LSL/PHP Question

Hey everyone,
I was working on a PHP and a LSL script which the LSL script gets a name and a key, then sends it to the PHP script which then sends it to the SQL. The only problem is that I can't get the PHP script to send the right data. I'll post some code:


The LSL Script

default
{
    touch_start(integer total_number)
    {
        llHTTPRequest("http://keydatabase.igoe.info/",[HTTP_METHOD, "POST",
             HTTP_MIMETYPE, "application/x-www-form-urlencoded"],
            "username="+(string)llDetectedName(0)+"&key="+(string)llDetectedKey(0));
            llOwnerSay("Sent.");
    }
}

Now the PHP Script (I'll only post the actual sending of data to the SQL).

mysql_query("INSERT INTO keydb (`username`,`key`) VALUES ('username','key')");
echo username;

I already connected to the database and I used the 'echo username;' to debug. I'm just having trouble getting the data from the LSL script to the PHP script. If anyone can assist me, that'd be great. Thanks!

You'll want to use llEscapeURL() to escape special characters in the parameters (particularly the space in the avatar name). Also you'll want to use the values of the parameters passed to your PHP script (I believe that would be $_POST['username'] and $_POST['key']) when you INSERT into the DB, rather than the literal string values 'username' and 'key'. I can't remember if the whole array access expression can be embedded in a string in PHP or if you'll have to use explicit string concatenation/use local variables there instead.

Don't remember too much PHP off the top of my head, don't you need to use $username to indicate that you want the value that's in that variable? Did the debug statement print the value that you sent from the LSL script?

Also, I'm assuming you've done the stuff that pulls out the values from the POST data into variables. Again, don't remember how to do that off the top of my head.

And search the forum archives, there are some discussions on getting LSL and PHP to talk to each other. I think the Wiki might have some examples too.

you should indeed use llEscapeURL() and get the variables using $_POST

username="+llEscapeURL(username)

*not sure if you can inject them directly using $_POST, but i would do this

$key=$_POST['key'];
$username=$_POST['username'];
 
$query = "INSERT INTO `keydb` (`username`,`key`) VALUES ('$username','$key')";
$sql = mysql_query($query) or die(mysql_error()) ;
 
echo $username;

it has the benefit of telling you the sql-error if any


.

Thanks a bunch Salvador! One last question, I have the total code put together:

$query = mysql_query("SELECT * from acesslist WHERE `username` = '".$_POST['username']."' AND `pass` = '".$_POST['password']."'") or die(mysql_error());
	if(mysql_num_rows($query) < 0)
	{
		//already exists
	}
	else
	{
		$key=$_POST['key'];
		$username=$_POST['username']; 
		$query = "INSERT INTO `keydb` (`username`,`key`) VALUES ('$username','$key')";
		$sql = mysql_query($query) or die(mysql_error()); 
		echo $username;
	}

But I want for the code to not post anything into the database if the name/key already exists. Any reason for why the 'if(mysql_num_rows($query) < 0)' isn't doing that?

If it already exists, the number of rows will be greater than 0, right? < is 'less than', > is 'greater than'. Looks like you're using < in your script. The number of rows returned won't ever be negative, I think.

EDIT Nvm, I realized that with the $query I was calling the wrong database >.<

well if you know all works, you dont need to query for an existing key, i would set the colum key or name as index, and remove the or die part.


this results the page to silently fail if the record already exists


.