corrupshun Posted November 29, 2009 Share Posted November 29, 2009 Hello I need help with a game php engine script i've been working on. This is what it does: Selects the inputted GET and corresponds to the gameid that it is. such as if you go to game.php?gameid=2 it will go to game 2 and implement the path and title I already created code that will fix if they put nothing or if they put gameid=(nothing) My problem is, what if someone decides to go to game.php?gameid=blue ? it results in an error code. I want to make an if else statement that does not allow someone to type characters and will erase anything typed in other than an interger maybe like: if($_GET['gameid'] == *non-int*) { echo "Please try another game"; } else { //other stuffs } Heres my code: <?php include("inc/template.php"); echo "$headers"; $nothing = ""; if(!isset($_GET['gameid'])) { include("inc/defaultgame.php"); } elseif($_GET['gameid'] == $nothing){ include("inc/defaultgame.php"); } else { $con = mysql_connect("localhost","root",""); mysql_select_db("Corrupshun", $con); $query = mysql_query("SELECT Title, Path FROM Games WHERE id = $_GET[gameid]"); while($row = mysql_fetch_assoc($query)) { $gamepath = $row['Path']; $gametitle = $row['Title']; } }//end else ?> <title><?php echo "$title[game] $gametitle"; ?></title> </head> <body> <?php echo "$banner"; ?> <?php echo "$pagediv"; ?> <?php echo "$nav"; ?> <?php echo "$bodydiv"; ?> <div class="h"><?php echo "$gametitle"; ?></div> <?php echo "$paramstart"; ?> <?php echo "$gamepath"; ?> <?php echo "$paramend"; ?> <?php echo "$divend"; ?><!--body--> <?php echo "$news"; ?><!--news--> <?php echo "$divend"; ?><!--page--> <?php echo "$copyright"; ?> </body> </html> The warning: Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in B:\wamp\www\corrupshun\game.php on line 15 -Thanks! -Austin Link to comment https://forums.phpfreaks.com/topic/183265-get-and-mysql-for-a-game-engine-help/ Share on other sites More sharing options...
Andy-H Posted November 29, 2009 Share Posted November 29, 2009 You could check the gameid is an integer using ctype_digit, is_int or various other functions. The general way of implementing this is to create a "whitelist" of allowed values and check the input against the list using in_array ie. $list = range(1,3); if ( in_array($_GET['gameid'], $list) === false ) die('Invalid game ID'); //rest of code... Link to comment https://forums.phpfreaks.com/topic/183265-get-and-mysql-for-a-game-engine-help/#findComment-967259 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.