I will be using a form to input embedded video code into a form field so it can be stored into a MYSQL database. The iframe scrolling, width, height, frame border, and src should not be stored in the database. How can I use the php preg_match function to remove iframe scrolling, width, height, frame border,and src out of embedded video code. I only want the URL id to video. How can I store only the link to the embedded video and not all its attributes? This is the code:
<?php
$servername = "localhost";
$username = "root";
$password = "";
// Create connection
$conn = mysqli_connect($servername, $username, $password);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if(!mysqli_select_db($conn,'tutorial'))
{
echo 'Database not selected';
}
$title = test_input($_POST['title']);
$embedded_video = test_input($_POST['embedded_video']);
//I want preg_match to remove, src, iframe scrolling, width, height, and frameborder out of embeded code
if (preg_match(%^(src)"/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$embedded_video)) {
//puting the URL of video in database
$sql = "INSERT INTO person(title,embedded_video) VALUES ('$title', '$embedded_video')";
}
}
if(!mysqli_query($conn, $sql))
{
echo "Not inserted";
}
else {
echo "INSERT";
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<!DOCTYPE html>
<html>
<body>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<input type="text" name="title" >
<br>
Embedded video:<br>
<input type="text" name="embedded_video">
<br><br>
<input type="submit" value="Insert">
</form>
</body>
</html>
You can give preg_match() a third variable, an array(). This will store the match on the first index and any part matches in the other indices.
I think this will be your solution:
if (preg_match(%^(src)"/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i", $embedded_video, $matches)) {
//puting the URL of video in database
$sql = "INSERT INTO person(title,embedded_video) VALUES ('" . $title . "', '" . $matches[0] . "')";
}
(You used an } too much after this if statement!)
For further reference: http://php.net/manual/en/function.preg-match.php