Home/ Questions/Q 3215114
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T15:08:24+00:00

I’m working on a website where members can post their own adsense banners onto

  • 0

I’m working on a website where members can post their own adsense banners onto the site. Initially I wanted to use the Adsense API to share revenues with users. (They would just have to enter their Adsense publisher ID) but I found out that I don’t meet the requirements to use the API.

My alternative is to allow users to submit their entire Adsense unit code which would look like,

<script type="text/javascript"><!--
google_ad_client = "pub-xxxxxxxx";
/* 300x250, created 10/4/10 */
google_ad_slot = "7431428552";
google_ad_width = 300;
google_ad_height = 250;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>

Is there a safe way to filter all that to make sure users don’t submit harmful code?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    An adsense client ID is a number. So make sure that it is a number by using ctype_digit. Note: ctype_digit() returns true if the string is empty. Use an additional == comparison if necessary.

    This should be done before putting it in the database. As it’s a number, and can’t be negative, I suggest you to use BIGINT UNSIGNED as datatype for your collumn. INT can’t be used because the ID is quite long. As an alternative, you can use VARCHAR.

    • 0