Embed Audio , Video content into website

Question

csharplearner 1 Junior Poster in Training

15 Years Ago

Hi,

I am trying to embed audio/video content such as youtube links and playlists from imeem.com into my website for each user of their choice.

What are the measures to be taken to display $user_choice_video variable which is retrieved from database!? I am afraid there might be attacks if i dont take proper measures before displaying it and storing it in database. As htmlentities() will not let the video to display, what should i do to avoid any other code rather than audio/video content on the input?? Also what are the measures to be taken while storing the data into the database.

Any help, guidance is appreciated.

Thank you.

php

3 Contributors
5 Replies
101 Views
5 Months Discussion Span
Latest Post 15 Years Ago Latest Post by sarithak

cwarn23 387 Occupation: Genius

15 Years Ago

Well actually I would use htmlentities() to prevent any html from going into the database and at the same time use mysql_real_escape_string(). To help explain below is an example code for a youtube clip:

<object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/vWF4x01MkzE&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/vWF4x01MkzE&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object>

However the only piece of that you ever need to record into the mysql database is v/vWF4x01MkzE&hl=en&fs=1 Then you can validate and place that string into the 2 spots where it is needed within the common code. That is all of the code except that little url seems to stay the same with all the youtube scripts. That's how I would do it.

csharplearner commented: Thank you this is very useful information. I will work on this. +1

sarithak 0 Junior Poster

15 Years Ago

Well actually I would use htmlentities() to prevent any html from going into the database and at the same time use mysql_real_escape_string(). To help explain below is an example code for a youtube clip:
<object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/vWF4x01MkzE&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/vWF4x01MkzE&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object>
However the only piece of that you ever need to record into the mysql database is v/vWF4x01MkzE&hl=en&fs=1 Then you can validate and place that string into the 2 spots where it is needed within the common code. That is all of the code except that little url seems to stay the same with all the youtube scripts. That's how I would do it.

Hello sir,

The above code working fine ....

after clicking on the video, it is going to youtube website....but, i want to play my website itself...plz give me some suggestions regarding this...
thanks

Saritha..

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Thank you this is very useful information. I will work on this.

csharplearner 1 Junior Poster in Training · Answer 1 · 2009-04-29T19:10:30+00:00

Well actually I would use htmlentities() to prevent any html from going into the database and at the same time use mysql_real_escape_string(). To help explain below is an example code for a youtube clip:
<object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/vWF4x01MkzE&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/vWF4x01MkzE&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object>
However the only piece of that you ever need to record into the mysql database is v/vWF4x01MkzE&hl=en&fs=1 Then you can validate and place that string into the 2 spots where it is needed within the common code. That is all of the code except that little url seems to stay the same with all the youtube scripts. That's how I would do it.

Thank you this is very useful information. I will work on this.
But if i would like to leave choice to users to input their fav songs from any source then what would be the best approach?
Thanks in advance.

cwarn23 387 Occupation: Genius Team Colleague Featured Poster · Answer 2 · 2009-10-20T14:49:44+00:00

Well there are two options. You could try changing the previously mentioned youtube code which I think is called something like the "youtube video api" or you could host each video on your own site using a flv player like I have recently began to do. The best free flv player I have found a great flv player at http://flv-player.net/players/maxi/documentation/ Enjoy.

sarithak 0 Junior Poster · Answer 3 · 2009-10-20T16:18:33+00:00

Well there are two options. You could try changing the previously mentioned youtube code which I think is called something like the "youtube video api" or you could host each video on your own site using a flv player like I have recently began to do. The best free flv player I have found a great flv player at http://flv-player.net/players/maxi/documentation/ Enjoy.

Thank U Cwarn..... my client is not going to host all videos on his servre...so, no prob...

Thanks once again...