On the php server, make sure you do proper input validation on all requests (a whitelist of accepted characters is a good start) - learning about MySQL ‘prepared statements’, and using them exclusively where database queries contains input from a remote source, is a good way to defend against a lot of common security issues (though of course, that doesn’t cover everything alone).
Your server doesn’t need to be PHP if you hate it. There are many other server-side languages out there, so you should find one that suits you better.
Now about security. You don’t want code you don’t have full control over making random queries and modifications to your database. You need an application layer in front of your database for clients to interact with. This layer is responsible for providing the commands the clients can invoke and for validating the data passed for those commands. For example: if a player wants to use an item the application layer should check if the player owns that item, if the item can be used in the current context, etc.
This “application layer” can be implemented in many ways: a PHP server (or other server-side language like Python, Java, NodeJS, etc), an UE4 dedicated server (that is never sent out to clients) or even a MySQL database that is accessed by an user account that can only access specific stored procedures (the stored procedures are your application layer). Keep in mind that last approach has two drawbacks: it exposes your database IP to the world and puts extra workload on the database server (which now has to run application logic on top of simply dealing with the data).
So what I’m getting from all this is that this only works if you’re using a C++ instead of Blueprints.
I know PHP and MySQL, but I’m new to C++… Could someone tell me how to integrate c++ to my blueprint game? Or perhaps provide me with a link?
Thanks in advance.
Blueprints are c++, too. Every blueprint has a c++ base class for example. The whole Unreal Engine is written in c++. I recommend the coding tutorials on youtube: 3rd Person Power-Up Game with C++ (pre v4.9) - YouTube
I think, what you are looking for is something like this here. https://forums.unrealengine.com/showthread.php?94421-FREE-VaRest-Login-System-With-PHP-and-MySQL
They also show a tutorial on how to set it up for youtube.
Thank you that was exactly what I’m looking for right now
You are welcome