mysql - 存储嵌入代码(youtube、vimeo 等)
如何最好地存储嵌入的 html?
我能想到的唯一方法是:
获取嵌入的 html 并添加 id 所在的位置然后将其存储在数据库中并使用 Eval 来执行它。
或者
插入一个奇怪的字符组合作为标记,在 php 中用 id 替换。
How best to store the html for embedding?
the only ways I can think of are:
take the embed html and add <?php echo $var1; ?>
where the id's go then store it in the db and use Eval to execute it.
or
insert a strange combination of characters to act as a marker to be replaced in php by the id's.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
选项 #2 更安全 - 万一有人设法对您的数据库执行 SQL 注入攻击,他们就无法利用您的嵌入操作在服务器端执行注入的 PHP。他们最多希望的是网络钓鱼或 XSS 攻击。
另一种替代方法是以 XML 格式设置适当的数据,并将 XSLT 存储在数据库中,以将数据转换为正确的嵌入代码。对于您的情况来说,这可能有点过分了,但比上述任何一种方法都更具可扩展性并且更不容易出错。
编辑: XML 版本的骨架代码
XML
XSLT
PHP
这样做的好处是,您可以创建一个类来生成输入 XML,并且它可以包含您想要传递给
<嵌入>
标签。如果您不向 XSLT 添加处理指令来处理它们,它们将被默默地忽略。创建一个类来生成基本 XML,并为要显示的每种媒体类型创建一个子类,并且生成 XML 来传递转换应该很容易。Option #2 is much safer - just in case someone manages to execute a SQL injection attack against your DB, they can't then exploit your embedding operation to execute injected PHP on the server side. The best they could hope for would be a phishing or XSS attack.
Another alternative is to format the appropriate data in XML and store in the database an XSLT to transform the data into the right embed code. That's probably overkill for your case, but more scalable and less error-prone than either of the above.
EDIT: Skeleton code for XML version
XML
XSLT
PHP
The nice part about this is that you can create a class to generate the input XML, and it can contain all the parameters you want to pass to your
<embed>
tag. If you don't add processing instructions to your XSLT to handle them, they'll be silently ignored. Make one class to generate the basic XML, and a subclass per media type you want to display, and generating the XML to pass the transforms should be easy.为什么不直接存储 11 个字符的视频代码,然后在您想要嵌入该视频的任何位置构建 HTML?
看这个:
如何在 PHP 中嵌入 YouTube 视频?
Why not just store the 11-character video code and then build the HTML wherever you want to embed that video?
See this:
How to embed YouTube videos in PHP?