Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15

Thread: Embed Help

  1. #1
    New Coder
    Join Date
    Aug 2011
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Lightbulb Embed Help

    Hey everyone, well I want my users to be able to embed something on their profile. But, i heard that someone can do a mysql injection, if the embed the right thing. How would i prevent that. I want my users to be able to embed this music player, in sort of a form. Then, after they submit it, that form displays the player. But, apparently, users can put a php code in it and ruin the site. Any ideas on how to prevent it?

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    What music player?

    You embed the music player yourself.
    They either provide the MP3, or the links to them.


    .

  • #3
    New Coder
    Join Date
    Aug 2011
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    No, i want the user to be able to embed their own music player, with their own music. There is a website that I am going to iframe, then they fill all the things out, with their favorite music, they take the embed code, past it into there, and there it is. Only thing is, i think people can hack my website from that, by putting in there own code

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    I still don't understand ...

    Why isn't it like this ...
    You provide the music player itself ... they provide the music.

    Why would you let someone embed their own music player on your website?
    Is this something you are providing for their website?

    And how do all the MP3 files get handled?


    .

  • #5
    New Coder
    Join Date
    Aug 2011
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    No i provide the music player, they fill out a form with their favorite music, their music player skin, ect. Then it spits out an embed code, and they embed that.

  • #6
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    The term "embed", to me, means you are giving them code to embed into their own website.

    If you're just giving them a web page to display in their own <iframe>, there's no
    security issues with that.


    .

  • #7
    New Coder
    Join Date
    Aug 2011
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    They embed that code that it spits out, into this other form on the edit profile options. They put the embed code into the form, and boom, its on their profile. The only problem is, I dont want them to put stuff php code or mysql strings that can hack my website, into this embed form

  • #8
    New Coder
    Join Date
    Aug 2011
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok so picture this. There is an edit profile page, with an iframe to a custom music player website, and above that is this form. They use the iframe, like they are on the website, fill out all the information, like the songs they wanna put on their playlist, ect. Well after they fill out that form, it gives them an embed code, that they can paste into the form they have above the iframe.

  • #9
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    So, you have a website that provides the users with sort of their own web page
    that they can customize? Is that what is happening?

  • #10
    New Coder
    Join Date
    Aug 2011
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    With sort of their own music player, not web page

  • #11
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    Is their music player like a Flash player?
    So they can install any sort of player they want, even one they create themselves?


    .

  • #12
    New Coder
    Join Date
    Aug 2011
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Whateever has an embed code, i guess. But i wanna limit it to only this one embed code, which is this music player. Also with security

  • #13
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    I apologize that I just don't understand your project.
    Maybe someone else might be able to figure this out.
    I really hate to give you any wrong answers or misleading information.

    I would never let anyone upload a script, or Flash Player into my website.
    If that's what is going to happen, then I guess I would say "don't do it".


    .

  • #14
    New Coder
    Join Date
    Aug 2011
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    k let me explain this simpler. Like would u allow someone to embed a video onto ur users profile? Thats basically what im doing, but its not a video, its a widget. Basically a profile widget

  • #15
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    You need to provide the widget they are inserting into their profile page.
    You can't let them upload scripts to your site. Not even a Flash script.

    You create a widget that plays MP3 music files (a playlist).
    That widget might be a Flash player, or whatever you use.
    They insert THAT widget ... from your site.

    When they edit their profile, they should not see any scripting for that widget.
    You can't let them edit any PHP scripting, or have any visible scripting.

    They then can upload MP3 files to a directory ... which becomes the playlist.

    Why can't they use YOUR music player?
    It's your website.



    .


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •