Organizational Research By

Surprising Reserch Topic

how do you make strings xmlsafe using -'php,xml,cakephp'


how do you make strings xmlsafe  using -'php,xml,cakephp'

I am responding to an AJAX call by sending it an XML document through PHP echos.  In order to form this XML document, I loop through the records of a database.  The problem is that the database includes records that have '<' symbols in them.  So naturally, the browser throws an error at that particular spot.  How can this be fixed?
    

asked Sep 8, 2015 by rajesh
0 votes
4 views



Related Hot Questions

6 Answers

0 votes
By either escaping those characters with htmlspecialchars, or, perhaps more appropriately, using a library for building XML documents, such as DOMDocument or XMLWriter. Another alternative would be to use CDATA sections, but then you'd have to look out for occurrences of ]]>. Take also into consideration that that you must respect the encoding you define for the XML document (by default UTF-8).
answered Sep 8, 2015 by rajesh
0 votes
1) You can wrap your text as CDATA like this: <mytag> <![CDATA[Your text goes here. Btw: 5<6 and 6>5]]> </mytag> see http://www.w3schools.com/xml/xml_cdata.asp 2) As already someone said: Escape those chars. E.g. like so: 5&lt;6 and 6&gt;5
answered Sep 8, 2015 by rajesh
0 votes
Since PHP 5.4 you can use: htmlspecialchars($string, ENT_XML1) You may need to specify the encoding, such as: htmlspecialchars($string, ENT_XML1, 'UTF-8')
answered Sep 8, 2015 by rajesh
0 votes
If at all possible, its always a good idea to create your XML using the XML classes rather than string manipulation - one of the benefits being that the classes will automatically escape characters as needed.
answered Sep 8, 2015 by rajesh
0 votes
Try this: $str = htmlentities($str,ENT_QUOTES,'UTF-8'); So, after filtering your data using htmlentities() function, you can use the data in XML tag like: <mytag>$str</mytag>
answered Sep 8, 2015 by rajesh
0 votes
Adding this in case it helps someone. As I am working with Japanese characters, encoding has also been set appropriately. However, from time to time, I find that htmlentities and htmlspecialchars are not sufficient. Some user inputs contain special characters that are not stripped by the above functions. In those cases I have to do this: preg_replace('/[\x00-\x1f]/','',htmlspecialchars($string)) This will also remove certain xml-unsafe control characters like Null character or EOT. You can use this table to determine which characters you wish to omit.
answered Sep 8, 2015 by rajesh

...