jerrygarciuh
Reputation: 21988
Make user input safe for XML
What is the best practice for generating valid XML with PHP from user submitted text, e.g. eCommerce sales data with ampersands, angle brackets, non-ascii accent characters, new lines etc etc.
What functions, libraries, regexes do folks rely on?
Upvotes: 5
Views: 313
Answers (4)
hakre
Reputation: 197658
If you want binary safeness, then you need to use an additional transport encoding. For example you can use base64 or uuencode to store the data in a binary safe fashion inside an XML chunk.
Upvotes: 1
Steve Robbins
Reputation: 13812
Wrap information in CDATA tags and encode data with htmlentities()
'<tag><![CDATA[' . htmlentities($theData) . ']]></tag>'
Or using DOM
$dom = new DOMDocument("1.0", "utf-8");
/* ... */
$dom->createCDATASection(htmlentities($theData));
Upvotes: 4
Related Questions
- eliminating special character issue in php/xml
- How to deal with XML which has illegal characters
- Encode &rsquo; to be XML safe
- xml version 1.0 encoding utf-8 in php?
- XML character encoding issue with PHP
- decoding/encoding of special characters in XML
- How to clean a form field for an XML Attribute that will contain valid UTF8 characters?
- how to handle all special characters in HTML/php form that outputs to XML
- Include XML encoding in PHP
- XML encoding safe?