But this post is old and thought it would be good to start a new one.
Here is what I am trying to do. I have a gaming site where user can create accounts. I would like to add a streamer button to their profile for those gamers who stream their games.
The streaming sites have embed codes but my concern is letting users add code to the database. I do mysql_escape_string before adding anything to the database but I am still concerned about security.
Are there other precautions I need or should take?
Streaming sites will provide you with embedding code, so you can simply have the user select a dropdown for the type of streaming they use, input their username (or IP, if they’re doing webcam feeding somehow), and let the site create the embed.
You will need to sanitize the input still, but a general convention holds true; a user should never need a space character. A user should never need a quotation mark, or anything like that. In fact, to my mind, AlphaNum + . should cover it…
I assume I would use preg_match to do this? I have never been good at writing expression. Are there any websites you would recommend on writing expressions.