function __construct($name) { global $language; //we can't call the local query method as it assumes the character id //which we need to get in the first place $table_name = "character_data"; //don't go sticking just anything in the database if (!IsAlphaSpace($name)) { message_die($language['MESSAGE_ERROR'], $language['MESSAGE_NAME_ALPHA']); } //build the query $template = "SELECT * FROM `%s` WHERE `name` = '%s'"; $query = sprintf($template, $table_name, $name); //gather database stats if (defined('DB_PERFORMANCE')) { dbp_query_stat('query', $query); } //get the results/error $results = mysql_query($query) or message_die('profile.php', $query, mysql_error()); //collect the data from returned row if ($row = mysql_fetch_array($results)) { //save it $this->cached_records[$table_name] = $row; $this->account_id = $row['account_id']; $this->char_id = $row['id']; } else { message_die($language['MESSAGE_ERROR'], $language['MESSAGE_NO_FIND']); } }
$class = $_GET['class'] != "" ? $_GET['class'] : "-1"; $race = $_GET['race'] != "" ? $_GET['race'] : "-1"; $slot = $_GET['slot'] != "" ? $_GET['slot'] : "-1"; $type = $_GET['type'] != "" ? $_GET['type'] : "-1"; $pricemin = $_GET['pricemin']; $pricemax = $_GET['pricemax']; $item = $_GET['item']; $direction = $_GET['direction'] == "DESC" ? "DESC" : "ASC"; $perpage = 25; //build baselink $baselink = "bazaar.php?class={$class}&race={$race}&slot={$slot}&type={$type}&pricemin={$pricemin}&pricemax={$pricemax}&item={$item}"; //security against sql injection if (!IsAlphaSpace($item)) { message_die($language['MESSAGE_ERROR'], $language['MESSAGE_ITEM_ALPHA']); } if (!IsAlphaSpace($orderby)) { message_die($language['MESSAGE_ERROR'], $language['MESSAGE_ORDER_ALPHA']); } if (!is_numeric($start)) { message_die($language['MESSAGE_ERROR'], $language['MESSAGE_START_NUMERIC']); } if (!is_numeric($pricemin) && $pricemin != "") { message_die($language['MESSAGE_ERROR'], $language['MESSAGE_PRICE_NUMERIC']); } if (!is_numeric($pricemax) && $pricemax != "") { message_die($language['MESSAGE_ERROR'], $language['MESSAGE_PRICE_NUMERIC']); } if (!is_numeric($class)) { message_die($language['MESSAGE_ERROR'], $language['MESSAGE_CLASS_NUMERIC']); } if (!is_numeric($race)) {