Posts Tagged ‘Actionscript 3’

11
Mar

AS3 – AMFPHP – Secure Flash/MySQL Database Calls

   Posted by: Haelix    in Actionscript 3, PHP/MySQL, Tutorials

I decided to split the original blog post into two separate posts as “Secure” Flash/MySQL DB calls is fairly short, and it was scattered about in a post more on how to set up a High Score DB with AMFPHP.

So this will be a couple of very specific tips and things to set up when adding any sort of user-entered data from flash ( or PHP! ) to touch your database. You know the rule… never trust any data. Always make sure you strictly data type variables and typecast user-entered variables.

First up, as the user enters data into Flash, via an input TextField, use the .restrict setter to restrict characters entered to only characters that you need.  This is the first layer of protection against SQL injection attacks , and just follows the same sort of common sense “best practices” type of coding as datatyping variables.


nameInputTxt.restrict = "A-Z a-z 0-9";

This will restrict the characters allowed in this textField to only alpha-numeric, capitals and lower case. This excludes potential Injection-prone characters like the single apostrophe ” ‘ ” and semi-colon ” ; ” keys.

After that data gets entered, we’re going to send those variables thru AMFPHP into our PHP Class.  In the case of our High Scores Database example, we’re sending both the nameInputTxt data, as well as an integer based score value which gets handled by the following PHP code:


function addScore( $pName , $pScore )
{

$created = date( "Y-m-d H:i:s");
$cleanName = mysql_real_escape_string( $pName );
$cleanScore = intval( $pScore );

return mysql_query( "INSERT INTO $this->table SET `name` = '{$cleanName}' , `score` = $cleanScore , `created` = '{$created}' ");

}

You’ll see the $cleanName and $cleanScore variables a couple of lines into the function. For String type user-entered data, always run it through PHP’s mysql_real_escape_string() function. If somehow a single apostrophe made it this far, PHP will automatically “escape” the apostrophe adding a back-slash before: \’ instead of a dangerous ‘

As far as $pScore goes, we’ll send it thru PHP’s intval() function which will truncate any decimal portions as well as attempt to return an integer value for any data it comes across. This means if something crazy happened and malicious String code made it this far, if intval() could not find the proper integer to represent the data, it will return 0. And submitting a zero, even though it might be wrong, is infinitely better than having DROP TABLE code injected into the call.

That’s it

For More info on securing the actual AMFPHP install and files, check out Lee Brimlow’s Flash Blog post, AMFPHP Security Basics

Tags: , , , , ,

No Comments
9
Mar

FishEyeMenu Class Update… v1.1

   Posted by: Haelix    in Actionscript 3, Tutorials

Thanks to a comment posted by doggy, I’ve updated the FishEyeMenu class to listen for MouseDown events and keep track of selected items.  

New Functions:

  • public function get selected():*
  • public function get lastSelected():* 
  • public function set selected( clickedItemEvent:MouseEvent ):void  
New Event Type
  • FishEyeMenu.SELECTED_CHANGED – Triggered upon a change in selected menu item
Once you’ve pushed an item into the FishEyeMenu object, it keeps track of it’s own MouseDown events on the items in it’s array.  When a user clicks on a menu item, it sets the _lastSelected property to whatever Was selected, and sets the _currentSelected property to whatever menu item was clicked.  

You can now add an event listener for SELECTED_CHANGED which will dispatch upon MouseDown on a menu item.

Please note, the getters for selected and lastSelected are going to return the actual Object that you pushed to the menu.  So it will return a reference to the actual TextField or MovieClip or Sprite or whatever you’re using in the menu.  If you check the Example FLA, you’ll see this code as an example

// in the main function
fishEyeMenu.addEventListener( FishEyeMenu.SELECTED_CHANGED , changedHandler );
 
//later in the code:
/**
* Simple test of usage, fishEyeMenu.selected returns the object selected
* so it's just like calling the actual object that was clicked last and
* you can set whatever properties that object has.
* If this were a MovieClip, you could use fishEyeMenu.selected.gotoAndStop()
***/
private function changedHandler( e:* )
{
trace( "Selected Item Changed to : " + fishEyeMenu.selected.name );
trace( "Selected Item Changed to : " + fishEyeMenu.lastSelected.name );

fishEyeMenu.selected.x +=20;

}

In the simple example, calling fishEyeMenu.selected.x += 20; just moves the object you clicked over 20 pixels to the right (+20). But you could also use fishEyeMenu.selected.gotoAndStop( “Selected” ); if you had pushed several Movie Clips into FishEyeMenu… and they had a frame with framelabel “Selected”.  Post comments if you’d like… it only helps make things better.

 

Download FishEyeMenu v1.1 from GoogleCode

View Updated Documentation

Tags: , ,

4 Comments
2
Mar

Preloader to Game Transition with Stop Propagation

   Posted by: Haelix    in Actionscript 3, Tutorials

This will be a quick post on some gotcha’s to keep an eye out for when loading your ActionScript 3 game swf from a preloader swf. Nothing revolutionary here, back in mid-December, I had posted a blog on ActionScript 3′s Event Handling and the stopPropagation method and just the other day working on the code for a new game project, I ran into a situation where I should’ve used the method, didn’t, and ran into some issues.

Note: If you’re here looking for code on how to write a flash preloader, Lee Brimlow’s video tutorial on Preloading in AS3 gives a beautiful example. When I was originally learning how to code a preloader, that tutorial, and a couple of other tutorials around the net that escape my memory at the moment, were absolutely perfect.

Read the rest of this entry »

Tags: , , ,

No Comments
28
Jan

AS3 Dictionary Class vs. Array vs. Object!

   Posted by: Haelix    in Actionscript 3

It’s some sort of crazy nerdtastic Data Structure Deathmatch!

The Adobe Actionscript 3 Dictionary Class Vs Object Vs Array!  Man it’s awesome to have a language to work in, just like a great RPG where everyone’s got their strengths and weaknesses and it all works together to make awesome flashlove all over the web.

“What is a Dictionary Class and Why Should I read this post?”

Here’s the results from my testing right up front and I feel like it’s a good rough estimate of where each excells.

Read the rest of this entry »

Tags: , ,

2 Comments
16
Dec

Stop Propagating! Pt. 1 AS3, Event Handling, and Lil Timmy

   Posted by: Haelix    in Actionscript 3

I’ve periodically run into issues playing around with EventListeners where I want to remove one EL, and add another in the same function, something similar to the following code below.  First, a quick note on what’s going on in the code so we’re all on the same page.  I have a movie clip “defensive structure,” say, a tower for a Tower Defense game.  It has been added to the stage and I attached an EL to this movie clip of the tower when I added it to the stage, listening for a MOUSE_DOWN event on said tower.

Since then, I’ve added a few other movie clips INTO the tower Movie Clip.  The first issue I ran into was that normally I’ll use “e.target” as the “hey what did I click” variable to trace out or find out just what exactly was clicked.  e.target was pointing at a child of my tower movieclip, which gave me a number of errors like, “this function does not belong to this movie clip,” because functions belong to classes, and I’m targeting just a simple sprite or movie clip.

However, e.currentTarget returns the containing DisplayObjectContainer of e.target.  Usually e.currentTarget would trace out to be [object Stage], but since I specifically added e.target as a child of my defense movie clip, e.currentTarget is returning the actual object I need, the Defense object.

So, let’s take a look:

Read the rest of this entry »

Tags: , ,

2 Comments
Back to top
Previous EntriesNext Entries