Embed Youtube code in .htm

Tim Dobson · 08-08-2010, 06:10 PM

Ok so im working on this site... it all works well i have the add youtube script etc...

It uses highslide to view the video on site so the file where the youtube video inbeds i am using is .htm

So i have made a script that allows the website owner to add his videos using a simple layout and it creates a .htm file in the spcified location using the episode number and .htm extension

Anyway i have a text field form where he inserts the Episode name number and the youtube embed code and it all adds but i run in to an issue and now i am clueless

Youtube embed code:

HTML Code:

<object width="480" height="385"><param name="movie" value="http://www.youtube.com/v/nvNuc9isOeU&amp;hl=en_GB&amp;fs=1?color1=0x234900&amp;color2=0x4e9e00"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/nvNuc9isOeU&amp;hl=en_GB&amp;fs=1?color1=0x234900&amp;color2=0x4e9e00" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object>

so we have the embed code and submit is pushed which takes us to the add script

PHP Code:


			
$epnumb = $_REQUEST["epnum"];

$epembedcode = $_REQUEST["epcode"];

//lets right to the new .htm file start off fresh to save confusion

$myFile = '../../highslide/eps/ep' . $epnumb . '.htm';

$fh = fopen($myFile, 'a') or die("can't open file");

$stringData = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

    <title>Included content</title>

    <style type="text/css">

        p {

            font-family: "Trebuchet MS", Arial, sans-serif;

            font-size: 10pt;

        }

        h3 {

            font-family: "Trebuchet MS", Arial, sans-serif;

            color: #666;

        }

    </style>

</head><body style="margin:0;padding:0">

<p>' . $epembedcode . '</p>

</body>

</html>';

Now this does what its meant to do it creates the new file on server and writes to it, however the youtube embed code comes out like this in the actualy htm file

HTML Code:

<p><object width=\"480\" height=\"385\"><param name=\"movie\" value=\"http://www.youtube.com/v/nvNuc9isOeU&amp;hl=en_GB&amp;fs=1?color1=0x234900&amp;color2=0x4e9e00\"></param><param name=\"allowFullScreen\" value=\"true\"></param><param name=\"allowscriptaccess\" value=\"always\"></param><embed src=\"http://www.youtube.com/v/nvNuc9isOeU&amp;hl=en_GB&amp;fs=1?color1=0x234900&amp;color2=0x4e9e00\" type=\"application/x-shockwave-flash\" allowscriptaccess=\"always\" allowfullscreen=\"true\" width=\"480\" height=\"385\"></embed></object></p>

adding backslashes and bla bla bla and now im lost... why does this do such and thing and how would i fix it?

Thanks

delayedinsanity · 08-08-2010, 06:43 PM

Seems like the most likely cause is magic_quotes_gpc (thank gosh they finally decided to deprecate and get rid of this k to the rap). Check if you have it running either in your php.ini, via phpinfo(); or get_magic_quotes_runtime() (alternatively check gpc as well). If you do, turn it off, and never ever think about turning it back on (security is our responsibility and relying on the parser to do it for us is bad coding).

Tim Dobson · 08-09-2010, 08:41 AM

Well i did look in to this. 500 internal server error from a .htaccess so i looked in the mod_rewrite and as far as i know my server does not have this enabled. Dont have access to the .ini file unfortunatly is there no other alternative? or would i be better off contacting my host?

delayedinsanity · 08-09-2010, 03:40 PM

Who's your host? A lot of the shared hosts now-a-days offer directory based php.ini, though some of them don't advertise it. Try grabbing a copy for your version of PHP and putting it in your root folder. Run a file with a phpinfo() in it to see if the changes take effect.

Alternatively handle it within your script;

php Code:

$epnumb = stripslashes( $_REQUEST["epnum"] );
$epembedcode = stripslashes( $_REQUEST["epcode"] );

There are also two excellent examples of handling the entire group of superglobals posted in the first two comments at the bottom of http://us.php.net/manual/en/function...quotes-gpc.php of which I won't repost here so the original authors get credit where credit is due. :)