I am creating an ad-type website where members fill out a form with information for their ad and then it is stored in a mysql database where I can pull it up later. I don't have a ton of experience with php and mysql and I only know of a few ways to sterilize the data from the form. The form uses POST. I know how to sterilize data with mysql real escape string and preg match. This works for most of my fields, however I am looking into allowing people to include pictures and videos. So here are my questions:
1.In your opinion would it be best to require the member to first upload the image/video onto a photo/video hosting website and then have them enter a link to the image/video which I would then store and use later to embed the photo/video in the ad? (The advantage I can see to this would be that the photo/video hosting sites would make sure that the content was not harmful and it would save me money. The disadvantage I can see would be customers having to go to a different site to upload photos/videos for their ads)
2.I'm not sure how to go about sterilizing the links to the videos/photos before storing them in my database. I don't want to allow someone to enter harmful content.
To show an example of the methods I know how to use when it comes to sterilizing data here is an example of how I would sterilize a first name in the variable $firstname.
DATABASE CONNECTION and OTHER CODE...
die("You did not enter a valid first name.");