Mysql Escape String Youtube Embed Code Not Working
https://stackoverflow.com/questions/3562480
-
01-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to do one thing and one thing only.
$embedCode = mysql_real_escape_string('<object width="270" height="227"><param name="movie" value="http://www.youtube.com/v/pz-VWi5-tGA?fs=1&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/pz-VWi5-tGA?fs=1&hl=en_US&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="270" height="227"></embed></object>');
now if I write...
echo 'CODE = ' . $embedCode;
I get...
CODE =
Nothin...
Thoughts?
EDIT:
Ok, so my intention isn't to just print $embedCode, it's to insert it into a database, but I'm getting a null value. I figured I'd be a smart ass and it backfired with my simplistic approach here. Anyway, the point is, It's not getting through my mysql query.
EDIT 2: I'm using wordpress' $wpdb object
function insert_video(){
global $wpdb;
$wpdb->show_errors();
$table_name = $wpdb->prefix . "video_manager";
$embedCode = mysql_real_escape_string('<object width="270" height="227"><param name="movie" value="http://www.youtube.com/v/pz-VWi5-tGA?fs=1&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/pz-VWi5-tGA?fs=1&hl=en_US&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="270" height="227"></embed></object>');
$title = 'this is my title';
$description = 'this is my description';
$wpdb->insert( $table_name, array( 'title' => mysql_real_escape_string($title), 'embed_code' => $embedCode, 'description' => mysql_real_escape_string($description) ) );
}
function get_video_block($id){
insert_video();
global $wpdb;
$wpdb->show_errors();
$table_name = $wpdb->prefix . "video_manager";
$query = "SELECT * FROM " . $table_name . " WHERE `index` = '$id'";
$results = $wpdb->get_results($query, ARRAY_A);
$results = $results[0];
$returnString = $results['title'] . '<br>';
$returnString .= $results['embed_code'] . '<br>';
$returnString .= $results['description'] . '<br>';
return $returnString;
}
and getting the result:
this is my title<br><br>this is my description<br>
Solution
You are printing your html alright. Right click and look at the source it should be there.
mysql_real_escape_string is not meant to escape html at all.
What happens if you look at the actual data in your table with phpmyadmin? If its not there then the problem is when you input that data in.
Ok so you escape it while writing it to the table are you using something else to sanytise that data^ Like strip_tags? Strip_tags would take all that html out.
Is it possible the wpdb_Class is cleaning that html out?
Yeah looking at codex.wordpress.org/Function_Reference/wpdb_Class you can just $wpdb->query('query') to run any query so just insert with that. If it works you are fixed.
