Greetings community,
I need to post google maps provided embed link. Looks something like this below.
embed code save when I delete open and close tags.
Seems I need to use PHPs preg_replace. Having a hard time figuring out how to incorporate this into the form submit flow. Any advice is appreicated.
post google maps iframe to mysql
2 years ago
2 years ago
#1
2 years ago
#2
Not entirely sure what you are trying to do. Your preg_replace replaces the entire iframe, and you probably could have done that with strip_tags so I'm guessing this is not the intended result.
Can you describe the input and the intended output?
Maybe you want to replace the value of the src attribute with that Google maps link? Or do you want to get that Google maps link out of the src attribute?
Can you describe the input and the intended output?
Maybe you want to replace the value of the src attribute with that Google maps link? Or do you want to get that Google maps link out of the src attribute?
2 years ago
#3
I need to post an iframe to database.
I have realized I struggle to communicate with web developers and am only in PHP for 6 months now. I am sorry for that.
I am trying to post(submit) an iframe to a table via a html form using Trongate(get_data_from_post method).
I do not want to alter anything, it seems I am required to.
Apparently raw iframes cannot be submitted as is into database since Modsecurity reasonably blocks them.
I do not want to strip all tags from the iframe embed code just the beginning and if needed the end .
this is where I left off recently
A member should be able to post a google maps embed code in their profile and than view that iframe , not the link but the actual iframe.
I have realized I struggle to communicate with web developers and am only in PHP for 6 months now. I am sorry for that.
I am trying to post(submit) an iframe to a table via a html form using Trongate(get_data_from_post method).
I do not want to alter anything, it seems I am required to.
Apparently raw iframes cannot be submitted as is into database since Modsecurity reasonably blocks them.
I do not want to strip all tags from the iframe embed code just the beginning and if needed the end .
this is where I left off recently
A member should be able to post a google maps embed code in their profile and than view that iframe , not the link but the actual iframe.
2 years ago
#4
The iframe embed code is a string that can be sent to the database as it is. The "problem" occurs when you send it back to the browser. Normally such output is escaped, so that the user can't insert malicious code. But in your case the output should be raw.
User input should never be trusted. So you would have to make sure that the Google Maps embed code really is 100% proper Google Maps embed code. Alternatively you could try to parse the attributes and build a new link yourself. Parsing the attributes can be done with regular expressions (difficult), with the DOMDocument library (overkill? nice to know this library though), or by using strpos (easy). Maybe use extract_content from Trongate's string_helper.php.
Or ask for the attributes directly. You would need multiple input fields. Source, width, height, allowfullscreen, etc. It's less user friendly though.
I would extract the source from the embed code by using strpos (or extract_content). Then I would sanitize the querystring, in other words the part after https://www.google.com/maps/embed?
You could use Trongate's out function for this. The important thing is that the user can't break out of the iframe by inserting a double quote.
Btw, don't worry about "miscommunication". A little back and forth is expected.
User input should never be trusted. So you would have to make sure that the Google Maps embed code really is 100% proper Google Maps embed code. Alternatively you could try to parse the attributes and build a new link yourself. Parsing the attributes can be done with regular expressions (difficult), with the DOMDocument library (overkill? nice to know this library though), or by using strpos (easy). Maybe use extract_content from Trongate's string_helper.php.
Or ask for the attributes directly. You would need multiple input fields. Source, width, height, allowfullscreen, etc. It's less user friendly though.
I would extract the source from the embed code by using strpos (or extract_content). Then I would sanitize the querystring, in other words the part after https://www.google.com/maps/embed?
You could use Trongate's out function for this. The important thing is that the user can't break out of the iframe by inserting a double quote.
Btw, don't worry about "miscommunication". A little back and forth is expected.
2 years ago
#5
Edited this comment to say thank you for the solutions and ideas. Restructuring life right now but this should get me on track .
Thank you Thank you for taking the time. Hope this helps others who need to safely submit an iframe to database.
Thank you Thank you for taking the time. Hope this helps others who need to safely submit an iframe to database.
2 years ago
#6
Hi Fin,
Doranov is spot on with his last post - here is some example code I whipped up showing 3 ways to get the ?pb= Get parameter from the iFrame URL string so it can be saved to your database. Then you can reconstruct it into an iFrame for your view fileAlways remember to sanitize your string to avoid SQL or JavaScript injection
Doranov is spot on with his last post - here is some example code I whipped up showing 3 ways to get the ?pb= Get parameter from the iFrame URL string so it can be saved to your database. Then you can reconstruct it into an iFrame for your view fileAlways remember to sanitize your string to avoid SQL or JavaScript injection