开发者

IE giving error on XML code embeded with PHP

问答 作者:

This code works fine on browsers other than IE.

echo "
<item>
<link>http://www.example.com/showrssdetails.php?id=".$row[recordid]."</link>
<guid isPermaLink=\"true\">http://www.example.com/showrssdetails.php.php?id=".$row[recordid]."</guid>
<title>".$row[company]."</title>
<description><! [CDATA[".$row[desiredcandidate]."]]></description>
<comments>http://www.example.com/showrssdetails.php.php?id=".$row[recordid]."#Comments</comments>
</item>";

IE gives error on line 6:

An invalid character was found in text content. Erro开发者_JAVA百科r processing resource 'http://example.com/job_listing_rssxml.php...

It should be

<![CDATA

not 

<! [CDATA

it finds the '>' at the end there and doesn't like it.

You also need to change all '"', '<' and '>' inside your php code snippet to html entities. You should do it this way:

...
<![CDATA[".htmlspecialchars($row['desiredcandidate'])."]]>
...

And get it back out like this:

htmlspecialchars_decode($string)


<title>".$row[company]."</title>

XML-injection if company can contain < or &. Use htmlspecialchars() to encode any text you append into markup. (It works just as well for XML as for HTML. htmlentities, on the other hand, wouldn't.)

<description><! [CDATA[".$row[desiredcandidate]."]]></description>

Stray space in the CDATA section, it should be <![CDATA[ ... ]]>. Note that ]]> is invalid on its own in text content.

Either way, CDATA sections aren't really helping you. It doesn't absolve you from the responsibilty of escaping your output: a string ]]> in the value would still break the well-formedness. CDATA sections are a hack for hand-authoring convenience, not generally something you'd put in machine-generated XML.

Given that you have to do some escaping anyway for this case, you are better off forgetting about CDATA and just doing it the normal way:

<description><?php echo htmlspecialchars($row['desiredcandidate']); ?></description>

(Or predefine a function with a short name like h() to do echo htmlspecialchars for you, to avoid so much typing.)

(Note: avoid using bare-word array indices. It's ambiguous, may fail in the future, and will generate NOTICEs.)

继续阅读:phpxml

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9