开发者

Right way to escape strings in PHP when making XML [duplicate]

问答 作者:
This question already has answers here: Closed 10 years ago.

Possible Duplicate:

How开发者_如何学Python do you make strings XML“safe”?

I am making xml and part of the code looks like this:

echo 'description="' .$description. '" ';

When there are apostrophes is the description variable, the code works fine, but when there are apostrophized, the code breaks.

What is the right way for me to escape the string so that it does not break the overall xml?

If some text breaks your XML code you should use CDATA.

Consider this code

  <?xml version="1.0" encoding="utf-8"?>
  <Result>
    <html>
      <p>
        Returning value
      </p>
    </html>
  </Result>

Should be rewrited to

  <?xml version="1.0" encoding="utf-8"?>
  <Result>
    <html>
      <![CDATA[<p>
        Returning value
      </p>]]>
    </html>
  </Result>

So data in <html> tag is treated as a string, otherwise <p> will be treated as XML tag (in first example)

I would avoid CDATA like the plague, especially if the contents of your XML is to be acted well upon. CDATA simply hides whatever it wraps away. I always use htmlentities() to make sure, although most often you'll get into trouble with ampersands. Also, you can't CDATA parameters, so the other suggestions doesn't address your problem.

Now, looking at your question it seems it is more about quotation characters in attributes. First, can you make a element rather than an attribute? The reason is of course that a descriptions have a higher risk of having all sorts of characters in them, and hence would be better treated as pure text without the perils of XML parsing.

Having said that, one could always try ;

echo 'description="' .str_replace ( array('"',"'"), '&quot;', $description) . '" ';

And of course if useful, wrap it in a function.

You can use either CDATA or HTML escape characters. CDATA might be an easier approach, as your code would universally escape all characters and look like this: 

<tag><![CDATA[your data here]]></tag>

http://en.wikipedia.org/wiki/XML#Escaping http://en.wikipedia.org/wiki/CDATA http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9