corrupshun Posted November 29, 2009 Share Posted November 29, 2009 Hello I need help with a game php engine script i've been working on. This is what it does: Selects the inputted GET and corresponds to the gameid that it is. such as if you go to game.php?gameid=2 it will go to game 2 and implement the path and title I already created code that will fix if they put nothing or if they put gameid=(nothing) My problem is, what if someone decides to go to game.php?gameid=blue ? it results in an error code. I want to make an if else statement that does not allow someone to type characters and will erase anything typed in other than an interger maybe like: if($_GET['gameid'] == *non-int*) { echo "Please try another game"; } else { //other stuffs } Heres my code: <?php include("inc/template.php"); echo "$headers"; $nothing = ""; if(!isset($_GET['gameid'])) { include("inc/defaultgame.php"); } elseif($_GET['gameid'] == $nothing){ include("inc/defaultgame.php"); } else { $con = mysql_connect("localhost","root",""); mysql_select_db("Corrupshun", $con); $query = mysql_query("SELECT Title, Path FROM Games WHERE id = $_GET[gameid]"); while($row = mysql_fetch_assoc($query)) { $gamepath = $row['Path']; $gametitle = $row['Title']; } }//end else ?> <title><?php echo "$title[game] $gametitle"; ?></title> </head> <body> <?php echo "$banner"; ?> <?php echo "$pagediv"; ?> <?php echo "$nav"; ?> <?php echo "$bodydiv"; ?> <div class="h"><?php echo "$gametitle"; ?></div> <?php echo "$paramstart"; ?> <?php echo "$gamepath"; ?> <?php echo "$paramend"; ?> <?php echo "$divend"; ?><!--body--> <?php echo "$news"; ?><!--news--> <?php echo "$divend"; ?><!--page--> <?php echo "$copyright"; ?> </body> </html> The warning: Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in B:\wamp\www\corrupshun\game.php on line 15 -Thanks! -Austin Quote Link to comment Share on other sites More sharing options...
Andy-H Posted November 29, 2009 Share Posted November 29, 2009 You could check the gameid is an integer using ctype_digit, is_int or various other functions. The general way of implementing this is to create a "whitelist" of allowed values and check the input against the list using in_array ie. $list = range(1,3); if ( in_array($_GET['gameid'], $list) === false ) die('Invalid game ID'); //rest of code... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.