Inserting Scores Into The Database
Inserting scores is very simple to do. We will simply make a GET request from our iPhone app to our put_score.php page and pass in information through the GET parameters. An example of this might be
http://icodeblog.com/ws/put_score.php?udid=0123456789012345678901234567890123456789&name=brandontreb&score=210.13&secret=some_secret
Here is an explanation of the variables.
| Variable | Description |
|---|---|
| secret | This is some password that only you know. It will prevent people from inserting invalid data into your database. We will hardcode this into the script below |
| udid | This is the UDID of the user’s device. It will be used to uniquely identify each user |
| name | The name to display in the leadboard |
| score | The score for that given user. |
And now the code for put_score.php
<?php // put_score.php /** MySQL database name */ define('DB_NAME', ''); /** MySQL database username */ define('DB_USER', ''); /** MySQL database password */ define('DB_PASSWORD', ''); /** MySQL hostname */ define('DB_HOST', $_ENV{DATABASE_SERVER}); $table = "highscores"; // Initialization $conn = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD); mysql_select_db(DB_NAME, $conn); // Error checking if(!$conn) { die('Could not connect ' . mysql_error()); } if($_GET['secret'] != "some_secret") { die('Nothing to see here...'); } // Localize the GET variables $udid = isset($_GET['udid']) ? $_GET['udid'] : ""; $name = isset($_GET['name']) ? $_GET['name'] : ""; $score = isset($_GET['score']) ? $_GET['score'] : "0.00"; // Protect against sql injections $udid = mysql_real_escape_string($udid); $name = mysql_real_escape_string($name); $score = mysql_real_escape_string($score); // Insert the score $retval = mysql_query("INSERT INTO $table( udid, name, score ) VALUES ( '$udid', '$name', '$score' )",$conn); if($retval) { echo "Inserted score $score for $name"; } else { echo "Unable to insert score " . mysql_error(); } mysql_close($conn); ?>
So we see a lot of the same initialization code as we did in our create_db.php method. As you can see, there is not a lot of code here. We first just localize the GET variables and escape them to ensure that they can’t be sql injected. PHP developers are so lazy that they always fail to do this. It is one line of code that can prevent a huge security flaw.
After localization and sanitation, we simply insert these values into the database and print out the result. The last part of our server code involves displaying the leaderboard. Now, we could write a service for returning xml and display it natively in the application, however displaying a table inside of a webview is much simpler.
So, we are going to output this data into an HTML table that will get displayed inside of a UIWebView. Keep in mind that my table looks like crap and you should definitely style it before using it in your applications.
19 Comments
No, thank YOU very much!
I was thinking on implementing something like this in my game and you just made my work easier.
Thanks, excellent, I’m sure I’ll use it at some point.
Hi! Thanks very much for the tutorial!
I have one question about getting highscrores. How I can get the scrores from the php page to the iphone sdk labels and textboxes e.t.c? I don’t want to use UIWebView.
Please answer to the mail
Very well done ! Love your tuts and I always wonder how to you find time to build them, cz I know how much efforts it takes
For the MySQL,based on my experience I never use FLOAT column type, because I had huge problems with float math on it, I always use DOUBLE instead, which seems to work better.
Also, wouldn’t it be better if the password was sent trough a POST request? Or it was too much code overhead for the simple tutorial ?
Anyhow, I’m always waiting for the new post on your blog, and congrats once more
Marin
@Mikko – You need to make your PHP output XML instead of a table. Then parse this XML in your application into an NSDictionary. From there, you can populate whatever you want with this data.
@Marin – I have never had any issues with FLOAT. But I’m sure you could easily switch it out with DOUBLE. As far as teh POST goes, there are many ways security could be improved. HTTP Basic AUTH would be another way to prevent attacks. I didn’t really want to go too much into it in this tutorial as I wanted to keep things simple and show users how to get a leaderboard up with very little code. Thanks for the suggestion.
Thanks for the code. I was wondering about how to make sure the person can reach the website. It seems that Apple has a framework for checking called SCNetworkReachability and some demo code in the SDK. I’m just adding that here to save people the extra google search.
I cant seem to set up the creat_db.php page I get this error: Could not connect Can’t connect to local MySQL server through socket ‘/tmp/mysql.sock’ (2) and also I am getting confused in xcode. Do you think you could post source code to a sample project that would do everything you described in the tutorial?
Great post. Thanks for this really. I am not a blog reglar blog reader but this blog is truly amazing indeed.
Hi, tnx for this great post. Could you pls place or mail me een .zip with al the files’s?
I build the tutorial but it doesn’t work.
Tnx in advance.
To check for an internet connection, you should use Apple’s Reachability class. Just download it and copy Reachability.h/m to your project. Also, you have to add the SystemConfiguration framework to your project.
https://developer.apple.com/iphone/library/samplecode/Reachability/index.html
Usage:
Reachability* reachability = [Reachability sharedReachability];
[reachability setHostName:@"www.example.com"]; // set your host name here
NetworkStatus remoteHostStatus = [reachability remoteHostStatus];
if(remoteHostStatus == NotReachable) { }
else if (remoteHostStatus == ReachableViaWiFiNetwork) { }
else if (remoteHostStatus == ReachableViaCarrierDataNetwork) { }
Hi, should the submit score method’s return type be NSString *?
Also, if I want to limit the maximum number of entries in the table, how should I modify the code?
Thanks a lot!
I ran into an error when trying to add this to my app:
HighScoresView * hsv = [[HighScoresView alloc] initWithNibName:@”HighScoresView”
bundle:[NSBundle mainBundle]];
[self presentModalViewController:hsv animated:YES];
[hsv release];
The error would say that HighScoresView was undeclared, after a while I got the error to go away. Then I was getting hsv is undeclared and fixed that by adding Controller to the end of each HighScoresView. I was then getting a bad execution error. It seems (I traced through the debugger) that it is not taking the string from my textBox.text (Debugger says it is not a valid CFString. Then when it goes to encode the username it does the same thing and crashes. Do you have any suggestions on how I can fix this? I’ve been puzzle by it for hours now.
-Chris
What if two people enter the same user name? Is there any way to detect if the user name has already been taken? and If so can you explain how one might go about this?
Thanks
Hello,
First I have to say this tutorial has been very helpful, Thanks
I have a few questions though.
I have the leaderboard up and running, and I have it also displaying in my app just fine. A few things that Im running into is when the user clicks the leaderboard button in my app I would like to have them enter there username to submit there high score then have the high scores view controller slides up from the bottom and displays on top of the current view.
Im using your Inserting A UITextField In A UIAlertView, to prompt the user to enter there username. Im not sure how to modify this code, so when the user enters there username and clicks the “OK!” button that it then submits the username and highscore to the leaderbord and closes the UIAlertView and opens the high scores view. And in turn if the user clicks the “Dismiss” button it closes the UIAlertView and opens the high scores view without submitting a score or name.
UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@”Enter A Username Here” message:@”this gets covered!” delegate:self cancelButtonTitle:@”Dismiss” otherButtonTitles:@”OK!”, nil];
UITextField *myTextField = [[UITextField alloc] initWithFrame:CGRectMake(12, 45, 260, 25)];
CGAffineTransform myTransform = CGAffineTransformMakeTranslation(0, 60);
[alert setTransform:myTransform];
[myTextField setBackgroundColor:[UIColor whiteColor]];
[alert addSubview:myTextField];
[alert show];
[alert release];
[myTextField release];
The other issue I noticed, is there is nothing stopping someone from submitting multiple high scores, and flooding the leaderboard with just there name and scoe ten times. Is there another “possible simple” PHP script that when submitting a score it does some sort of check, such as checking if the users UDID and username match, and if there score was greater than the one currently on/or in the database then allow them to post it, if not display an alert, or just “Dismiss” the submission and display the high score view.
I know this is asking allot, any help would be great.
Thanks again.
Good Article!
Where is the rest of the tutorial?
I have an online work order system running on MySQL with PHP pages. I want to make an app to retrieve data and post data to the site. I used this tut to create a couple of test pages and can post data and retrieve via Safari. I am a real newbie on iPhone development and could use some help. A tut on posting and retrieving data would be greatly helpful. If there is one somewhere on the web, I can’t find it.
any help on how to identify a user by username/pword instead of udid?
Very Interesting Read! Looking forward to more on this subject Bookmarked this site. Was also curious if anybody could point me to some related material. Thanks in advance.
Great article, I have just got the mysql db up and running and can post from my browser now! Next step to do an iPhone app to test. Thanks again.
PS. you have a spam comment above that slipped in… might wanna delete it
One Trackback
[...] In deze stap schrijft men data naar de database. Meestal wordt deze stap niet beschreven. Er staat hooguit: “…en schrijven gaat precies andersom.” Hier vind je een uitstekend voorbeeld hoe dat wel kan met XML. [...]