tags:

views:

59

answers:

1
+1  Q: 

Mysql Escape String Youtube Embed Code Not Working

I'm trying to do one thing and one thing only.

$embedCode = mysql_real_escape_string('<object width="270" height="227"><param name="movie" value="http://www.youtube.com/v/pz-VWi5-tGA?fs=1&amp;amp;hl=en_US&amp;amp;rel=0"&gt;&lt;/param&gt;&lt;param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/pz-VWi5-tGA?fs=1&amp;amp;hl=en_US&amp;amp;rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="270" height="227"></embed></object>');

now if I write...

echo 'CODE = ' . $embedCode;

I get...

CODE =

Nothin...

Thoughts?

EDIT:

Ok, so my intention isn't to just print $embedCode, it's to insert it into a database, but I'm getting a null value. I figured I'd be a smart ass and it backfired with my simplistic approach here. Anyway, the point is, It's not getting through my mysql query.

EDIT 2: I'm using wordpress' $wpdb object

function insert_video(){

    global $wpdb;
    $wpdb->show_errors();
    $table_name = $wpdb->prefix . "video_manager"; 

    $embedCode = mysql_real_escape_string('<object width="270" height="227"><param name="movie" value="http://www.youtube.com/v/pz-VWi5-tGA?fs=1&amp;amp;hl=en_US&amp;amp;rel=0"&gt;&lt;/param&gt;&lt;param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/pz-VWi5-tGA?fs=1&amp;amp;hl=en_US&amp;amp;rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="270" height="227"></embed></object>');
    $title  = 'this is my title'; 
    $description = 'this is my description';

    $wpdb->insert( $table_name, array( 'title' => mysql_real_escape_string($title), 'embed_code' => $embedCode, 'description' => mysql_real_escape_string($description) ) );

}

function get_video_block($id){
    insert_video();
    global $wpdb;
    $wpdb->show_errors();
    $table_name = $wpdb->prefix . "video_manager";
    $query = "SELECT * FROM " . $table_name . " WHERE `index` = '$id'"; 
    $results = $wpdb->get_results($query, ARRAY_A);


    $results = $results[0];

    $returnString = $results['title'] . '<br>';
    $returnString .= $results['embed_code'] . '<br>';
    $returnString .= $results['description'] . '<br>';

    return $returnString;

}

and getting the result:

this is my title<br><br>this is my description<br>
+1  A: 

You are printing your html alright. Right click and look at the source it should be there.

mysql_real_escape_string is not meant to escape html at all.

What happens if you look at the actual data in your table with phpmyadmin? If its not there then the problem is when you input that data in.

Ok so you escape it while writing it to the table are you using something else to sanytise that data^ Like strip_tags? Strip_tags would take all that html out.

Is it possible the wpdb_Class is cleaning that html out?

Yeah looking at codex.wordpress.org/Function_Reference/wpdb_Class you can just $wpdb->query('query') to run any query so just insert with that. If it works you are fixed.

Iznogood  2010-08-25 02:40:17
That's my issue. Is I'm not getting data into my database. I've written out my functions above in Edit:2. My initial question was a bit terse as I am a little frustrated. It was real nice having everyone jump on my back for it :P Anyway, that's all I can supply really. Thanks for your input.
Jascha  2010-08-25 02:53:36
Well everyone jumped on your back and you got to write a understandable question and you'll get an answer probably. :) I am looking at it myself.
Iznogood  2010-08-25 02:56:25
RE: "is it possibile"That's a great question. I bet they are. (I did see the embed code when I viewed the source, duh). I guess I could run my own query around them.
Jascha  2010-08-25 03:09:33
Yeah looking at http://codex.wordpress.org/Function_Reference/wpdb_Class you can just $wpdb->query('query') to run any query so just insert with that. If it works you are fixed.
Iznogood  2010-08-25 03:12:30
WOW!! you win. I guess reading the documentation would help my cause a bit http://codex.wordpress.org/Function_Reference/wpdb_Class#INSERT_rows apparently they don't want you to sanitize the data when you make use of their function. THANKS!
Jascha  2010-08-25 03:12:47
See what that good question got you in the end? Happy to have helped!
Iznogood  2010-08-25 03:15:03
haha, yes, you are right. Next time I'll take a deep breath before spewing nonsense at stackoverflow.
Jascha  2010-08-25 03:19:58

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases