Client/Server structures everywhere in the internet.
  • 0

#14 Loric

Loric

    GMC Member

  • GMC Member
  • 6 posts
  • Version:GM8

Posted 17 November 2010 - 02:28 PM

Hi, what is difference between this dll and the GMSQL.
  • 0

#15 DJ-Habana

DJ-Habana

    GMC Member

  • New Member
  • 47 posts

Posted 26 November 2010 - 07:24 AM

How or where do I create a clean MySql Database, I am kinda a newby with it lol
  • 0

#16 DJ-Habana

DJ-Habana

    GMC Member

  • New Member
  • 47 posts

Posted 26 November 2010 - 07:25 AM

Hi, what is difference between this dll and the GMSQL.

GMSQL is discontinued
  • 0

#17 rahro

rahro

    GMC Member

  • New Member
  • 4 posts

Posted 09 January 2011 - 08:02 AM

sorry,can i Connect with this to a mysql database that is on a host?!

Edited by rahro, 09 January 2011 - 08:03 AM.

  • 0

#18 manh9011

manh9011

    GMC Member

  • New Member
  • 1 posts

Posted 17 January 2011 - 03:29 AM

It doesn't work.
When I connect to server, game is notrepostding.
What's it fail, Hobbel? (I'm using GM8)

Sorry, I'm not talking good English.

Edited by manh9011, 17 January 2011 - 03:30 AM.

  • 0

#19 MudbudGoldfish

MudbudGoldfish

    Indie Game Dev Team

  • New Member
  • 494 posts
  • Version:Unknown

Posted 17 January 2011 - 05:40 AM

could this be used to check if a player inputted serial key is correct, and if it is, then tell the database that the current key is being used? and no I don't want to try first and find out I wasted valuable time...
  • 0

#20 Maxinston

Maxinston

    Epic Phail

  • GMC Member
  • 1248 posts
  • Version:Unknown

Posted 18 January 2011 - 07:12 AM

could this be used to check if a player inputted serial key is correct, and if it is, then tell the database that the current key is being used? and no I don't want to try first and find out I wasted valuable time...


A more secure way would be for the client to connect to the server and then the server connect to the MySQL database and write back to the client whenever the key is taken or not. By connecting to MySQL directly from the client you risk the user retrieving all the serial keys in the database and PHP has it's own functions to connect with the server which renders this DLL useless.. Unless of course you are going to program the server in GM which is like building a plane out of concrete.
  • 0
<div align='center'><img src="http://img33.imagesh...igpic88821.jpg" border="0" class="linked-sig-image" />
A designer knows that he achieved perfection not when there is nothing left to add but when there is nothing left to take away.</div>

#21 filulilus

filulilus

    GMC Member

  • GMC Member
  • 972 posts
  • Version:GM:Studio

Posted 24 January 2011 - 03:06 AM

There will allways be a risk if you have the client connect directly to the MySQL server.
They way to get around this is to add another dll or use GMs Mplay. (this is also what you SHOULD do if you are making fast games like an FPS)

example...

Client use: 39dll
Server use: 39dll and GmMySQL

Client send information to the server, the server recive the info and write the info to the MySQL server and the other way around to get the infromation.

Simple! :)

I bet someone allready posted something like this but im a little lazy right now...
  • 0
Posted ImagePosted Image

Did I just help you? please give me a +1!
\/


#22 johnjoe

johnjoe

    GMC Member

  • New Member
  • 299 posts
  • Version:Unknown

Posted 07 March 2011 - 06:21 PM

hey hobbel, is this compatible for c++ through getprocaddress?
  • 0

#23 johnjoe

johnjoe

    GMC Member

  • New Member
  • 299 posts
  • Version:Unknown

Posted 07 March 2011 - 08:32 PM

imhaving problem porting it to c++
typedef int (__stdcall*hobbl_com_create)();
typedef int (__stdcall*hobbl_com_setauth)(int, char*, char*);
typedef int (__stdcall*hobbl_com_connect)(int, char*,int,char*);
typedef int (__stdcall*hobbl_com_query)(int, char*);



int main()
{

    hobbl_com_create _hobbl_com_create;
    hobbl_com_setauth _hobbl_com_setauth;
    hobbl_com_connect _hobbl_com_connect;
    hobbl_com_query _hobbl_com_query;
    HINSTANCE hInstLibrary = LoadLibrary("GmMySQL.dll");

    if (hInstLibrary)
    {
        _hobbl_com_create = (hobbl_com_create)GetProcAddress(hInstLibrary, "hobbl_com_create");
        _hobbl_com_setauth = (hobbl_com_setauth)GetProcAddress(hInstLibrary, "hobbl_com_setauth");
        _hobbl_com_connect = (hobbl_com_connect)GetProcAddress(hInstLibrary, "hobbl_com_connect");
        _hobbl_com_query = (hobbl_com_query)GetProcAddress(hInstLibrary, "hobbl_com_query");

    
        char rootUser[] = "root";
        char rootPass[] = "shurk";
        char rootIP[] = "localhost";
        int rootPort = 3306;
        char rootDB[] = "test";

        int tmpHandle = _hobbl_com_create();
        int tmpAuth = _hobbl_com_setauth(tmpHandle, rootUser, rootPass);
        int tmpConnect = _hobbl_com_connect(tmpHandle, rootIP, rootPort, rootDB);
        int tmpQuery = _hobbl_com_query(tmpHandle, "INSERT INTO users (username) VALUES ('jigsaw');");

        cout << tmpHandle << endl;
        cout << tmpAuth << endl;
        cout << tmpConnect << endl;
        cout << tmpQuery << endl;


        FreeLibrary(hInstLibrary);
    }
    else
    {
        std::cout << "DLL Failed To Load!" << std::endl;
    }

    std::cin.get();

}

result:
1
10496
2236672
2234624

where i expected
1
0
0
0

buffer overflow may be?

and INSERT INTO users (username) VALUES ('jigsaw'); wasn't effective, no record were inserted.

Edited by johnjoe, 07 March 2011 - 08:34 PM.

  • 0

#24 TheMagicNumber

TheMagicNumber

    GMC Member

  • GMC Member
  • 5247 posts
  • Version:Unknown

Posted 07 March 2011 - 08:46 PM

buffer overflow may be?

That or GM uses doubles, not ints.

Why aren't you using this?
  • 0

#25 johnjoe

johnjoe

    GMC Member

  • New Member
  • 299 posts
  • Version:Unknown

Posted 09 March 2011 - 03:41 AM

i have, but i'm not progressing. i'm having difficulties in how to figure it out.
  • 0

#26 johnjoe

johnjoe

    GMC Member

  • New Member
  • 299 posts
  • Version:Unknown

Posted 09 March 2011 - 05:38 AM

absolutely no chance of getting mysql++ fixed. tutorials are scarce.
  • 0

#27 Revel

Revel

    ɹǝqɯǝɯ ɔɯƃ

  • GMC Member
  • 4935 posts
  • Version:GM8

Posted 09 March 2011 - 06:57 AM

absolutely no chance of getting mysql++ fixed. tutorials are scarce.

mysql++ provides a user manual and documentation. The first example it shows is enough to do almost anything you need.
  • 0

#28 tomasart

tomasart

    GMC Member

  • GMC Member
  • 269 posts

Posted 21 April 2011 - 07:57 PM

This is what i'am searching for. Please atach example :rolleyes:
  • 0

#29 TheMagicNumber

TheMagicNumber

    GMC Member

  • GMC Member
  • 5247 posts
  • Version:Unknown

Posted 22 April 2011 - 05:41 AM

This is what i'am searching for. Please atach example :rolleyes:

For this DLL? Use the included help. For MySQL++? Use its help.
  • 0

#30 Armisticdoom

Armisticdoom

    GMC Member

  • New Member
  • 73 posts

Posted 25 July 2011 - 04:44 PM

I am using this for my server. It sucessfully stores registration details after a successful registration attempt... once. After that it gets the error 'MySQL server has gone away'. Then it works again (but only once) after restarting the server. Am i missing something that I need to do?
  • 0

#31 Funk E. Gamez

Funk E. Gamez

    GMC Member

  • GMC Member
  • 774 posts

Posted 05 January 2012 - 11:18 AM

I have a question about security... Suppose the client types in their login information and sends that to the server. The server checks the MySQL database to see if said account details are correct, and if so it reads from the database all the info it needs. Then the server sends back the info to the client, the client never touching the database or password.

Shouldn't this method be completely secure? (More or less) If the client never connects to the database and never receives a password, they have no way of getting in.
The only disadvantage I see is that when interacting with other players it will have to ask the server for account info, which is kind of a hassle... But am I correct in that this would be secure?

Here's the other option I thought of: The client connects to a website which acts as a median between them and the database. The client sends out an SHA-1 encrypted password. (So they don't know what the actual password is.) Using the same hash, the website has encrypted the password of the MySQL database, and checks this against what it received from the client. If it's a match, the website gives the ok to use the password to connect to the database and lookup the necessary database information. After doing so, it returns the information to the client, that way the only password they know is already encrypted in one-way encryption. (Therefore near impossible to decrypt or figure out)

The second method requires a lot more php to complete, but actually seems like it should work just as well as the first one, and that way I don't have to send as many messages from the server; the client can look it up without having the password revealed. And it also allows the player to log in before connecting to the server, which is kind of what I was planning on doing.

Please let me know if my thinking is correct, or if I'm missing something here that would endanger the database.

Edited by Funk E. Gamez, 05 January 2012 - 11:32 AM.

  • 0

#32 Ronchon le Nain

Ronchon le Nain

    GMC Member

  • GMC Member
  • 270 posts
  • Version:GM:Studio

Posted 19 January 2012 - 12:04 AM

I don't know either, i'm a noob with this too. But it's the same thing that i plan to do...

I'm just beginning with this dll and mySQL stuff, and i can't understand the default help.
I have to access an existing database on a distant website.
Could someone rewrite for me in a more explained way this example (with fictive arguments) of how it would look like to access an online database ?
Thannks a lot!

MySQL_Init ();
Handle = MySQL_Create ();
MySQL_SetAuth (Handle,"root","root");
Result = MySQL_Connect (Handle,"localhost",3306,"root");
MySQL_Query (Handle,"SELECT userid,username FROM users LIMIT 0,1");
Result = MySQL_ResultStore (Handle);
rows = MySQL_NumRows (Result);
fields = MySQL_NumFields (Result);

repeat (rows)
{
row = MySQL_RowFetch (Result);
for (i=0;i<fields;i+=1)
{
field = MySQL_RowGetField (row,i);
}
}
MySQL_ResultFree (Result);



  • 0

#33 ScottBeeson

ScottBeeson

    GMC Member

  • GMC Member
  • 263 posts
  • Version:GM:Studio

Posted 20 December 2012 - 04:03 AM

GameMaker studio crashes every time I try to call MySql_SetAuth. I have confirmed the MySql_Create result is 1. Then after that it immediately poops on itself ("GameMaker Studio Runner has stopped working... blah, blah, blah")

show_message("dbInit()");
dbInit();

show_message("dbCreate()");
Handle = dbCreate();
if result = 1 then show_message("Success");

show_message("dbSetAuth()");
dbSetAuth(Handle,"haha","derp");

(I renamed them all from MySQL_Action to dbAction, hopefully that isn't a problem...)

Edited by ScottBeeson, 20 December 2012 - 04:04 AM.

  • 0
Posted Image Posted Image