Get Youtube id and parse Youtube Url

If you want to allow users to embed Youtube videos in a CMS you can’t allow them to include the complete Youtube embed or iframe Code.

Because of vulnerability of injecting an unwanted code, users can, in the worst case, shoot your site.

We can solve this problem by taking the Youtube url, the Youtube embed or iframe code, or only the Youtube id and wrap it into an Iframe with our specific dimensions.

Here is an PHP 5 function which extracts the Youtube Id from all different types of user-inputs. And i think its user save.

Possible Inputs

With these user-inputs we have to count with:

  • nKhheto4L6k
  • http://youtu.be/nKhheto4L6k
  • http://www.youtube.com/watch?v=nKhheto4L6k&feature=fvsr
  • http://www.youtube.com/user/Google?blend=2&ob=5#p/a/u/2/QP5szEn2dxs (Channel Code)
  • http://www.youtube.com/user/Google?#p/a/u/2/QP5szEn2dxs (other Channel Code)
  • <iframe width=“560″ height=“349″ src=“http://www.youtube.com/embed/QP5szEn2dxs?rel=0″ frameborder=“0″ allowfullscreen></iframe> (new embed code)
  • <object width=“560″ height=“349″><param value=“http://www.youtube.com/v/QP5szEn2dxs?version=3&amp;hl=de_DE&amp;rel=0″></param><param name=“allowFullScreen“ value=“true“></param><param name=“allowscriptaccess“ value=“always“></param><embed src=“http://www.youtube.com/v/QP5szEn2dxs?version=3&amp;hl=de_DE&amp;rel=0″ type=“application/x-shockwave-flash“ width=“560″ height=“349″ allowscriptaccess=“always“ allowfullscreen=“true“></embed></object> (old embed code)

I think thats actually all the ways you can get a ressource from youtube.

	/*
	 * Function to parse the id from all different types of Youtube Embed Codes and Youtube Urls
	 *
	 * @author Andreas Grundner
	 * @date 22.07.2011
	 * @licence freeware
	 * @param string youtube url, embed code, share code, channel code ...
	 * @return string youtube_id
	 */
	function getYoutubeId($sYoutubeUrl) {

		# set to zero
		$youtube_id = "";
		$sYoutubeUrl = trim($sYoutubeUrl);

		# the User entered only the eleven chars long id, Case 1
		if(strlen($sYoutubeUrl) === 11) {
			$youtube_id = $sYoutubeUrl;
			return $sYoutubeUrl;
		}

		# the User entered a Url
		else {

			# try to get all Cases
			if (preg_match('~(?:youtube.com/(?:user/.+/|(?:v|e(?:mbed)?)/|.*[?&]v=)|youtu.be/)([^"&?/ ]{11})~i', $sYoutubeUrl, $match)) {
		   		$youtube_id = $match[1];
		    	return $youtube_id;
			}
			# try to get some other channel codes, and fallback extractor
			elseif(preg_match('~http://www.youtube.com/v/([A-Za-z0-9-_]+).+?|embed/([0-9A-Za-z-_]{11})|watch?v=([0-9A-Za-z-_]{11})|#.*/([0-9A-Za-z-_]{11})~si', $sYoutubeUrl, $match)) {

				for ($i=1; $i<=4; $i++) {
					if (strlen($match[$i])==11) {
						$youtube_id = $match[$i];
						break;
					}
				}
				return $youtube_id;
			}
			else {
				$youtube_id = "No valid YoutubeId extracted";
				return $youtube_id;
			}
		}
	}

Last thing to do is, to get the Youtube id (this function returns it) and wrap it into a iframe, or a embed Code.

<iframe allowfullscreen="" frameborder="0" height="187" src="http://www.youtube.com/embed/' .  getYoutubeId($youtubeUrl) . '?rel=0&amp;wmode=transparent&amp;hd=1" title="YouTube video player" width="250"></iframe>

Now we have complete control over our embeded movies. So take it and have fun 🙂

Sei sozial und teile

Über den Autor Andreas Grundner

Ich bin Wordpress, Joomla, Typo3 Integrator, Unix Rootserver Administrator und Webanwendungsprogrammierer. Mittlerweile habe ich über 70 Webprojekte weitgehend selbstständig mit enger Kundenabsprache realisiert. Ich bin auf One Page Websites auf Wordpress-Basis spezialisiert, biete aber auch Suchmaschinenoptimierung (SEO), Blogs, Facebook, Youtube und Google+ Seiten an. Meine Verpflichtung gilt dem Datenschutz, meine Leidenschaft dem Finden und Aufzeigen von Sicherheitslücken in Webanwendungen.

5 Reaktionen zu Get Youtube id and parse Youtube Url

  1. James
    09.02.2013 at 20:05 · Antworten

    Can you provide a download link for your example(http://www.killoverhead.com/getYoutubeId.php)?

    • admin
      21.02.2013 at 22:22 ·

      Just copy the file from above!

  2. Koen
    24.04.2012 at 07:50 · Antworten

    Great! Thanks for the function!

  3. Nokdu
    17.08.2011 at 04:55 · Antworten

    Thank you for this code nice job!!

    • admin
      17.08.2011 at 17:55 ·

      You’re welcome!

Meinung sagen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.