This is a real quick post about Unix Timestamps, PHP, and ActionScript 3′s Date class.  When creating a new Date instance, you can pass in a Unix Timestamp into the Date constructor.

var myDate:Date = new Date( unix_timestamp_from_php );
trace( myDate.toString() );  // Invalid Date

When I was working with this, I continually received Invalid date in my output window.  Looking into the matter, if you read php.net’s time() function description and then taking a look at livedocs Date class we’ll quickly see the problem.

Read the rest of this entry »

I’m currently working on a 2D RPG Game Engine ( think Zelda or FinalFantasyII/IV ) in AS3. At the start of this project, as typical projects with friends go, it seems like a completely easy task. “Hey you know AS3… can you write us a quick game engine for this idea we have?” Sure… I’ve finished a simple little game before, I can totally do that.

Take 1:

From previous (limited) game dev experience I know I’ll need to set up a heirarchy of classes to handle Player Characters, Enemies, Scenes, Buttons, etc. So, thinking things out logically (read: noobishly (?) ) the first thing the team will want to see is going to be a the big-picture, visual framework. I sit down and start hammering out a SceneManager to handle scene changes easily. I’ve created an IZFScene interface to standardize the methods of all of my Scene objects for the SceneManager to manipulate. I’ve got my placeholder backgrounds that I tossed into the Flash Library from photoshop ( or MSPaint ) and I’m off and running creating smooth fade-in/fade-out transitions between scenes. The engine process looks like:

Read the rest of this entry »

Tags: Actionscript 3, Game Development

This is a little tutorial covering using ActionScript 3, PHP and AMFPHP to create a MySQL-based High Score Database.  You should have some familiarity with each as this isn’t exactly a “Beginner’s How-To.” For a recent game project I’ve been working on, one of the requirements was a simple High Score Database. After finishing it, I thought I’d post about how I went about coding it. Let’s jump right in with the ActionScript first…

So from the game’s .as files, the idea was to display a DataGrid that shows all the scores submitted to the database. I also wanted to create a ScoresDB class that handles all of my database calls and parses the database results, all ready to be added to the DataGrid.

So that we’re all on the same page, Main.as will refer to the main class that handles adding the DataGrid to the stage, and handles other game functions. ScoresDB.as will refer to the ScoresDB class that handles the AMFPHP/PHP/MySQL calls. HighScore.php will refer to the AMFPHP Service that actually interacts with the MySQL database and returns result sets.

Read the rest of this entry »

Tags: Actionscript 3, AMFPHP, Code Examples

I decided to split the original blog post into two separate posts as “Secure” Flash/MySQL DB calls is fairly short, and it was scattered about in a post more on how to set up a High Score DB with AMFPHP.

So this will be a couple of very specific tips and things to set up when adding any sort of user-entered data from flash ( or PHP! ) to touch your database. You know the rule… never trust any data. Always make sure you strictly data type variables and typecast user-entered variables.

First up, as the user enters data into Flash, via an input TextField, use the .restrict setter to restrict characters entered to only characters that you need.  This is the first layer of protection against SQL injection attacks , and just follows the same sort of common sense “best practices” type of coding as datatyping variables.

nameInputTxt.restrict = "A-Z a-z 0-9";

This will restrict the characters allowed in this textField to only alpha-numeric, capitals and lower case. This excludes potential Injection-prone characters like the single apostrophe ” ‘ ” and semi-colon ” ; ” keys.

After that data gets entered, we’re going to send those variables thru AMFPHP into our PHP Class.  In the case of our High Scores Database example, we’re sending both the nameInputTxt data, as well as an integer based score value which gets handled by the following PHP code:

function addScore( $pName , $pScore )
{

$created = date( "Y-m-d H:i:s");
$cleanName = mysql_real_escape_string( $pName );
$cleanScore = intval( $pScore );

return mysql_query( "INSERT INTO $this->table SET `name` = '{$cleanName}' , `score` = $cleanScore , `created` = '{$created}' ");

}

You’ll see the $cleanName and $cleanScore variables a couple of lines into the function. For String type user-entered data, always run it through PHP’s mysql_real_escape_string() function. If somehow a single apostrophe made it this far, PHP will automatically “escape” the apostrophe adding a back-slash before: \’ instead of a dangerous ‘

As far as $pScore goes, we’ll send it thru PHP’s intval() function which will truncate any decimal portions as well as attempt to return an integer value for any data it comes across. This means if something crazy happened and malicious String code made it this far, if intval() could not find the proper integer to represent the data, it will return 0. And submitting a zero, even though it might be wrong, is infinitely better than having DROP TABLE code injected into the call.

That’s it

For More info on securing the actual AMFPHP install and files, check out Lee Brimlow’s Flash Blog post, AMFPHP Security Basics

Tags: Actionscript 3, AMFPHP, Code Examples, MySQL, PHP, Security