开发者

Building a valid dynamic RSS feed using PHP that passes variables via GET

问答 作者:

Is it possible to create a valid dynamic RSS feed that passes a variable containing values that would be used to build a MySQL query and return the result as a feed?

This code will generate a feed:

<?php
$dbh = new PDO('mysql:host=127.0.0.1;dbname=local', 'local', 'local开发者_如何转开发');

$sql = 'SELECT * FROM table_name';

$open = <<<XMLHEAD
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/css" href="../_src/css/rss.css" ?>
<rss version="2.0">
<channel>
    <title>Test</title>
    <description>Test</description>
    <lastBuildDate>2011-05-20</lastBuildDate>
    <pubDate>2011-05-20</pubDate>
XMLHEAD;

echo $open;

// item
foreach ($dbh->query($sql) as $row) 
{
    echo $row['col1'] . ' ' . $row['col2'];
}

$dbh->exec();
$dbh = null;

$close = <<<XMLFOOT
    </channel>
</rss>
XMLFOOT;

echo $close;

header("Content-Type: application/rss+xml; charset=UTF-8");

?>

I just need to be able to pass something like http://localhost/feed.php?date=20110520

So that I can build this:

$d = $_POST['date'];

// Validate/clean here then set value
$date = $d;


$sql = 'SELECT * FROM table_name' where date=' . ''' . $date . ''';

Thanks!

Yes. RSS is just a data format like any other.

Your pseudo-code is vulnerable to SQL injection though, and you should build XML files using an XML library not by mashing strings together.

You can use Zend_Filter_Input to prevent sql injections

enter code here
          $filters = array(
        'page'  => array('HtmlEntities', 'StripTags', 'StringTrim'),
        'name'  => array('HtmlEntities', 'StripTags', 'StringTrim'),
        'val'   => array('HtmlEntities', 'StripTags', 'StringTrim'),
        'do'    => array('HtmlEntities', 'StripTags', 'StringTrim'),
        'obj'   => array('HtmlEntities', 'StripTags', 'StringTrim')
        );
    $validators = array(
        'page'      => array('Int'),
            'name'      => array(), 
            'val'   => array(), 
            'do'        => array(), 
            'obj'       => array()  
    );
    /* array('InArray', array('add', 'clear')), */

        $input = new Zend_Filter_Input($filters, $validators);
        $input->setData($this->getRequest()->getParams());`

You can also use Zend_Feed to generate feed from array

    foreach ($result as $r) {
        $output['entries'][] = array(
                'title' => $r['name'],
                'link'  => $this->apiBaseUrl.$r['name'].".mp3", 
                'description' => $answers,
                'lastUpdated' => ''
                );
        }  $feed = Zend_Feed::importArray($output, 'atom'); $feed->send();

继续阅读:phprss

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9