11
Mar

AS3 – AMFPHP – Secure Flash/MySQL Database Calls

   Posted by: Haelix   in Actionscript 3, PHP/MySQL, Tutorials

I decided to split the original blog post into two separate posts as “Secure” Flash/MySQL DB calls is fairly short, and it was scattered about in a post more on how to set up a High Score DB with AMFPHP.

So this will be a couple of very specific tips and things to set up when adding any sort of user-entered data from flash ( or PHP! ) to touch your database. You know the rule… never trust any data. Always make sure you strictly data type variables and typecast user-entered variables.

First up, as the user enters data into Flash, via an input TextField, use the .restrict setter to restrict characters entered to only characters that you need.  This is the first layer of protection against SQL injection attacks , and just follows the same sort of common sense “best practices” type of coding as datatyping variables.


nameInputTxt.restrict = "A-Z a-z 0-9";

This will restrict the characters allowed in this textField to only alpha-numeric, capitals and lower case. This excludes potential Injection-prone characters like the single apostrophe ” ‘ ” and semi-colon ” ; ” keys.

After that data gets entered, we’re going to send those variables thru AMFPHP into our PHP Class.  In the case of our High Scores Database example, we’re sending both the nameInputTxt data, as well as an integer based score value which gets handled by the following PHP code:


function addScore( $pName , $pScore )
{

$created = date( "Y-m-d H:i:s");
$cleanName = mysql_real_escape_string( $pName );
$cleanScore = intval( $pScore );

return mysql_query( "INSERT INTO $this->table SET `name` = '{$cleanName}' , `score` = $cleanScore , `created` = '{$created}' ");

}

You’ll see the $cleanName and $cleanScore variables a couple of lines into the function. For String type user-entered data, always run it through PHP’s mysql_real_escape_string() function. If somehow a single apostrophe made it this far, PHP will automatically “escape” the apostrophe adding a back-slash before: \’ instead of a dangerous ‘

As far as $pScore goes, we’ll send it thru PHP’s intval() function which will truncate any decimal portions as well as attempt to return an integer value for any data it comes across. This means if something crazy happened and malicious String code made it this far, if intval() could not find the proper integer to represent the data, it will return 0. And submitting a zero, even though it might be wrong, is infinitely better than having DROP TABLE code injected into the call.

That’s it

For More info on securing the actual AMFPHP install and files, check out Lee Brimlow’s Flash Blog post, AMFPHP Security Basics

Tags: , , , , ,

No Comments
9
Mar

FishEyeMenu Class Update… v1.1

   Posted by: Haelix   in Actionscript 3, Tutorials

Thanks to a comment posted by doggy, I’ve updated the FishEyeMenu class to listen for MouseDown events and keep track of selected items.  

New Functions:

  • public function get selected():*
  • public function get lastSelected():* 
  • public function set selected( clickedItemEvent:MouseEvent ):void  
New Event Type
  • FishEyeMenu.SELECTED_CHANGED – Triggered upon a change in selected menu item
Once you’ve pushed an item into the FishEyeMenu object, it keeps track of it’s own MouseDown events on the items in it’s array.  When a user clicks on a menu item, it sets the _lastSelected property to whatever Was selected, and sets the _currentSelected property to whatever menu item was clicked.  

You can now add an event listener for SELECTED_CHANGED which will dispatch upon MouseDown on a menu item.

Please note, the getters for selected and lastSelected are going to return the actual Object that you pushed to the menu.  So it will return a reference to the actual TextField or MovieClip or Sprite or whatever you’re using in the menu.  If you check the Example FLA, you’ll see this code as an example

// in the main function
fishEyeMenu.addEventListener( FishEyeMenu.SELECTED_CHANGED , changedHandler );
 
//later in the code:
/**
* Simple test of usage, fishEyeMenu.selected returns the object selected
* so it's just like calling the actual object that was clicked last and
* you can set whatever properties that object has.
* If this were a MovieClip, you could use fishEyeMenu.selected.gotoAndStop()
***/
private function changedHandler( e:* )
{
trace( "Selected Item Changed to : " + fishEyeMenu.selected.name );
trace( "Selected Item Changed to : " + fishEyeMenu.lastSelected.name );

fishEyeMenu.selected.x +=20;

}

In the simple example, calling fishEyeMenu.selected.x += 20; just moves the object you clicked over 20 pixels to the right (+20). But you could also use fishEyeMenu.selected.gotoAndStop( “Selected” ); if you had pushed several Movie Clips into FishEyeMenu… and they had a frame with framelabel “Selected”.  Post comments if you’d like… it only helps make things better.

 

Download FishEyeMenu v1.1 from GoogleCode

View Updated Documentation

Tags: , ,

4 Comments
2
Mar

Preloader to Game Transition with Stop Propagation

   Posted by: Haelix   in Actionscript 3, Tutorials

This will be a quick post on some gotcha’s to keep an eye out for when loading your ActionScript 3 game swf from a preloader swf. Nothing revolutionary here, back in mid-December, I had posted a blog on ActionScript 3’s Event Handling and the stopPropagation method and just the other day working on the code for a new game project, I ran into a situation where I should’ve used the method, didn’t, and ran into some issues.

Note: If you’re here looking for code on how to write a flash preloader, Lee Brimlow’s video tutorial on Preloading in AS3 gives a beautiful example. When I was originally learning how to code a preloader, that tutorial, and a couple of other tutorials around the net that escape my memory at the moment, were absolutely perfect.

Read the rest of this entry »

Tags: , , ,

No Comments
12
Feb

Useful Air Apps, Reviews, Links

   Posted by: Haelix   in Air, Blog

For those of you who haven’t seen or come across this yet, I thought I’d pass this along.

AS3 Language Reference Air App

I came across that early last month and it has saved me quite a bit of time. If you have AS3 Livedocs as one of your most visited bookmarks, this app brings livedocs to your desktop so you can load it up when you sit down to work on a project and you don’t have to open browsers and wait for pages to load or even be online at all.

Read the rest of this entry »

Tags: ,

No Comments
12
Feb

Internet Explorer 7/8 Transition Please?

   Posted by: Haelix   in Blog

February 17th was the date all TV’s in the US were supposed to all… something or other… I dont care.  Here’s the new Idea.  If Congress and … friends… in the FCC can mandate a day for you to lose the significantly inferior signal of analog cable, no matter how attached you’ve become to it… get ready… could we add a little sidenote into this legislation saying…

On the Same Day TV’s go Digital, If you have not joined the latter half of your decade by upgrading from Internet Explorer 5/6 to at Least IE7, you will be at risk for the following:

  • PC initiates self-format to erase your whole fail-worthy pc.
  • all social networking & email sites will cancel and ban your account
  • any amount of money currently held in a bank account you check regularly online will be forfeit to web developers and designers who have spent DAYS bent over backwards trying to accomodate and coddle your blatant disregard for the progress of technology by simply clicking “UPDATE NOW,”
  • you will be formatted from the face of the interwebz!!
  • polariods and hard copies of photos of cherished family members will go missing!
  • your car will develop a strange smell that you’ll never be able to put your finger on nor will you be able to ignore it!

I’m no writer nor politicial anything, so I’m sure someone removed from my current irritation can easily remove the hate from this fine, fine piece of legislation.  In the words of St. John Stewart, “Make it so, monkey paw!”

Tags: ,

No Comments
Back to top
Previous EntriesNext Entries