Sending Params from GDevelop to PHP File

Hello everyone,

I am trying to send parameters to my php file but when I try it it generates the error: Undefined index: peticion

This is what I wrote in the GDevelop:

host: “https://example.com
path: “/duelos/enviar_duelo.php”
body: “peticion= inicio”
methods: “POST”
content type: “text / javascript”
variable: arr_inicio

The php file have permissions: 755
The code that my php has:

<?php 
header('Content-Type: text/javascript');
header('Access-Control-Allow-Origin: https://example.com');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT');

$peticion = $_REQUEST['peticion'];

if ($peticion == 'inicio') {
    $id_usuario = $_COOKIE['loggedin'];
    $id_player = $id_usuario;
    
    include('../libreria/obtener_conexion_members.php');
    include('../libreria/obtener_ip_usuario.php');
    include('../libreria/obtener_ip_x_id.php');
    
    $ip_actual = get_client_ip();
    $ip_guardado = $arr_session['ip'];
    
    if ($ip_actual == $ip_guardado) {
       // Se obtiene valores del temp 
        $valida_rival_temp = mysql_query("SELECT * FROM hm_rol_temp
            WHERE ind_duelo = 'S' and id_player=".$id_usuario, $db_connection);
            
          if (mysql_num_rows($valida_rival_temp) > 0)
                                        { 
                                        $arr_temp =  mysql_fetch_assoc($valida_rival_temp);
                                        $id_rival = $arr_temp['id_rival'];
                                        $id_lugar = $arr_temp['id_lugar'];
                                        // datos del player
                                        
                                        $valida_player=mysql_query("SELECT * FROM hm_rol_players WHERE id_usuario = ".$id_player, $db_connection);

                                        if (mysql_num_rows($valida_player)<=0)
                                        {
                                            echo "Error al obtener datos del jugador al iniciar el duelo.";
                                        } 
                                         $arr_player =  mysql_fetch_assoc($valida_player);
                                        $ataque_player =  $arr_player['ataque'];
                                        $defensa_player =  $arr_player['defensa'];
                                        $hambre_player =  $arr_player['hambre'];
                                        $cansancio_player =  $arr_player['cansancio'];
                                        $id_mano1_player =  $arr_player['mano_1'];
                                        $id_mano2_player =  $arr_player['mano_2'];
                                        $id_pecho_player =  $arr_player['pecho'];
                                        $id_cabeza_player =  $arr_player['cabeza'];
                                        $id_avatar_player =  $arr_player['id_avatar'];
                                        $hp_player = $defensa_player-($defensa_player*((20-$cansancio_player)/20));
                                        $fp_player = $ataque_player-($ataque_player*((10-$hambre_player)/10));
                                        
                                         
                                        // obtener nombres objetos
                                        if ($id_mano1_player > 0) {
                                            $id_objeto = $id_mano1_player;
                                             include('../libreria/obtener_objeto.php');
                                            $mano1_player = $arr_objeto['nombre'];
                                            $fp_player = $fp_player + ($ataque_player*($arr_objeto['ataque']/100));
                                        } 
                                        if ($id_mano2_player > 0) {
                                            $id_objeto = $id_mano2_player;
                                             include('../libreria/obtener_objeto.php');
                                            $mano2_player = $arr_objeto['nombre'];
                                             $fp_player = $fp_player + ($ataque_player*($arr_objeto['ataque']/100));
                                        } 
                                        if ($id_pecho_player > 0) {
                                            $id_objeto = $id_pecho_player;
                                             include('../libreria/obtener_objeto.php');
                                            $pecho_player = $arr_objeto['nombre'];
                                            $hp_player = $hp_player + ($defensa_player*($arr_objeto['defensa']/100));
                                        } 
                                        if ($id_cabeza_player > 0) {
                                            $id_objeto = $id_cabeza_player;
                                             include('../libreria/obtener_objeto.php');
                                            $cabeza_player = $arr_objeto['nombre'];
                                            $hp_player = $hp_player + ($defensa_player*($arr_objeto['defensa']/100));
                                         } 
        
                                        // datos del rival
                                         $id_usuario = $id_rival;
                                         include('../libreria/obtener_usuario_x_id.php');
                                         $nombre_rival = $arr_usuario_x_id['usuario'];
                                         $nivel_rival = $arr_usuario_x_id['nivel'];
                                         $monedas_rival = $arr_usuario_x_id['monedas_total'];
                                         
                                         
                                         
                                         $valida_rival=mysql_query("SELECT * FROM hm_rol_players WHERE id_usuario = ".$id_rival, $db_connection);

                                        if (mysql_num_rows($valida_rival)<=0)
                                        {
                                            echo "Error al obtener datos del rival al iniciar el duelo.";
                                        } 
                                         $arr_rival =  mysql_fetch_assoc($valida_rival);
                                         
                                         $defensa_rival =$arr_rival['defensa'];
                                         $ataque_rival = $arr_rival['ataque'];
                                         $hambre_rival = $arr_rival['hambre'];
                                         $cansancio_rival = $arr_rival['cansancio'];
                                         $id_casco_rival = $arr_rival['cabeza'];
                                         $id_pecho_rival = $arr_rival['pecho'];
                                         $id_mano1_rival = $arr_rival['mano_1'];
                                         $id_mano2_rival = $arr_rival['mano_2'];
                                         $id_avatar_rival =  $arr_rival['id_avatar'];
                                         $hp_rival = $defensa_rival-($defensa_rival*((20-$cansancio_rival)/20));
                                         $fp_rival = $ataque_rival-($ataque_rival*((10-$hambre_rival)/10));
                                         
                                         if ($id_casco_rival >  0) {
                                             $id_objeto = $id_casco_rival;
                                             include('../libreria/obtener_objeto.php');
                                             $desc_casco_rival = $arr_objeto['nombre'];
                                              $hp_rival = $hp_rival + ($defensa_rival*($arr_objeto['defensa']/100));
                                         } 
                                         if ($id_pecho_rival >  0) {
                                              $id_objeto = $id_pecho_rival;
                                              include('../libreria/obtener_objeto.php');
                                             $desc_pecho_rival = $arr_objeto['nombre'];
                                              $hp_rival = $hp_rival + ($defensa_rival*($arr_objeto['defensa']/100));
                                         }
                                          if ($id_mano2_rival >  0) {
                                             $id_objeto = $id_mano2_rival;
                                             include('../libreria/obtener_objeto.php');
                                             $desc_mano2rival = $arr_objeto['nombre'];
                                             $fp_rival = $fp_rival + ($ataque_rival*($arr_objeto['ataque']/100));
                                         } 
                                         if ($id_mano1_rival >  0) {
                                              $id_objeto = $id_mano1_rival;
                                             include('../libreria/obtener_objeto.php');
                                             $desc_mano1rival = $arr_objeto['nombre'];
                                             $fp_rival = $fp_rival + ($ataque_rival*($arr_objeto['ataque']/100));
                                         } 
            } else {                             
                echo "Error al iniciar el duelo, vuelve a intentarlo.";
             }
       echo '{
           "id_player":"'. $id_player.'",
           "id_lugar":"'. $id_lugar.'",
           "id_categoria":"1",
           "id_avatar_player":"'. $id_avatar_player.'",
           "id_mano1_player":"'. $id_mano1_player.'",
           "id_mano2_player":"'. $id_mano2_player.'",
           "id_cabeza_player":"'. $id_cabeza_player.'",
           "id_pecho_player":"'. $id_pecho_player.'",
           "hp_player":"'. $hp_player.'",
           "fp_player":"'. $fp_player.'",
           "id_rival":"'. $id_rival.'",
           "nombre_rival":"'. $nombre_rival.'",
           "id_avatar_rival":"'. $id_avatar_rival.'",
           "id_mano1_rivalr":"'. $id_mano1_rival.'",
           "id_mano2_rival":"'. $id_mano2_rival.'",
           "id_cabeza_rival":"'. $id_casco_rival.'",
           "id_pecho_rival":"'. $id_pecho_rival.'",
           "hp_rival":"'. $hp_rival.'",
           "fp_rival":"'. $fp_rival.'"
       }';
       mysql_close();
    } else {
         echo "Error, conflicto al iniciar sesion del duelo";
    }
} /*elseif () {
    
}*/

?>

With this attempt, when starting the game, get all the player’s values
Please, help me with this?

Thank!

It seems to me the problem is that your php being executed before it is actually receive the key ‘peticion’

One thing you can try is instead if($peticion == inicio) try if($peticion) first this way you are checking if $peticion has received any key or not and compare the value after:

if($peticion){ if($peticion == 'inicio'){ } }

Second thing you can try is use $_POST instead of $_REQUEST as $_REQUEST is a super global in PHP containing ALL data, you don’t want them all in this case but only the one coming from $_POST. In case you are using $_REQUEST it might not get updated by the time you need the data and you also need to validate the source of the data. So in general $_REQUEST is recommended only if you want data from any source but always best to be specific by using $_COOKIE, $_POST and $_GET.

To be 100% sure you can also try isset() to check if a variable is set before trying to execute any script.

[code]if(isset($peticion)){

}[/code]

Hello, thanks for answering me

I added the validation of the isset and changed the method a POST, before I worked with POST and GET and not work

if (isset($_POST['peticion'])) {
   $peticion = $_POST['peticion']; 
} else {
    echo "Error! Peticion empty";
    exit;
}

The result is: “Error! Peticion empty” :confused:

I want that “peticion” give me the value “inicio”

The key is not getting through for some reason. It can be caused by many things not sure if I can help you.

Maybe the content-type is not recognised, try application/x-www-form-urlencoded which is the default instead of text/javascript.

You can also add the following code to set the content type if it not recognised:

if(empty($_SERVER['CONTENT_TYPE'])) { $_SERVER['CONTENT_TYPE'] = "application/x-www-form-urlencoded"; }

Also make sure in your php.ini you allow POST and max size is set to be > 0 otherwise it wont accept it.

Also make sure https:// and http:// is not misused and not missing any character.
In case of https you may want to turn off CURLOPT_SSL_VERIFYPEER on your server because the verification may fail, just to try obviously if you want to send sensitive information you don’t want to do this but see if that’s the problem, if it solve the problem you need to configure your SSL certificate or buy one if you don’t have one.

I already found the solution, although I do not know if it is the right solution, it is working for me.
When I put the POST method in GDevelop and in my php file I put GET it shows me the values. :slight_smile:

The only problem with GET is that it is put the query string in to the URL that remain in browser history and can be easily exploited by hackers and also even if you are using HTTPS it log the information as plain text so anyone access the log on the server can read it. So it is something that worth considering.

The first things hackers normally try to do is injecting SQL queries through the input fields that is being executed by php and easily get access to any information or even alter your database this way especially if you are using GET method. It very easy to hack.

In case you are pushing sensitive information like passwords, usernames especially payment information you should be using POST along with encryption and you can and should also take security steps against SQL injection.