Exemple #1
0
 function __construct($name)
 {
     global $language;
     //we can't call the local query method as it assumes the character id
     //which we need to get in the first place
     $table_name = "character_data";
     //don't go sticking just anything in the database
     if (!IsAlphaSpace($name)) {
         message_die($language['MESSAGE_ERROR'], $language['MESSAGE_NAME_ALPHA']);
     }
     //build the query
     $template = "SELECT * FROM `%s` WHERE `name` = '%s'";
     $query = sprintf($template, $table_name, $name);
     //gather database stats
     if (defined('DB_PERFORMANCE')) {
         dbp_query_stat('query', $query);
     }
     //get the results/error
     $results = mysql_query($query) or message_die('profile.php', $query, mysql_error());
     //collect the data from returned row
     if ($row = mysql_fetch_array($results)) {
         //save it
         $this->cached_records[$table_name] = $row;
         $this->account_id = $row['account_id'];
         $this->char_id = $row['id'];
     } else {
         message_die($language['MESSAGE_ERROR'], $language['MESSAGE_NO_FIND']);
     }
 }
Exemple #2
0
$class = $_GET['class'] != "" ? $_GET['class'] : "-1";
$race = $_GET['race'] != "" ? $_GET['race'] : "-1";
$slot = $_GET['slot'] != "" ? $_GET['slot'] : "-1";
$type = $_GET['type'] != "" ? $_GET['type'] : "-1";
$pricemin = $_GET['pricemin'];
$pricemax = $_GET['pricemax'];
$item = $_GET['item'];
$direction = $_GET['direction'] == "DESC" ? "DESC" : "ASC";
$perpage = 25;
//build baselink
$baselink = "bazaar.php?class={$class}&race={$race}&slot={$slot}&type={$type}&pricemin={$pricemin}&pricemax={$pricemax}&item={$item}";
//security against sql injection
if (!IsAlphaSpace($item)) {
    message_die($language['MESSAGE_ERROR'], $language['MESSAGE_ITEM_ALPHA']);
}
if (!IsAlphaSpace($orderby)) {
    message_die($language['MESSAGE_ERROR'], $language['MESSAGE_ORDER_ALPHA']);
}
if (!is_numeric($start)) {
    message_die($language['MESSAGE_ERROR'], $language['MESSAGE_START_NUMERIC']);
}
if (!is_numeric($pricemin) && $pricemin != "") {
    message_die($language['MESSAGE_ERROR'], $language['MESSAGE_PRICE_NUMERIC']);
}
if (!is_numeric($pricemax) && $pricemax != "") {
    message_die($language['MESSAGE_ERROR'], $language['MESSAGE_PRICE_NUMERIC']);
}
if (!is_numeric($class)) {
    message_die($language['MESSAGE_ERROR'], $language['MESSAGE_CLASS_NUMERIC']);
}
if (!is_numeric($race)) {