The staff not take very well this plugin. I decided to discontinue updates.
If it is useful I am working in sqlite3. For mananger table in CLIENT DATABASE SQLITE3.
https://sourceforge.net/projects/sqlite3cworkitv10/

The documentation is in Portuguese Brazil, and Pluguin only FOr Use in C# or C++ but if you are interested I can post the plugin for LITEC and some Sources to use the plugin. Works great!

Features:

void sql_init();
int sql_conect(char* database, int type);
int sql_select(char* query);
int sql_selectId(char* query);
char* sql_get_select(char* buffer, char *column, int row);
char* sql_get_selectId(char* buffer, int column, int row);
int sql_insert(char* table,char* column, char* values);
int sql_updateId(char* table,char* column, char* values, char* id);
int sql_update(char* table,char* column, char* values, char* cl_name, char* name);
int sql_removeId(char* table,char* id);
int sql_remove(char* table,char* condition, char* name);

Why dont you use a php script on your server which has access to the sqldatabase?
Much easier and secure for me

FOR EVERYONE THINKING OF USING THIS:

This plugin is NOT dangerous. Its how someone uses it.
If you need a MySQL Connection with a plugin do it on the server. Also do it localy...if the MySQL is in a local area connection with the server!
All clients must use only client applications , in the server code for all plugins you must give username and password. This will be visible if you give it to the clients.
Using a PHP Script to do this work (as I'm using right now) requires first a WEB Server and second needs more time to process. But gives the opportunity to sanitize the input (remove bad/exploit characters from the strings).

Never use usernames/passwords for a sql server in client applications, it can be captured with software as it is making its way out of your lan card. And make sure you remove any '-"; characters from your input strings before sending them.

Look at this guy doing input sanitation on the client.

Old_Bill recently told me that I'm no longer allowed to call user names, so let's make a riddle out of it: It starts with an 'I' and ends with 'diot'.

Sanitation localy (for dumb players 'wannabe hackers') and then on a remote WEB server (for serious 'penetration testers')...
Are you refering an "I" , "diot" to yourself here? I didnt understand...

If you are going to give meaningless replys , dont reply at all! Say something useful!

PS.: I'm trying to help. You're trying to 'look cool'. Not working...

You are telling people that it's not bad if they use this plugin. If you want to help them to get their MySQL database emptied, sure, you are helping them a metric fuckton there, but otherwise...

Doing sanitation twice, once on the client and once on the server is ridiculous. You don't have to defend against the pentester and the script kiddy separately (besides, assuming that only these two exist is just naive). Do the sanitation once and don't write code that you don't need. If you connect directly to the MySQL database... Well, don't do input sanitation at all, because its worthless anyways. Anyone can connect to your MySQL database and run queries against it anyhow, and people will do that, promised.

Not defining an API on a webserver that your client communicates with is just asking for trouble. Wether you implement that API in C, PHP, node.js, RoR... No one cares. It doesn't matter if its SOAP, REST, XMLRPC, what have you. Important is: Don't fucking trust third party, sanitize all input ON your server, not on the client.

Edit:
I feel like a fucking broken record here. I'm telling this since years in this forum, every time a thread like this pops up and everyone is like "hooray, MySQL in Gamestudio". And no one fucking realizes that this is just like going outside and handing everyone a key to your front door. Sometimes I think you people are just fucking around with me and not actually that retarded, but it appears to be that in fact you are. I realize that security isn't a state but a process and that it might not be obvious why this is a bad idea, but come fucking on, connecting from an untrusted client to a MySQL database is stupid. News at 11.

Seriously, this complete utter lack of responsibility in regards to security is baffling, and its something that is running around in the indie games scene like a kid with ADHD after you fed it a kilo of sugar and cocaine. It's not funny anymore, it's depressing and it makes you all look bad. Fucked if I know why this is so prevalent with game designers, but I have the theory that you are all just a bunch of hipster kids that sit around starbucks all day and sometimes circlejerk each other when no one looks.

You speak like people coudnt use this only on serverside.
Using it on client side of course is fully ridiculous.

You speak like someone who thinks that writing server side software with Gamestudio is a brilliant idea.

And don't say dedicated server, because in that case, you have a local sqlite3 database, not a local MySQL database. (Edit: Why do you need a database for a server that doesn't need persistence anyways?)


Oh, and just to make sure to really piss of everyone in this forum: My favorite Latvian joke:

Exactly my point. He says that you cant trust your own dedicated server to send input to your own database...

Calling everyone idiots just speaks bad for your childly attitude about life. You're not a misunderstood genius, you're just a regular guy with a shi**y morning!

As for your constructive criticism, I never wrote about connecting your client app directly with your SQL database. You just cant read right...thats all...
I say newbies shouldnt do it, because noone is familiar with protections until he builds a vunerable app.

As for the double sanitation, I just like to do it twice...it consumes my hardware, raises my FPS, clogs my lan card and crashes my server...but I'm just like that. Cant help it...

Wont somebody shut him up already? I had enough of his crap!

Why on earth would you install MySQL with your software and have the daemon running on your dedicated server?! I'm seriously having trouble understanding your use case here, and it feels like you are trying to open a door with a tank.


It's afternoon. And yeah, it's a shitty one. Go sue me.
And I know who I am, and I'm not pretending to be gods gift to earth. If you want to write insecure software, I'm not going to stop you from it. But I'll make damn sure to point out how ridiculously dangerous this is to everyone else, just in the off chance that it will stop someone from doing something like this.


See, and yet you want me to take you seriously.


There is an ignore button in the user profiles. I use it regularly, works like a charme. 10/10 button, would recommend.
Besides, old_bill or some other Mod will probably send me PM in the next 24 hours and tell me that I can't possible write stuff like this.