Added GUI and better sanitisation

SteGriff · Jul 12, 2013 · 3f08a01 · 3f08a01
1 parent 34e868e
commit 3f08a01
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 2 deletions.
diff --git a/DAL.php b/DAL.php
@@ -28,7 +28,7 @@ function DB_create_card($cardObject, $db){
 	}
 
 	function DB_insert_card($name, $mana_cost, $converted_mana_cost, $types, $card_text, $flavor_text, $power_toughness, $expansion, $rarity, $card_number, $artist, $db){
-		$result = $db->query( SQL_create_card($name, $mana_cost, $converted_mana_cost, $types, $card_text, $flavor_text, $power_toughness, $expansion, $rarity, $card_number, $artist) );
+		$result = $db->query( SQL_create_card($name, $mana_cost, $converted_mana_cost, $types, $card_text, $flavor_text, $power_toughness, $expansion, $rarity, $card_number, $artist, $db) );
 		if ($result){
 			$id = $db->insert_id;
 			return $id;
@@ -38,12 +38,26 @@ function DB_insert_card($name, $mana_cost, $converted_mana_cost, $types, $card_t
 			return false;
 		}
 	}
-	function SQL_create_card($name, $mana_cost, $converted_mana_cost, $types, $card_text, $flavor_text, $power_toughness, $expansion, $rarity, $card_number, $artist){
+	function SQL_create_card($name, $mana_cost, $converted_mana_cost, $types, $card_text, $flavor_text, $power_toughness, $expansion, $rarity, $card_number, $artist, $db){
 
 		global $CardTable;
 
+		$name = sqlString($name, $db);
+		$mana_cost = sqlString($mana_cost, $db);
+		$converted_mana_cost = sqlString($converted_mana_cost, $db);
+		$types = sqlString($types, $db);
+		$card_text = sqlString($card_text, $db);
+		$flavor_text = sqlString($flavor_text, $db);
+		$power_toughness = sqlString($power_toughness, $db);
+		$expansion = sqlString($expansion, $db);
+		$rarity = sqlString($rarity, $db);
+		$card_number = sqlString($card_number, $db);
+		$artist = sqlString($artist, $db);
+
+		/*
 		$card_text = addslashes($card_text);
 		$flavor_text = addslashes($flavor_text);
+		*/
 
 		$SQL = "insert into $CardTable(name, mana_cost, converted_mana_cost, types, card_text, flavor_text, power_toughness, expansion, rarity, card_number, artist)
 				values( '$name', '$mana_cost', '$converted_mana_cost', '$types', '$card_text', '$flavor_text', '$power_toughness', '$expansion', '$rarity', '$card_number', '$artist' );";

diff --git a/index.php b/index.php
@@ -61,6 +61,7 @@
 $cardObject["request_time"] = stopTiming() . " seconds";
 
 header('content-Type: application/json');
+header("Access-Control-Allow-Origin: *");
 echo json_encode($cardObject);
 
 ?>
diff --git a/interface.htm b/interface.htm
@@ -0,0 +1,80 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style type="text/css">
+body{
+	font-family: sans-serif;
+}
+#cardImage {
+	float: right;
+}
+input#name{
+	width: 50%;
+}
+</style>
+<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js"></script>
+<script type="text/javascript">
+function getCard(){
+	var cardName = $('#name').val();
+
+	$status = $('#status');
+	$status.text("Getting " + cardName + "...");
+	$status.show();
+
+	//Request card data from magic-api
+	$.get('http://stegriff.co.uk/host/magic/', { 'name' : cardName }, function(data){
+		var $panel = $('#results');
+
+		//Remove last card results
+		$panel.children().remove();
+
+		//Print out every returned attribute in a definition list
+		for(d in data){
+			//console.log(d, data[d]);
+			$panel.append("<dt>" + d + "</dt><dd>" + data[d] + "</dd>");
+		}
+		getImage(data.expansion, data.card_number);
+		$status.hide();
+	});
+}
+
+function getImage(magicApiExpansionName, cardId){
+	var baseUrl="http://magiccards.info/scans/en/"; // ... /rtr/31.jpg for example
+	var mcInfoExpansion = "";
+	//TODO Add more data here
+	switch (magicApiExpansionName){
+		case "Return to Ravnica":
+			mcInfoExpansion = "rtr";
+			break;
+		case "Gatecrash":
+			mcInfoExpansion = "gtc";
+			break;
+		case "Dragon's Maze":
+			mcInfoExpansion = 'dgm';
+			break;
+	}
+	var url = baseUrl + mcInfoExpansion + "/" + cardId + ".jpg";
+	console.log(url);
+	$("#cardImage").attr("src",url);
+}
+
+</script>
+<title>Magic Card Retriever</title>
+</head>
+<body>
+
+	<h1>Magic Card Retriever</h1>
+	<img id="cardImage">
+	<h2 id="status"></h2>
+
+	<form action="#">
+		<label>Card name:<input id="name"></label>
+		<input type="submit" value="Get card" onclick="getCard()">
+	</form>
+
+
+	<dl id="results"></dl>
+
+	<p><small>Card images only retrieved for RtR, GTC & DGM. Please modify Javascript getImage() to reach more images.</small></p>
+</body>
+</html>