Reputation: 5586
How do I save a dynamically generated XML document to a database using PHP?
I can't seem to figure out how to save an XML file that I generated with the DOM objects to my database..
Here is my PHP:
$xmlraw = $doc->saveXML();
$xmlQuery=sprintf("INSERT INTO xmlTestTable (XMLString) VALUES ('%s')", $xmlraw);
$result = mysql_query($xmlQuery);
I also tried:
$xmlQuery=sprintf("INSERT INTO xmlTestTable (XMLString) VALUES ('%s')", $doc->saveXML());
$result = mysql_query($xmlQuery);
Where $doc is the XML Document I created.
I am able to see the XML output in my browser when I do this:
echo $doc->saveXML();
There are no errors being outputted or anything...
My MySQL Column that this is being injected into is 'Long Text'
Thank you in advance!!
Upvotes: 0
Views: 1677
Answers (2)
Reputation: 31078
Please escape the xml with mysql_real_escape_string - this will fix your problem, and it will save you from sql injection attacks.
Upvotes: 1
Reputation: 400972
First of all, you need to get the XML string, using, as you guessed, the saveXML() method :
$xmlraw = $doc->saveXML();
Then, you need to insert this value ; but you must escape it properly !
Escaping a string to inject it into an SQL query is something you'll do using the specific function that's provided by the API you're using to connect to your database -- as you are using mysql_* functions, you'll use mysql_real_escape_string()
$escapedString = mysql_real_escape_string($xmlraw);
Now, you have the string you can inject into your SQL query :
$query = "INSERT INTO xmlTestTable (XMLString) VALUES ('$escapedString')";
You can also use sprintf, like you did, of course.
Upvotes: 4
Related Questions
- How to save XML using PHP
- capture data from XML and save in database
- Generate and save XML file
- Create and Save XML file to Server Using PHP
- PHP read XML and write in Database
- Saving form data to an existing XML-file using PHP
- XML to MySQL with php
- Using PHP to generate an XML file
- generate XML and save it to disk issue
- Generate XML from PHP via SQL