Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Feb 2009
    Location
    Texas
    Posts
    56
    Thanks
    6
    Thanked 3 Times in 3 Posts

    inserting youtube embed code into mysql

    I'm back again. I am writing a script where people submit a form with a video title, and the embed code to the video. I use mysql_real_escape_string() on my $_POST variables before entering them into my database.

    I am worried how that might effect the embed html code. There will not be just youtube, but revver, metacafe, etc too.

    Is there anything I need to do? Or can I go ahead and use mysql_real_escape_string()?

    PS. I also have it to where they post the URL to the thumbnail of the video, will ICODE]mysql_real_escape_string()[/ICODE] do anything to the URL of it either?

    Is there anyway to get php to automatically grab the thumbnail of the video using the embed code?

    Thanks,
    Camron
    Free PSD to XHTML/CSS conversion - Dimby.net
    Which doctype should I use?

  • #2
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Location
    Southampton
    Posts
    1,519
    Thanks
    114
    Thanked 110 Times in 109 Posts
    mysql_real_escape_string is fine for any string value to be inserted. This is the code i would use

    PHP Code:
    $string $_POST['embed_code']; //or whatever you called that post item
    if ( function_exists('mysql_real_escape_string') )
        
    $string mysql_real_escape_string(stripslashes($string), $handler);
    else 
        
    $string addslashes(stripslashes($string)); 
    This won't affect the value that goes into database.

    To get a thumb you can easily get a smaller thumb with

    PHP Code:
    $embed='<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/icIpOO7GnRk&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/icIpOO7GnRk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>';

    preg_match('#v/(\w+)[&"]{1}#'$embed$matches);
    $code=$matches[1];

    echo 
    '<img src="http://i2.ytimg.com/vi/'.$code.'/default.jpg" alt="">'
    Thats for a small thumb not sure about how to capture the first frame of the flash object.
    You can not say you know how to do something, until you can teach it to someone else.

  • #3
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Have you read the PHP manual entry for mysql_real_escape_string()? It's important to understand what the function does and why you'd use it.

    Generally speaking, you do want to escape all data targeting your database. An alternate method would be to use a database extension that allows you to make parameterized queries (i.e. MySQLi) and you don't have to be concerned about how the data is affected.

  • #4
    New Coder
    Join Date
    Feb 2009
    Location
    Texas
    Posts
    56
    Thanks
    6
    Thanked 3 Times in 3 Posts
    Quote Originally Posted by timgolding View Post
    mysql_real_escape_string is fine for any string value to be inserted. This is the code i would use

    PHP Code:
    $string $_POST['embed_code']; //or whatever you called that post item
    if ( function_exists('mysql_real_escape_string') )
        
    $string mysql_real_escape_string(stripslashes($string), $handler);
    else 
        
    $string addslashes(stripslashes($string)); 
    This won't affect the value that goes into database.

    To get a thumb you can easily get a smaller thumb with

    PHP Code:
    $embed='<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/icIpOO7GnRk&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/icIpOO7GnRk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>';

    preg_match('#v/(\w+)[&"]{1}#'$embed$matches);
    $code=$matches[1];

    echo 
    '<img src="http://i2.ytimg.com/vi/'.$code.'/default.jpg" alt="">'
    Thats for a small thumb not sure about how to capture the first frame of the flash object.
    Thanks, but when I try to run it it says that $handler is an undefined variable
    Free PSD to XHTML/CSS conversion - Dimby.net
    Which doctype should I use?

  • #5
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Location
    Southampton
    Posts
    1,519
    Thanks
    114
    Thanked 110 Times in 109 Posts
    Quote Originally Posted by Camron467 View Post
    Thanks, but when I try to run it it says that $handler is an undefined variable
    handler is the link that is used for the connection to the database. I don't know what you called that link so i could only guess. You should look at your mysql_connect statement in your code and what ever you returned that function to is the connection link. e.g

    PHP Code:
    $handler mysql_connect('localhost''mysql_user''mysql_password'); 
    You can not say you know how to do something, until you can teach it to someone else.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •