...

View Full Version : inserting youtube embed code into mysql



Camron467
05-04-2009, 03:43 AM
I'm back again. I am writing a script where people submit a form with a video title, and the embed code to the video. I use mysql_real_escape_string() on my $_POST variables before entering them into my database.

I am worried how that might effect the embed html code. There will not be just youtube, but revver, metacafe, etc too.

Is there anything I need to do? Or can I go ahead and use mysql_real_escape_string()?

PS. I also have it to where they post the URL to the thumbnail of the video, will ICODE]mysql_real_escape_string()[/ICODE] do anything to the URL of it either?

Is there anyway to get php to automatically grab the thumbnail of the video using the embed code?

Thanks,
Camron

timgolding
05-04-2009, 05:14 AM
mysql_real_escape_string is fine for any string value to be inserted. This is the code i would use



$string = $_POST['embed_code']; //or whatever you called that post item
if ( function_exists('mysql_real_escape_string') )
$string = mysql_real_escape_string(stripslashes($string), $handler);
else
$string = addslashes(stripslashes($string));


This won't affect the value that goes into database.

To get a thumb you can easily get a smaller thumb with



$embed='<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/icIpOO7GnRk&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/icIpOO7GnRk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>';

preg_match('#v/(\w+)[&"]{1}#', $embed, $matches);
$code=$matches[1];

echo '<img src="http://i2.ytimg.com/vi/'.$code.'/default.jpg" alt="">';


Thats for a small thumb not sure about how to capture the first frame of the flash object.

bdl
05-04-2009, 05:17 AM
Have you read the PHP manual entry for mysql_real_escape_string() (http://www.php.net/mysql_real_escape_string)? It's important to understand what the function does and why you'd use it.

Generally speaking, you do want to escape all data targeting your database. An alternate method would be to use a database extension that allows you to make parameterized queries (i.e. MySQLi) and you don't have to be concerned about how the data is affected.

Camron467
05-05-2009, 03:39 AM
mysql_real_escape_string is fine for any string value to be inserted. This is the code i would use



$string = $_POST['embed_code']; //or whatever you called that post item
if ( function_exists('mysql_real_escape_string') )
$string = mysql_real_escape_string(stripslashes($string), $handler);
else
$string = addslashes(stripslashes($string));


This won't affect the value that goes into database.

To get a thumb you can easily get a smaller thumb with



$embed='<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/icIpOO7GnRk&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/icIpOO7GnRk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>';

preg_match('#v/(\w+)[&"]{1}#', $embed, $matches);
$code=$matches[1];

echo '<img src="http://i2.ytimg.com/vi/'.$code.'/default.jpg" alt="">';


Thats for a small thumb not sure about how to capture the first frame of the flash object.

Thanks, but when I try to run it it says that $handler is an undefined variable

timgolding
05-05-2009, 09:24 AM
Thanks, but when I try to run it it says that $handler is an undefined variable

handler is the link that is used for the connection to the database. I don't know what you called that link so i could only guess. You should look at your mysql_connect statement in your code and what ever you returned that function to is the connection link. e.g



$handler = mysql_connect('localhost', 'mysql_user', 'mysql_password');



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum